[Webkit-unassigned] [Bug 153431] New: javascript jit bug affecting Google Maps
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 25 11:06:47 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=153431
Bug ID: 153431
Summary: javascript jit bug affecting Google Maps
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Macintosh
OS: Mac OS X 10.11
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rsturgell at google.com
Created attachment 269762
--> https://bugs.webkit.org/attachment.cgi?id=269762&action=review
Jit bug repro, prints FAILED for incorrect results
A couple weeks ago we pushed a new version of Google Maps, and Safari users started seeing rendering bugs (missing water features and parks) after loading a few viewports. We were able to work around the issue by rolling back a (seemingly innocuous) change.
I've managed to reduce the repro to a simple case, see attached.
The test calls function calc() 20k times. The function should always return 1. If it successfully returns 1 on every call, the tests shows "PASSED". If it ever returns something other than 1, the test prints FAILED and the iteration number, and exits.
In Safari and WebkitNightly Version 9.0.2 (11601.3.9, r195530) it returns 0 after roughly 10k iterations:
FAILED! Got result 0 at iteration 10486
Note that the test passes if the web inspector is open, and it also seems to pass on the very first load of a freshly started browser (but will consistently repro thereafter on a reload or new tab).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160125/7751815a/attachment.html>
More information about the webkit-unassigned
mailing list