[Webkit-unassigned] [Bug 173305] webkit assertion failure

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 13 09:29:05 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=173305

GSkachkov <gskachkov at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gskachkov at gmail.com,
                   |                            |keith_miller at apple.com,
                   |                            |sbarati at apple.com
         Depends on|                            |156116

--- Comment #1 from GSkachkov <gskachkov at gmail.com> ---
(In reply to wang junjie from comment #0)
> the following samples can crash webkit.
> 
> createBuiltin(`function (a) {})`);

Not sure, that this function can not be accessible out of jsc, and I can reproduce crash only in jsc, but not in Webkit Nightly. It seems that this function was created to test jsc builtin function.

Stack of error in debug mode for provided source:

```
Error compiling builtin: Function statements must have a name.
Fatal error compiling builtin function 'foo': Function statements must have a name.1   0x10b163b2d WTFCrash
2   0x10a12c2e5 JSC::BuiltinExecutables::createExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility)
3   0x10a1201f3 JSC::createBuiltinExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility)
4   0x109d56d16 functionCreateBuiltin(JSC::ExecState*)
5   0x2275b1e01028
6   0x10acb9e9a llint_entry
7   0x10acb249e vmEntryToJavaScript
8   0x10aa75cfe JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
9   0x10aa25168 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
10  0x10a282de8 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
11  0x109d49844 runInteractive(GlobalObject*)
12  0x109d3a2ee int runJSC<jscmain(int, char**)::$_6>(CommandLine, bool, jscmain(int, char**)::$_6 const&)
13  0x109d38f2a jscmain(int, char**)
14  0x109d38e8e main
15  0x10dde9235 start
```

Following example work fine:
```
createBuiltin("(function (base) { return base; });");
```

Where you receive this error?


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=156116
[Bug 156116] We should support the ability to do a non-effectful getById
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170613/0630001e/attachment.html>

More information about the webkit-unassigned mailing list