[webkit-dev] How does the Javascript garbage collection work?
Zoltan Herczeg
zherczeg at inf.u-szeged.hu
Thu Sep 11 13:23:48 PDT 2008
> On Sep 11, 2008, at 10:57 AM, Josh Chia (���) wrote:
>
>> Is it possible for a "false positive" on the stack to prevent an
>> object from being collected even after calling collect() multiple
>> times?
>
> Sure. That's always theoretically possible with conservative garbage
> collection. But in practice this is unlikely and it is almost
> certainly not a practical problem.
>
> In my experience so far, when diagnosing a problem where an object was
> not collected, it has always been due to another cause.
We have alread tried to find out whether it is possible to any JavaScript
program to prevent freeing unused objects. It seems the non-pointer
integer constants stored in the Register array are too small to accomplish
this task which means it is not possible to make harmful JavaScript
programs, which causes memory overflow only in WebKit based browsers.
Cheers,
Zoltan
More information about the webkit-dev
mailing list