Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion LICM in DFG JIT Leaves Stack Variable Uninitialized While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with...