<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Calling eval in function will crash on iOS"

   href="https://bugs.webkit.org/show_bug.cgi?id=167280">167280</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Calling eval in function will crash on iOS

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Local Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>iPhone / iPad

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>iOS 10

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>JavaScriptCore

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>hszhsh&#64;icloud.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>It is only occurred on iOS with the release build of the jsc library. It's ok when linked with debug version of jsc, and it's ok when called in the global scope.

The stack of the crash is as follows.

#0    0x0000000100d63c24 in llint_entry ()

#1    0x0000000100d649ec in llint_entry ()

#2    0x0000000100d65fa8 in llint_entry ()

#3    0x0000000100d5f6b8 in llintPCRangeStart ()

#4    0x0000000100c09fb8 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) at JITCode.cpp:81

#5    0x0000000100bdcde4 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/interpreter/Interpreter.cpp:871

#6    0x00000001008f1114 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&amp;, JSC::JSValue, WTF::NakedPtr&lt;JSC::Exception&gt;&amp;) at Completion.cpp:110

#7    0x0000000100c4cb98 in ::JSEvaluateScript(JSContextRef, JSStringRef, JSObjectRef, JSStringRef, int, JSValueRef *) at JSBase.cpp:69</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>