(In reply to wang junjie from comment #0) > the following samples can crash webkit. > > createBuiltin(`function (a) {})`); Not sure, that this function can not be accessible out of jsc, and I can reproduce crash only in jsc, but not in Webkit Nightly. It seems that this function was created to test jsc builtin function. Stack of error in debug mode for provided source: ``` Error compiling builtin: Function statements must have a name. Fatal error compiling builtin function 'foo': Function statements must have a name.1 0x10b163b2d WTFCrash 2 0x10a12c2e5 JSC::BuiltinExecutables::createExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility) 3 0x10a1201f3 JSC::createBuiltinExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility) 4 0x109d56d16 functionCreateBuiltin(JSC::ExecState*) 5 0x2275b1e01028 6 0x10acb9e9a llint_entry 7 0x10acb249e vmEntryToJavaScript 8 0x10aa75cfe JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 9 0x10aa25168 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) 10 0x10a282de8 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 11 0x109d49844 runInteractive(GlobalObject*) 12 0x109d3a2ee int runJSC<jscmain(int, char**)::$_6>(CommandLine, bool, jscmain(int, char**)::$_6 const&) 13 0x109d38f2a jscmain(int, char**) 14 0x109d38e8e main 15 0x10dde9235 start ``` Following example work fine: ``` createBuiltin("(function (base) { return base; });"); ``` Where you receive this error?

Yeah, the createBuiltin function exists solely for testing code in the jsc CLI. The intention is for it to crash if the function does not parse. It also exposes internal VM properties that could be changed, which may cause crashes or other badness.