RESOLVED WORKSFORME 114594
HEISENBUG ONLY BITES WITHOUT A DEBUGGER 
https://bugs.webkit.org/show_bug.cgi?id=114594
Summary HEISENBUG ONLY BITES WITHOUT A DEBUGGER
Jorge
Reported 2013-04-14 12:02:00 PDT
Created attachment 198007 [details] .html with a JS script that runs in a loop and demonstrates the bug The function()s works() and fails() ought to produce the same result, but fails() produces incorrect results every now and then. Notes: -THIS IS A PROBLEM OF THE JAVASCRIPT ENGINE: THE SAME FUNCTION REWRITTEN IN A SLIGHTLY DIFFERENT STYLE WORKS FINE. -IT WON'T BITE WHEN THE DEBUGGER IS OPEN -IT BITES ON iOS 6.x TOO (tested on an iPhone 4) -ON PUMA (MOUNTAIN LION) TOO. -PERHAPS IN LION TOO (but I didn't test it) -NOT IN SNOW LEOPARD -SEE THE COMMENTS IN THE ATTACHMENT The attached file "HeisenBugSafari.html" runs both functions in a loop and compares the results, as soon as they don't match it will print the results to document.body. Sometimes opening and closing the debugger window forces it to bite more often. This bug broke my webapp :-( Cheers, -- Jorge.
Attachments
.html with a JS script that runs in a loop and demonstrates the bug (1.91 KB, text/html)
2013-04-14 12:02 PDT, Jorge 		no flags
Details
start for( ; ; ) loop from 0 (1.91 KB, text/html)
2013-04-14 13:45 PDT, Jorge 		no flags
Details
Loops faster, use this one. (1.91 KB, text/html)
2013-04-14 17:07 PDT, Jorge 		no flags
Details
This one comes with "instructions" :-) (2.54 KB, text/html)
2013-04-15 02:25 PDT, Jorge 		no flags
Details
Bug n++ inside an expression in Webkit JS (2.66 KB, text/html)
2013-04-15 05:31 PDT, Juan Falgueras 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Jorge
Comment 1 2013-04-14 13:45:52 PDT
Created attachment 198009 [details] start for( ; ; ) loop from 0 Looks like it also fails in Snow Leopard (but much less often)
Jorge
Comment 2 2013-04-14 17:07:06 PDT
Created attachment 198016 [details] Loops faster, use this one.
Alexey Proskuryakov
Comment 3 2013-04-14 22:28:28 PDT
How often are you usually seeing this? I had this test open until ctr reached 3 million, and there wasn't any failure output. Testing with Safari 6.0.3.
Jorge
Comment 4 2013-04-15 02:25:21 PDT
Created attachment 198041 [details] This one comes with "instructions" :-) Alexey, try this one and let me know. Tested in Safari Version 6.0.3 (8536.28.10)/OSX 10.8.3 and Snow Leopard 10.6.8/Safari Version 5.1.8 (6534.58.2)
Juan Falgueras
Comment 5 2013-04-15 05:31:40 PDT
Created attachment 198115 [details] Bug n++ inside an expression in Webkit JS
Juan Falgueras
Comment 6 2013-04-15 05:32:24 PDT
It seems that the only difference between both functions is the function which gives a wrong answer does a n++ inside an expression, while the one that does it ok, does the n++ outside the expression. It seems that the n++ is the culprit. If you run this code in Chrome or FF, it works well, that is, both functions do the same, as it should.
Jorge
Comment 7 2013-04-15 06:35:59 PDT
@JuanFalgueras: Also when fails(s) fails, what happens is that some characters in 'a' are duplicates of the next character, so it would seem that the (n++) were *sometimes* being evaluated as (++n)s, right? -- ( Jorge )();
Juan Falgueras
Comment 8 2013-04-15 07:30:22 PDT
(In reply to comment #7) > @JuanFalgueras: > > Also when fails(s) fails, what happens is that some characters in 'a' are duplicates of the next character, so it would seem that the (n++) were *sometimes* being evaluated as (++n)s, right? > > -- > ( Jorge )(); @Jorge what seems more apparent is that the uncomfortable (to compile) integer++ is badly compile in JS and returns the wrong value, not the previous, or does the post-increment wrongly. That would also justify that repetition of values between iterations. Funnily it doesn't happy when the n++ is made out of any expression. I find this bug really intriguing and way dangerous! - jf
Jorge
Comment 9 2013-04-22 16:38:12 PDT
Alexey, can you confirm this bug?
Geoffrey Garen
Comment 10 2013-04-22 19:03:09 PDT
I can reproduce this in Safari 6 but not TOT. I believe it has been fixed. Can you re-try with the latest build @ nightly.webkit.org?
Juan Falgueras
Comment 11 2013-04-23 02:44:17 PDT
(In reply to comment #10) > I can reproduce this in Safari 6 but not TOT. I believe it has been fixed. > > Can you re-try with the latest build @ nightly.webkit.org? I'have tried it with the latest build. No fails. It was(?) a really funny bug. -
Jorge
Comment 12 2013-04-23 09:54:39 PDT
Ok, so this bug was fixed a while ago, or so it seems, because I've been testing some more (randomly chosen) nightlies from r148962 further and further back to r146575 2013-03-22 09:58:34 GMT, in a Mac, and it runs fine in every one I tried ! The pity is that in both 6.0.4 and 5.1.9, the ones that came out last week via software update, it still fails. Thank you!
Alexey Proskuryakov
Comment 13 2013-04-23 12:56:37 PDT
Marking resolved per the above discussion.
Note You need to log in before you can comment on or make changes to this bug.