[Webkit-unassigned] [Bug 180006] New: not a function, is 4.538223e-316 instead: function is optimized to a... number?

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 24 07:57:21 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=180006

            Bug ID: 180006
           Summary: not a function, is 4.538223e-316 instead: function is
                    optimized to a... number?
           Product: WebKit
           Version: Safari 10
          Hardware: iPhone / iPad
                OS: iOS 10.3
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: awerlang17 at gmail.com

# Overview:

We're getting an exception where a function is expected but it's a number instead.

The function is a class method part of Angular at 4.3.6. Written in TypeScript and compiled to ES5 as (shortened to relevant bits):

    "use strict";
    var Router = /** @class */ (function () {
        function Router() {
        }
        Router.prototype.serializeUrl = function (url) { return this.urlSerializer.serialize(url); };
        return Router;
    }());

Couldn't it be a user-level code changing the function to become a number? I think not. I added the following code to initialization:

    // FIXME: attempt to troubleshoot this.router.serializeUrl is not a function on Safari
    const serializeUrl = router.serializeUrl;
    Object.defineProperty(router, 'serializeUrl', {
        configurable: false,
        get: () => serializeUrl,
        set: (value) => { throw new Error('this.router.serializeUrl = ' + value) },
    });
    Object.defineProperty(Router.prototype, 'serializeUrl', {
        configurable: false,
        get: () => serializeUrl,
        set: (value) => { throw new Error('Router.prototype.serializeUrl = ' + value) },
    });

It failed again and this trap didn't run. How the function could be replaced without going through these paths?

Because it happens after a few successful invocations of ditto function, I believe the culprit lies in the optimizer (of course, it's not a valid replacement for a function, so that makes me wonder why it happens)

# Steps to Reproduce:

Unfortunately, it's unpredictable when it's going to happen. The function in question runs a few times until the error occurs. It may not happen at all for a given user, but keeps happening. When it fails, it fails for the same function / call site every time.

# Actual Results: 

An exception is thrown:
    TypeError: this.router.serializeUrl is not a function. (In 'this.router.serializeUrl(this.urlTree)', 'this.router.serializeUrl' is 4.538223e-316)

The floating point number reported is different every time.

# Expected Results: 

Function should be invoked w/o problems.

# Build Date & Hardware: 

Sample user agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_3 like Mac OS X) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.0 Mobile/14G60 Safari/602.1

# Additional Builds and Platforms: 

Wasn't reported on iOS Safari !== 10.x so far. Nor other browsers & platforms (okay on Mac OS X, Windows, Chrome, Firefox, Edge)

# Additional Information:

Reported as well at https://github.com/angular/angular/issues/16717. The Angular team dismissed the issue because policies.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171124/e869ad07/attachment.html>

More information about the webkit-unassigned mailing list