[Webkit-unassigned] [Bug 275160] New: Method call silently fails since iOS 17.5/ MacOS 14.5 after a warmup period

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 5 08:00:28 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=275160

            Bug ID: 275160
           Summary: Method call silently fails since iOS 17.5/ MacOS 14.5
                    after a warmup period
           Product: WebKit
           Version: Safari 17
          Hardware: All
                OS: iOS 17
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jekfer.bichon at 3ds.com

Created attachment 471592

  --> https://bugs.webkit.org/attachment.cgi?id=471592&action=review

Sample to reproduce the issue

Hello,

We have discovered quite a vicious bug after we updated to iOS 17.5 and MacOS 14.5.
As I cannot share proprietary code with you, I have created and attached a small sample, with some comments, where the problem is visible. 

In the sample, I have two loops to copy the contents of two typed arrays into a bigger typed array. In the first loop, I allow the index to go out of bound, in the 2nd loop, I don't. 
This code, after a warmup period, starts to fail silently, with the target typed array containing only 0s. The first few hundred iterations are working as expected.
On other OSs and browsers, going out of bound returns the "undefined" value, that was also the case on iOS and MacOS before we updated to the latest versions. 

What I suspect is that the engine optimizes the code after warming up and that code seems to be unable to handle this situation. Worse, the 2nd loop where I don't allow the index to go out of bound also starts failing silently but if you comment the 1st loop, the 2nd one never fails. If you put a breakpoint inside the copying method, the whole code becomes functional for a short period of time before starting to fail again. This behavior makes the debugging process quite frustrating as trying to observe the issue makes the issue disappear.

This behavior is a regression compared to previously released iOS and MacOS versions.

Thanks.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240605/b88671c2/attachment.htm>

More information about the webkit-unassigned mailing list