135338 2014-07-28 08:42:45 -0700 IOS - Math.abs generate random numbers when we have JIT 2014-07-29 11:45:17 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) iPhone / iPad iOS 7.0 RESOLVED FIXED P2 Major --- 1 kileras webkit-unassigned ap fpizlo ggaren oldest_to_newest 1025137 0 kileras 2014-07-28 08:42:45 -0700 This may be already reported but I don't seem to be able to find it but basically when we have JIT and we use Math.abs in some contexts it produces random numbers. The original case was in a much larger codebase but I reduce it to this one, it may not be exactly the same issue but it is in the same area at least. Example code Number.prototype.abs = function() { return Math['abs'].call(Math, this); }; for (var i = 0; i < 100; i++) { document.write(i.abs() + ' '); } Expected behaviour: Print number from 0 to 99 in the page. Current behaviour It prints all the numbers all right until 73, after that iOS devices start to generate large numbers like 312604592 instead of 74. They appear to follow some kind of pattern. Other platforms The only platform where this happens is iOS, the rest of the browsers, including Safari on desktop, doesn't have this problem at all. This problem goes away is you attach a debugger, change the prototype to a global method or use dot notation when calling abs for example. I attached an html file with that example plus a few others I tried, some of them working some not. 1025138 1 235595 kileras 2014-07-28 08:43:46 -0700 Created attachment 235595 Examples of failing and working code that does the same thing 1025395 2 ap 2014-07-28 23:58:28 -0700 What is the iOS version that you are seeing this with, and on which device? I cannot reproduce with iOS 7.1.1 on iPhone 5s. 1025421 3 kileras 2014-07-29 02:12:36 -0700 I just tried again in both the emulator (iPad IOS 7.1), iPad 3 (iOS 7.1.2) and yesterday I tried In iPhone 5s (iOS 7.1.2). The emulator fails all the time, the iPad 3 and the 5s fails sometimes for me, not always. It seems that they fail all the time if I change the code to: var list = []; Number.prototype.abs = function() { return Math['abs'].call(Math, this); }; for (var i = 0; i < 100; i++) { list.push(i.abs()); } document.write(list.join(', ')); Anyway yesterday I manage to update the iPhone to the latest iOS beta and now I cannot reproduce the issue anymore. Not this one, nor the other similar ones I found or even the original one in our big codebase. It will be cool if we can now which bug fixed this one, but at least it seems that this is not going to be an issue anymore in the fall. 235595 2014-07-28 08:43:46 -0700 2014-07-28 08:43:46 -0700 Examples of failing and working code that does the same thing abs.html text/html 1282 kileras PCFkb2N0eXBlIGh0bWw+CjxodG1sPgo8aGVhZD48L2hlYWQ+Cjxib2R5PgogICAgPHNjcmlwdD4K ICAgIC8vIHZhciBsaXN0ID0gW10sCiAgICAvLyAgICAgaSA9IDAsCiAgICAvLyAgICAgbnVtYmVy OwogICAgLy8KICAgIC8vIFRoaXMgbWV0aG9kIHdvcmtzCiAgICAvLyBmdW5jdGlvbiBhYnMobnVt YmVyKSB7CiAgICAvLyAgICAgcmV0dXJuIE1hdGhbJ2FicyddLmNhbGwoTWF0aCwgbnVtYmVyKTsK ICAgIC8vIH0KICAgIC8vCiAgICAvLyBUaGlzIGRvZXMgbm90IHdvcmsKICAgIC8vIE51bWJlci5w cm90b3R5cGUuYWJzMiA9IGZ1bmN0aW9uKCkgewogICAgLy8gICAgIHJldHVybiBNYXRoWydhYnMn XS5jYWxsKHRoaXMsIHRoaXMpOwogICAgLy8gfTsKICAgIC8vCiAgICAvLyBUaGlzIGFjdHVhbGx5 IHdvcmtzCiAgICAvLyBOdW1iZXIucHJvdG90eXBlLmFicyA9IGZ1bmN0aW9uKCkgewogICAgLy8g ICAgIHJldHVybiBNYXRoLmFicy5jYWxsKE1hdGgsIHRoaXMpOwogICAgLy8gfTsKICAgIC8vCiAg ICAvLyAvLyBEb2Vzbid0IHdvcmsKICAgIC8vIGZvciAoaSA9IDA7IGkgPCAxMDA7IGkrKykgewog ICAgLy8gICAgIGxpc3QucHVzaChpLmFicygpKTsKICAgIC8vIH0KICAgIC8vCiAgICAvLyAvLyBE b2Vzbid0IHdvcmsKICAgIC8vIGkgPSAwOwogICAgLy8gZG8gewogICAgLy8gICAgIGxpc3QucHVz aChpLmFicygpKTsKICAgIC8vICAgICBpID0gaSArIDE7CiAgICAvLyB9IHdoaWxlIChpIDwgMTAw KTsKICAgIC8vCiAgICAvLyAvLyBEb2Vzbid0IHdvcmsKICAgIC8vIGkgPSAwOwogICAgLy8gd2hp bGUgKGkgPCAxMDApIHsKICAgIC8vICAgICBsaXN0LnB1c2goaS5hYnMoKSk7CiAgICAvLyAgICAg aSA9IGkgKyAxOwogICAgLy8gfQogICAgLy8KICAgIC8vCiAgICAvLyBXb3JrCiAgICAvLyBmb3Ig KGkgPSAwOyBpIDwgMTAwOyBpKyspIHsKICAgIC8vICAgICBsaXN0LnB1c2goTWF0aFsnYWJzJ10u Y2FsbChpLCBpKSk7CiAgICAvLyB9CiAgICAvLwogICAgLy8gZG9jdW1lbnQuYm9keS5pbm5lclRl eHQgKz0gbGlzdC5qb2luKCcsICcpOwogICAgPC9zY3JpcHQ+CiAgICA8c2NyaXB0PgoKICAgIE51 bWJlci5wcm90b3R5cGUuYWJzID0gZnVuY3Rpb24oKSB7CiAgICAgICAgcmV0dXJuIE1hdGhbJ2Fi cyddLmNhbGwoTWF0aCwgdGhpcyk7CiAgICB9OwoKICAgIGZvciAodmFyIGkgPSAwOyBpIDwgMTAw OyBpKyspIHsKICAgICAgICBkb2N1bWVudC53cml0ZShpLmFicygpICsgJyAnKTsKICAgIH0KCiAg ICA8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+Cg==