[Webkit-unassigned] [Bug 136772] New: Safari on iOS 8 Crashes from lack of GC
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 11 22:53:41 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=136772
Summary: Safari on iOS 8 Crashes from lack of GC
Product: WebKit
Version: 528+ (Nightly build)
Platform: iOS
URL: https://gist.github.com/kuu/778932bdb48ca2bb7988
OS/Version: Other
Status: NEW
Severity: Critical
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: parrott.jason at gmail.com
Created an attachment (id=238016)
--> (https://bugs.webkit.org/attachment.cgi?id=238016&action=review)
Crash log
On the most recent build of iOS 8 (currently the GM release) Safari's tab process will crash when creating arrays (and possibly other regular objects as well).
It seems that objects that no longer have references are not getting garbage collected and memory runs out.
The attached URL will show how to crash it in an easy to understand manner. In this example a large array is created and setTimeout is called on the same function again. The large array in the old function should be gone when the setTimeout's call happens, yet when another array of that size is allocated the tab crashes with the attached crash log.
The point of this is that things are not getting garbage collected it seems. You do not need a setTimeout. You could have a lot of allocations while nulling the previous arrays inline in a row and the crash will still occur. The size also doesn't seem to matter, just as long as the total amount of memory used in the end is more than the system has available.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list