[Webkit-unassigned] [Bug 14771] Mostly reproducible crash in modified celtickane benchmark

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jul 29 08:48:00 PDT 2007


------- Comment #6 from bdash at webkit.org  2007-07-29 08:47 PDT -------
I've been doing some work on a related bug over the last few days.  The crash
seen here is a result of multiple issues.

The issue that John's patch aims to address is that the repeated slicing and
concatenation which should result in the strings memory usage remaining more or
less constant currently leads to linear growth in memory usage.  This is
because we are too aggressive in sharing the underlying string representation. 
In the test cases mentioned in this bug report we end up with a 150 character
string sitting at the end of a several hundred MB string representation
(KJS::UString::Rep) with the large area before it now unused.

The fact that we hit a crash at all is due to the fact that many places in the
UString implementation assume that fastMalloc/fastRealloc will never fail. 
When you're dealing with string representations that are several hundred MBs in
size, this is an unsafe assumption.  Updating UString to deal with this
gracefully is being tracked by <rdar://problem/5352887>.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list