search

chakra-core / ChakraCore

ChakraCore is an open source Javascript engine with a C API.
MIT License
9.1k stars 1.2k forks source link

ChakraCore JIT problem with array #6883

Open lionche opened 1 year ago

lionche commented 1 year ago
Version

chakra-1.11.24.0, 1.13.0.0-beta

Test case
function foo() {
    var IntArr2 = new Int32Array();
    Object.defineProperty(IntArr2, "length", {value: 1});
IntArr2[5] = 429496725;
IntArr2[IntArr2.length] = 3;
return [IntArr2,IntArr2.length]
}
for(let i = 0;i<100000;i++) foo()
print(foo())
Execution steps
.ch Testcase.js
Output
,0
Expected result
,1
Description

The correct output of the test case should be ,1 while chakra yields ,0 . This may be caused by the incorrect implementation of chakra JIT compiler.