Bug 174454

Summary: jsc crashes with Unexpected identifier
Product: WebKit Reporter: Qirun Zhang <helloqirun>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: ysuzuki
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Qirun Zhang 2017-07-12 20:35:26 PDT 
I have built a recent version using the instructions at https://trac.webkit.org/wiki/BuildingGtk

The hashtag of my build is:
commit 3f7415a21a3fd7220b07b74654bee687fafa7134


JSC crashes on the following testcase.

$ ~/jsc/WebKit/WebKitBuild/Release/bin/jsc abc.js
Error compiling builtin: Unexpected identifier 'caller'
Fatal error compiling builtin function 'foo': Unexpected identifier 'caller'1   0x7fd61460e377 /home/absozero/jsc/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x17) [0x7fd61460e377]
2   0x7fd613c5bc0e /home/absozero/jsc/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC18BuiltinExecutables16createExecutableERNS_2VMERKNS_10SourceCodeERKNS_10IdentifierENS_15ConstructorKindENS_16ConstructAbilityE+0x4be) [0x7fd613c5bc0e]
3   0x423840 /home/absozero/jsc/WebKit/WebKitBuild/Release/bin/jsc() [0x423840]
4   0x7fd5ce1ff028 [0x7fd5ce1ff028]
Segmentation fault (core dumped)

$ cat abc.js
function tryGetByIdText(propertyName) {
    return ` template ${ propertyName } template `;
} {
    let get = createBuiltin(
        tryGetByIdText('caller'));
}
Comment 1 Yusuke Suzuki 2017-07-13 08:51:55 PDT 
Thank you for filing this issue.

This createBuiltin function is introduced to test internal functionality in JSC: testing builtin (with some privilege) functions in JSC.
We do not expose it to user-space. For example, WebKit does not expose it in web pages. Only jsc shell has this because of testing purpose.

This crash is intended behavior to prevent us from writing unresolved reference in builtin JS.