Some problem of Array’s value state in the newly released iOS 12 Safari, for example, code like this:
It’s definitely a BUG! And it’s a very serious bug.
As my test, the bug is due to the optimization of array initializer which all values are primitive literal. For example
() => [1, null, 'x'] will return such arrays, and all return arrays link to same memory address, and some method like
toString() is also memorized. Normally, any mutable operation on such array will copy to a individual memory space and link to it, this is so-called copy-on-write technique (https://en.wikipedia.org/wiki/Copy-on-write).
reverse() method will mutate the array, so it should trigger CoW, Unfortunately, it doesn’t now, which cause bug.
On the other hand, all methods which do not modify the array should not trigger CoW, and I find that even
a.fill(value, 0, 0) or
a.copyWithin(index, 0, 0) won’t trigger CoW because such callings don’t really mutate the array. But I notice that
a.slice() WILL trigger CoW. So I guess the real reason of this bug may be someone accidentally swap the index of
Add a demo page, try it use iOS 12 Safari： https://cdn.miss.cat/demo/ios12-safari-bug.html