Bug 239757

Summary: Wrong JIT compilation
Product: WebKit Reporter: zhunkibatu
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: mark.lam, saam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
the minimal poc none

zhunkibatu
Reported 2022-04-25 22:46:43 PDT
Created attachment 458332 [details] the minimal poc The following PoC outputs differently before/after JIT compilation. function opt() { const a = [12345678901]; const b = a[12345]; const c = () => { try { throw ""; } catch(e) { ({}); } }; const d = c(); return b; } print(opt());//undefined for(var i=0;i<10000;i++){ opt(); } print(opt());//NaN
Attachments
the minimal poc (256 bytes, text/javascript)
2022-04-25 22:46 PDT, zhunkibatu 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-05-02 22:47:13 PDT
<rdar://problem/92652058>
Yusuke Suzuki
Comment 2 2025-05-23 17:59:23 PDT
It is fixed :)
Note You need to log in before you can comment on or make changes to this bug.