Bug 135338

Summary: IOS - Math.abs generate random numbers when we have JIT
Product: WebKit Reporter: Adrian <kileras>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Major CC: ap, fpizlo, ggaren
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: iOS 7.0   
Attachments:
Description Flags
Examples of failing and working code that does the same thing none

Adrian
Reported 2014-07-28 08:42:45 PDT
This may be already reported but I don't seem to be able to find it but basically when we have JIT and we use Math.abs in some contexts it produces random numbers. The original case was in a much larger codebase but I reduce it to this one, it may not be exactly the same issue but it is in the same area at least. Example code Number.prototype.abs = function() { return Math['abs'].call(Math, this); }; for (var i = 0; i < 100; i++) { document.write(i.abs() + ' '); } Expected behaviour: Print number from 0 to 99 in the page. Current behaviour It prints all the numbers all right until 73, after that iOS devices start to generate large numbers like 312604592 instead of 74. They appear to follow some kind of pattern. Other platforms The only platform where this happens is iOS, the rest of the browsers, including Safari on desktop, doesn't have this problem at all. This problem goes away is you attach a debugger, change the prototype to a global method or use dot notation when calling abs for example. I attached an html file with that example plus a few others I tried, some of them working some not.
Attachments
Examples of failing and working code that does the same thing (1.25 KB, text/html)
2014-07-28 08:43 PDT, Adrian 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Adrian
Comment 1 2014-07-28 08:43:46 PDT
Created attachment 235595 [details] Examples of failing and working code that does the same thing
Alexey Proskuryakov
Comment 2 2014-07-28 23:58:28 PDT
What is the iOS version that you are seeing this with, and on which device? I cannot reproduce with iOS 7.1.1 on iPhone 5s.
Adrian
Comment 3 2014-07-29 02:12:36 PDT
I just tried again in both the emulator (iPad IOS 7.1), iPad 3 (iOS 7.1.2) and yesterday I tried In iPhone 5s (iOS 7.1.2). The emulator fails all the time, the iPad 3 and the 5s fails sometimes for me, not always. It seems that they fail all the time if I change the code to: var list = []; Number.prototype.abs = function() { return Math['abs'].call(Math, this); }; for (var i = 0; i < 100; i++) { list.push(i.abs()); } document.write(list.join(', ')); Anyway yesterday I manage to update the iPhone to the latest iOS beta and now I cannot reproduce the issue anymore. Not this one, nor the other similar ones I found or even the original one in our big codebase. It will be cool if we can now which bug fixed this one, but at least it seems that this is not going to be an issue anymore in the fall.
Note You need to log in before you can comment on or make changes to this bug.