| Summary: | Wrong JIT compilation | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | zhunkibatu | ||||
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | NEW --- | ||||||
| Severity: | Normal | CC: | mark.lam, saam, webkit-bug-importer, ysuzuki | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Local Build | ||||||
| Hardware: | PC | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
Created attachment 458332 [details] the minimal poc The following PoC outputs differently before/after JIT compilation. function opt() { const a = [12345678901]; const b = a[12345]; const c = () => { try { throw ""; } catch(e) { ({}); } }; const d = c(); return b; } print(opt());//undefined for(var i=0;i<10000;i++){ opt(); } print(opt());//NaN