rdar://119694893 In the DFG backwards propagation phase, when we modify the flags of an ArithClz32 node, we run the following: flags &= ~(... | ~NodeBytecodePrefersArrayIndex); In other nodes, we mask off bits for propagatable flags that shouldn't be propagated past the current node - for instance, bitwise operations mask off NodeBytecodeUsesAsNumber, since other nodes up the chain will be used as integers in the bitwise op. But here, we are including the negation of NodeBytecodePrefersArrayIndex, and due to the double negative in this statement, this has the effect of masking off all flags other than NodeBytecodePrefersArrayIndex. This looks like a typo, although since the behavior is already to mask off almost all bits in the backwards propagation mask, the only adverse effect is we might propagate NodeBytecodePrefersArrayIndex to the child nodes (unnecessary since we know the Clz32 will always return an int, making the existing PrefersArrayIndex bit redundant, but I can't find anywhere where preferring an array index would cause problems).