Closed Bug 1238456 Opened 8 years ago Closed 2 years ago

RegExp.prototype.exec leak

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: stefan.penner, Unassigned)

References

(Depends on 1 open bug)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

Steps to reproduce:

cross-post: https://bugs.chromium.org/p/v8/issues/detail?id=4656

This issue also seems to affect FF, as the exact script had the same issues when run in JXCore.

A pure JS reproduction is as follows:

```
(function() {
  var count = 0;
  var pattern = /a(.*)z/gi;
  var log_ = "abcdefghijklmnopqrstuvwxyz\n";
  while (log_.length < (1 << 25)) log_ += log_;
  var log = {
    toString: function() {
      return log_.toUpperCase();
    }
  };

  var entries = [];
  var match;

  while (match = pattern.exec(log)) {
    var name = match[1];
    entries.push(name);
    console.log(entries.length);
  }
})();
```


Actual results:

Memory grows unbounded


Expected results:

Memory usage should be stable
Product: Firefox → Core
Component: Untriaged → JavaScript Engine
The V8 bug has some more info: https://bugs.chromium.org/p/v8/issues/detail?id=4656

It sounds like engines are creating a lot of dependent strings, keeping some large strings alive...
Flags: needinfo?(hv1989)
Ugh sorry. Set the NI before I read the V8 bug report.
Flags: needinfo?(hv1989)
See also bug 727615. According to bug 1058653 comment 2, Java no longer uses dependent strings due to similar 'leaks'.
Depends on: 727615

Profiled the the test case: today we get a nice bounded memory stairstep.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.