typeof null works 60% of the time everytime #7352

Closed
cookiengineer opened this Issue Jun 21, 2016 · 4 comments

Projects

None yet

5 participants

@cookiengineer
cookiengineer commented Jun 21, 2016 edited

There's an upstream bug in v8 that was cherry-picked today and merged. The bug is as follows and also is reproducible in node itself:

Bug Description:

function foo() {
    return typeof null === 'undefined';
}

var a = 0;
var b = 0;

for (var i = 0; i < 10000; i++) {
    foo() === true ? a++ : b++;
}


var pa = ((a / (a + b)) * 100).toFixed(2);
var pb = ((b / (a + b)) * 100).toFixed(2);

console.log('true  ' + pa + '%');
console.log('false ' + pb + '%');

Outcome:

node typeof_null.js 
true  47.44%
false 52.56%

node typeof_null.js 
true  40.94%
false 59.06%
@MylesBorins
Member

thanks for posting @cookiengineer we have a backport in the review process 😄

#7348

@cookiengineer
cookiengineer commented Jun 21, 2016 edited

Awesome, just wanted to give you a hint about it. Most epic bug I've ever seen in a VM :) Haven't seen the backport pull request before.

@kzc
kzc commented Jun 21, 2016

@cookiengineer Epic bug indeed.

If you run the source through uglifyjs -c it works every time.
;-)

function foo() {return !1;}
for (var a = 0, b = 0, i = 0; i < 1e4; i++) foo() === !0 ? a++ : b++;
var pa = (a / (a + b) * 100).toFixed(2), pb = (b / (a + b) * 100).toFixed(2);
console.log("true  " + pa + "%"), console.log("false " + pb + "%");
@mscdex mscdex added the v8 label Jun 21, 2016
@RReverser
Member

Closing this as @TheAlphaNerd's PR was merged.

@RReverser RReverser closed this Jun 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment