Hi I enable ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS feature and find that it will crash when go back the home page after run follow test case, I think it is caused by the optimize propery access, so anyone know that it is caused by the arch related code or jit Infrastructure code? and if i disable ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS feature, it will run correctly. Any help explaining this would be much appreciated! test case: var Origin = new Object(); function Init() { Origin.V = [150] } for ( var i = 20; i <= 160; i *= 2 ) { //Init(i); } Init(); Init(); Init(); Origin = null; Callstack: JAVASCRIPTCORE!const JSC::JSArray::`vftable' + 2 bytes JAVASCRIPTCORE!JSC::Heap::sweep() line 1104 + 14 bytes JAVASCRIPTCORE!JSC::Heap::collectAllGarbage() line 1306 WEBKIT!WebCore::collect(void * 0x00000000) line 47 WEBKIT!WebCore::GCController::gcTimerFired(WebCore::Timer<WebCore::GCController> * 0x06a905a0 {m_object=??? m_function=??? }) line 70 WEBKIT!WebCore::Timer<WebCore::PageCache>::fired() line 98 + 20 bytes WEBKIT!WebCore::ThreadTimers::sharedTimerFiredInternal() line 115 WEBKIT!WebCore::ThreadTimers::sharedTimerFired() line 91 -- BGs/Felix Shi -- BGs/Felix Shi