127772 – Javascript function returns incorrect value after being JIT-compiled

RESOLVED WORKSFORME 127772

Javascript function returns incorrect value after being JIT-compiled

https://bugs.webkit.org/show_bug.cgi?id=127772

Summary Javascript function returns incorrect value after being JIT-compiled

Daniel Szabo

Reported 2014-01-28 04:56:09 PST

Created attachment 222429 [details] html page with javascript showing errorenous JIT behavior See attachment. Javascript function 'calc' will be called in a loop. After several iterations its return value will be zero instead of the reference value. The non-jitted function 'calc2' (which is the exact copy of 'calc') returns still the reference value. Actual result on iPad mini (iOS 7.0.4, Safari/9537.53): after 35 iterations the result value will be constant zero.

Attachments
html page with javascript showing errorenous JIT behavior (1.10 KB, text/html) 2014-01-28 04:56 PST, Daniel Szabo	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Daniel Szabo

Comment 1 2014-10-07 02:59:11 PDT

Seems to be fixed in iOS 8 Safari

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P1

Severity Major

Classification Unclassified

Version 528+ (Nightly build)

Hardware iPhone / iPad

OS iOS 7.0

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2014-01-28 04:56 PST

Modified

2014-10-07 02:59 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks