Assertion constructor.isConstructor() == true in Escargot::FunctionObject::construct

[renatahodovan]

Escargot version:

Checked revision: 106b9c8

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-51-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

if (Promise.reject.call (Function.prototype));

Backtrace:

escargot: ../src/runtime/FunctionObject.h:193: static Escargot::Object* Escargot::FunctionObject::construct(Escargot::ExecutionState&, const Escargot::Value&, size_t, Escargot::Value*, Escargot::Value): Assertion `constructor.isConstructor() == true' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555584c050 "constructor.isConstructor() == true", file=file@entry=0x55555584c030 "../src/runtime/FunctionObject.h", line=line@entry=193, function=function@entry=0x55555584d3a0 <Escargot::FunctionObject::construct(Escargot::ExecutionState&, Escargot::Value const&, unsigned long, Escargot::Value*, Escargot::Value)::__PRETTY_FUNCTION__> "static Escargot::Object* Escargot::FunctionObject::construct(Escargot::ExecutionState&, const Escargot::Value&, size_t, Escargot::Value*, Escargot::Value)") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x55555584c050 "constructor.isConstructor() == true", file=0x55555584c030 "../src/runtime/FunctionObject.h", line=193, function=0x55555584d3a0 <Escargot::FunctionObject::construct(Escargot::ExecutionState&, Escargot::Value const&, unsigned long, Escargot::Value*, Escargot::Value)::__PRETTY_FUNCTION__> "static Escargot::Object* Escargot::FunctionObject::construct(Escargot::ExecutionState&, const Escargot::Value&, size_t, Escargot::Value*, Escargot::Value)") at assert.c:101
#4  0x00005555556096bd in Escargot::FunctionObject::construct (state=..., constructor=..., argc=1, argv=0x7fffffffca50, newTarget=...) at ../src/runtime/FunctionObject.h:193
#5  0x00005555557c26ef in Escargot::PromiseObject::newPromiseCapability (state=..., constructor=0x7ffff4662bb0) at ../src/runtime/PromiseObject.cpp:93
#6  0x0000555555771a4b in Escargot::builtinPromiseReject (state=..., thisValue=..., argc=0, argv=0x7fffffffcb10, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinPromise.cpp:287
#7  0x00005555556e6839 in Escargot::FunctionObject::processCall (this=0x7ffff461dd30, state=..., receiverSrc=..., argc=0, argv=0x7fffffffcb10, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:328
#8  0x00005555556e46af in Escargot::FunctionObject::call (this=0x7ffff461dd30, state=..., thisValue=..., argc=0, argv=0x7fffffffce40) at ../src/runtime/FunctionObject.h:169
#9  0x0000555555609655 in Escargot::FunctionObject::call (state=..., callee=..., thisValue=..., argc=0, argv=0x7fffffffce40) at ../src/runtime/FunctionObject.h:182
#10 0x000055555571749f in Escargot::builtinFunctionCall (state=..., thisValue=..., argc=1, argv=0x7fffffffda08, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinFunction.cpp:209
#11 0x00005555556e6839 in Escargot::FunctionObject::processCall (this=0x7ffff4662430, state=..., receiverSrc=..., argc=1, argv=0x7fffffffda08, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:328
#12 0x00005555556e46af in Escargot::FunctionObject::call (this=0x7ffff4662430, state=..., thisValue=..., argc=1, argv=0x7fffffffda08) at ../src/runtime/FunctionObject.h:169
#13 0x0000555555609655 in Escargot::FunctionObject::call (state=..., callee=..., thisValue=..., argc=1, argv=0x7fffffffda08) at ../src/runtime/FunctionObject.h:182
#14 0x000055555560cc22 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4678cd0, programCounter=93824999119640, registerFile=0x7fffffffd9e0) at ../src/interpreter/ByteCodeInterpreter.cpp:573
#15 0x0000555555639b31 in Escargot::Script::execute (this=0x7ffff45f16a0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#16 0x0000555555639c83 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd90) at ../src/parser/Script.cpp:92
#17 0x000055555563ac8c in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#18 0x00005555557d410a in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd90) at /usr/include/c++/7/bits/std_function.h:706
#19 0x00005555557d2cbd in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdd00, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#20 0x0000555555639d60 in Escargot::Script::sandboxExecute (this=0x7ffff45f16a0, state=...) at ../src/parser/Script.cpp:93
#21 0x00005555557f075a in eval (context=0x7ffff4669ed0, str=0x7ffff45d0570, fileName=0x7ffff45d04d0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#22 0x00005555557f10bc in main (argc=2, argv=0x7fffffffe0b8) at ../src/shell/Shell.cpp:133

^{Found by Fuzzinator with grammarinator.}

[clover2123]

@renatahodovan is the test code correct? IMO Function.prototype is not a constructor, so TypeError exception should be triggered in that code.
Edit) Oh.. I misunderstood the error. ASSERTION fail instead of exception, right? I'll handle this issue in the upcoming patch. Thanks.