function shouldThrow(func) { try { func(); } catch (e) { print("error") } } function foo(value) { return Math.pow(value); } noInline(foo); for (var i = 0; i < 10; ++i) { print(foo(10)) } shouldThrow(() => {foo(Symbol("Cocoa"))}); With the above script as input to JSC, run JSC with the following parameters: ./jsc test.js --useConcurrentJIT=0 --jitPolicyScale=0 Pow(Symbol("Cocoa")) should throw an exception. In interpreter(executing the above script with --jitPolicyScale=1), JSC throws an exception, but in JIT, JSC doesn't throw an exception. The problem is in the process of compiling bytecode into DFG node. In DFGBytecodeParser, Math.pow will be inlined into ArithPow node. If pow has less than 2 parameters, constantNaN will be directly introduced as the result of pow, but introducing this NaN makes JIT ignore exceptions caused by parameters. When the parameter is Symbol, the above problem exists, and the following script will trigger the same problem. var o = { toString: function () { return {}; } }; function bar(b) { return b } noInline(bar) function foo(a) { try { print(bar(Math.pow(a))) } catch (e) { print("error") } } noInline(foo); for (var i = 0; i < 10; i++) { foo({}); foo("hello"); } foo(o);
<rdar://problem/99266554>