Bug 127772 - Javascript function returns incorrect value after being JIT-compiled
Summary: Javascript function returns incorrect value after being JIT-compiled
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: iPhone / iPad iOS 7.0
: P1 Major
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-28 04:56 PST by Daniel Szabo
Modified: 2014-10-07 02:59 PDT (History)
0 users

See Also:

Attachments
html page with javascript showing errorenous JIT behavior (1.10 KB, text/html)
2014-01-28 04:56 PST, Daniel Szabo 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Szabo 2014-01-28 04:56:09 PST 
Created attachment 222429 [details]
html page with javascript showing errorenous JIT behavior

See attachment.
Javascript function 'calc' will be called in a loop.
After several iterations its return value will be zero instead of the reference value.
The non-jitted function 'calc2' (which is the exact copy of 'calc') returns still the reference value.
Actual result on iPad mini (iOS 7.0.4, Safari/9537.53): after 35 iterations the result value will be constant zero.
Comment 1 Daniel Szabo 2014-10-07 02:59:11 PDT 
Seems to be fixed in iOS 8 Safari