Bug 232869

Summary: Compiler Incorrect Optimization
Product: WebKit Reporter: zhiyi <vulbugs>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: fpizlo, lukas.bernhard, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

zhiyi
Reported 2021-11-09 01:55:17 PST
OS: ubuntu20.04 Architecture: <x64> ./jsc bug.js expected output 3 3 actual output 3 -1 bug.js ################################## function f() { let v0 = 2147483648; const v1 = v0--; const v2 = new Float32Array([111,222,333,v1]); const v3 = v2.indexOf(v0); return v3; } let a0 = f(); print(a0); for (let i = 0; i < 0x1000; i++) { f(); } let a3 = f(); print(a3);
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-11-16 01:56:18 PST
<rdar://problem/85449162>
Note You need to log in before you can comment on or make changes to this bug.