| Summary: | REGRESSION (266591@main): Array.splice can return `undefined` for `[].splice(0, 0)` | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | scythes.corms_0i | ||||
| Component: | JavaScriptCore | Assignee: | Yusuke Suzuki <ysuzuki> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Critical | CC: | aestes, mark.lam, simon.fraser, webkit-bug-importer, ysuzuki | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | Safari Technology Preview | ||||||
| Hardware: | Mac (Apple Silicon) | ||||||
| OS: | macOS 13 | ||||||
| Bug Depends on: | 259809 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
Pull request: https://github.com/WebKit/WebKit/pull/17503 Committed 267703@main (b97cfe44a622): <https://commits.webkit.org/267703@main> Reviewed commits have been landed. Closing PR #17503 and removing active labels. |
Created attachment 467550 [details] repro file Hello from the VS Code Team We are running unit tests against various browsers and while trying to run them against Safari Tech Preview, Release 177 (Safari 17.0, WebKit 18617.1.4.3), we are encountering an issue that looks like a browser bug. It seems that Array.splice can return undefined instead of an empty array. I have created and attached a file that resembles our unit tests which should allow you to reproduce this. Steps: * open Safari Tech Preview * load the attached file * notice how line 28 is reached, meaning Array.splice has returned undefined Observations: * this happens for the case of an empty array and index and deletion count being zero * this doesn't happen when adding a breakpoint or the debugger statement hinting towards an issue with JIT * this works fine in Safari 16.6 Excuses: * Sorry, for the large sample file. It's basically the one test that's failing and all its dependencies (sans tree shaking)