Executing following code : ------------------------------------- var a= [1, 2.2, 3.3]; function Test() { +a; a.reverse(); print(a); } Test(); print("BT_FLAG"); ------------------------------------- Output should be : 3.3,2.2,1 BT_FLAG However, output of JavaScriptCore is : 1,2.2,3.3 BT_FLAG BT_GROUP 2018/8/21
Created attachment 348007 [details] Patch
<rdar://problem/43637041>
Comment on attachment 348007 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=348007&action=review > Source/JavaScriptCore/runtime/JSObject.h:873 > + void ensureWritable(VM& vm) > + { > + if (isCopyOnWrite(indexingMode())) > + convertFromCopyOnWrite(vm); > + } We do this exact pattern in JSObject.cpp a few times. Maybe we can also refactor that code to just call this?
Comment on attachment 348007 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=348007&action=review >> Source/JavaScriptCore/runtime/JSObject.h:873 >> + } > > We do this exact pattern in JSObject.cpp a few times. Maybe we can also refactor that code to just call this? Same goes for four functions in JSArray.cpp.
Comment on attachment 348007 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=348007&action=review >>> Source/JavaScriptCore/runtime/JSObject.h:873 >>> + } >> >> We do this exact pattern in JSObject.cpp a few times. Maybe we can also refactor that code to just call this? > > Same goes for four functions in JSArray.cpp. Sounds good. Fixed.
Committed r235356: <https://trac.webkit.org/changeset/235356>
Awesome to hear this is fixed. There's currently a (mildly) trending submission on Hacker News regarding this bug: https://news.ycombinator.com/item?id=18021835 It would appear that current releases of Safari (apparently on both iOS and macOS) are still on WebKit revisions from before the fix landing. I'm sure there's lots more detail and discussion in the rdar:// links, but I can't be sure since I cannot view them. It would be great if a quick TL;DR on progress/status/next steps/instructions etc could be released somewhere. (As someone who has never really used macOS/iOS, I'm very curious how the fixes will be rolled out - perhaps silent/automatic patch updates? This breaks JS pretty impressively, so I can't see this being slated for the next iOS/macOS major release.) NB. I found this thread because the bug submitter linked to it - thanks! - https://news.ycombinator.com/item?id=18023508