Closed
Bug 1238456
Opened 8 years ago
Closed 2 years ago
RegExp.prototype.exec leak
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: stefan.penner, Unassigned)
References
(Depends on 1 open bug)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 Steps to reproduce: cross-post: https://bugs.chromium.org/p/v8/issues/detail?id=4656 This issue also seems to affect FF, as the exact script had the same issues when run in JXCore. A pure JS reproduction is as follows: ``` (function() { var count = 0; var pattern = /a(.*)z/gi; var log_ = "abcdefghijklmnopqrstuvwxyz\n"; while (log_.length < (1 << 25)) log_ += log_; var log = { toString: function() { return log_.toUpperCase(); } }; var entries = []; var match; while (match = pattern.exec(log)) { var name = match[1]; entries.push(name); console.log(entries.length); } })(); ``` Actual results: Memory grows unbounded Expected results: Memory usage should be stable
Updated•8 years ago
|
Component: Untriaged → JavaScript Engine
Comment 1•8 years ago
|
||
The V8 bug has some more info: https://bugs.chromium.org/p/v8/issues/detail?id=4656 It sounds like engines are creating a lot of dependent strings, keeping some large strings alive...
Flags: needinfo?(hv1989)
Comment 2•8 years ago
|
||
Ugh sorry. Set the NI before I read the V8 bug report.
Flags: needinfo?(hv1989)
Comment 3•8 years ago
|
||
See also bug 727615. According to bug 1058653 comment 2, Java no longer uses dependent strings due to similar 'leaks'.
Comment 4•2 years ago
|
||
Profiled the the test case: today we get a nice bounded memory stairstep.
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•