[Webkit-unassigned] [Bug 127772] New: Javascript function returns incorrect value after being JIT-compiled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 28 04:58:45 PST 2014


https://bugs.webkit.org/show_bug.cgi?id=127772

           Summary: Javascript function returns incorrect value after
                    being JIT-compiled
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: iOS
        OS/Version: iOS 7.0
            Status: NEW
          Severity: Major
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: szdy12 at gmail.com


Created an attachment (id=222429)
 --> (https://bugs.webkit.org/attachment.cgi?id=222429&action=review)
html page with javascript showing errorenous JIT behavior

See attachment.
Javascript function 'calc' will be called in a loop.
After several iterations its return value will be zero instead of the reference value.
The non-jitted function 'calc2' (which is the exact copy of 'calc') returns still the reference value.
Actual result on iPad mini (iOS 7.0.4, Safari/9537.53): after 35 iterations the result value will be constant zero.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list