UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36

Steps to reproduce the problem:
1. load https://jsbin.com/cahaqad/edit?html,console,output
2. click 'Run test'

What is the expected behavior?
Should see "stopped after 20000/20000".

The code is mostly no-ops, but the key thing is that x.g should be 1 at the end of the loop.

What went wrong?
Instead see "stopped after 5363/20000" (at least on my local machine at this time, stopping point depends on exact code and possibly machine).

Depending on the exact test code, after some number of loops x.g ends up either undefined or 0 and then it stops the testing after detecting x.g != 1 -- even though we always set x.g = a.a, where a.a should always be 1.

I've also noticed that sometimes (but not always), 'a' becomes undefined somehow by the end of the last loop.

After things go sideways, you have to refresh the page to get it working again (i.e. once triggered it always fails on the first loop).

I've verified but on 4 different windows machines and 1 Ubuntu machine.

Did this work before? Yes 58 (worked up until the first chrome 59 release)

Chrome version: 59.0.3071.104  Channel: stable
OS Version: 10.0
Flash Version: 

See the comments in the HTML file for detailed notes on testing the bug.

After a 40000 line codebase I help maintain started behaving non-deterministically when chrome 59 was released, I basically spent the last week whittling down the problem to a 20 line mwe. Any changes to the code can either change when the bug triggers, or prevent the bug from triggering altogether.

It appears that very specific js code patterns cause "bad things" to happen (a variable that I just set to a known value does not contain that value). Chrome version 59 is the only place I've seen this bug, so it is safe to assume it was introduced in chrome 59.

NOTES:
- the number of loops before failure can be deterministic or nondeterministic depending on the exact code
  - in my original code failure was nondeterministic even though my code was deterministic
  - in this final mwe it seems deterministic on 2 tested machines
    - currently fails on loop 5365/5363 for me (on two different machines)
- as I removed extraneous code, at different points the bug disappeared when removing some lines that I later could remove without getting rid of the bug
  - so it seems to depend on this local pattern, but also on the other js code that is around this code
- the bug also triggers less and less frequently as code is removed (down the the mwe)
- removing any of the lines in the test code prevents triggering the bug (even though most of them are essentially no-ops)
- the while loop seems to be part of the key. You can replace it with a for loop, but if you replace it with an if statement or remove it the bug won't trigger
 

Deleted: test.html 3.4 KB

test.html 3.4 KB View Download