RESOLVED FIXED 291362
[JSC] Type checking error after JIT optimization 
https://bugs.webkit.org/show_bug.cgi?id=291362
Summary [JSC] Type checking error after JIT optimization
su_sz9871byzy
Reported 2025-04-10 05:13:26 PDT
JSC version: db9a79327d8d35b77cb07ee2afbe11c4761bcc56 Test case: function opt() { const v1 = Object.getPrototypeOf('').toString; try { v1.call() return 0 } catch (e) { return e } } print(opt()) for (let i = 0; i < 10; i++) { print(opt()); } Run args: ./jsc test.js --useConcurrentJIT=0 --jitPolicyScale=0 Expected: TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error Result: TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error TypeError: Type error 0 0 0 0
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2025-04-17 05:14:11 PDT
<rdar://problem/149470479>
Yusuke Suzuki
Comment 2 2025-04-20 06:50:59 PDT
Pull request: https://github.com/WebKit/WebKit/pull/44309
Yusuke Suzuki
Comment 3 2025-04-20 07:28:17 PDT
*** Bug 288817 has been marked as a duplicate of this bug. ***
EntryHi
Comment 4 2025-04-22 00:13:57 PDT
Hello, I noticed that Bug 288817 is reported earlier than bug 291362. Why is bug 288817 duplicate?
Yusuke Suzuki
Comment 5 2025-04-22 08:27:06 PDT
@EntryHi Hi! This is just because this bug is handled first and I found that old bug was dupe of this.
EWS
Comment 6 2025-04-22 13:27:01 PDT
Committed 293973@main (472bc719b29b): <https://commits.webkit.org/293973@main> Reviewed commits have been landed. Closing PR #44309 and removing active labels.
Yusuke Suzuki
Comment 7 2025-05-23 14:25:41 PDT
*** Bug 288815 has been marked as a duplicate of this bug. ***
Yusuke Suzuki
Comment 8 2025-05-23 16:57:12 PDT
*** Bug 284615 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.