Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_FUNCTION || ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_EXTERNAL_FUNCTION in ecma_op_lazy_instantiate_prototype_object #3250

Closed
renatahodovan opened this issue Oct 25, 2019 · 0 comments · Fixed by #3251
Closed

Assertion ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_FUNCTION || ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_EXTERNAL_FUNCTION in ecma_op_lazy_instantiate_prototype_object #3250

renatahodovan opened this issue Oct 25, 2019 · 0 comments · Fixed by #3251
Assignees
@rerobika
Labels
bug Undesired behaviour

Comments

@renatahodovan
Copy link
Contributor

JerryScript revision

4b35275

Build platform

Linux-4.15.0-62-generic-x86_64-with-Ubuntu-18.04-bionic

Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
var arrowFn = () => { }
arrowFn.prototype('caller')
Output
ICE: Assertion 'ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_FUNCTION || ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_EXTERNAL_FUNCTION' failed at jerryscript/jerry-core/ecma/operations/ecma-function-object.c(ecma_op_lazy_instantiate_prototype_object):1216.
Error: ERR_FAILED_INTERNAL_ASSERTION
Backtrace
bt
#0  0xf7fd5079 in __kernel_vsyscall ()
#1  0xf77fc832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf77fdcc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x56579e4c in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:30
#4  0x56612da3 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5  0x56612de4 in jerry_assert_fail (assertion=0x566c2f80 "ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_FUNCTION || ecma_get_object_type (object_p) == ECMA_OBJECT_TYPE_EXTERNAL_FUNCTION", file=0x566c1f60 "jerryscript/jerry-core/ecma/operations/ecma-function-object.c", function=0x5668dd40 <__func__.6153.lto_priv.584> "ecma_op_lazy_instantiate_prototype_object", line=1216) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6  0x56640b2a in ecma_op_lazy_instantiate_prototype_object (object_p=0xf5f00940) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1215
#7  0x56640dbb in ecma_op_function_try_to_lazy_instantiate_property (object_p=0xf5f00940, property_name_p=0x194d) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1265
#8  0x566009b9 in ecma_op_object_find_own (base_value=4126148931, object_p=0xf5f00940, property_name_p=0x194d) at jerryscript/jerry-core/ecma/operations/ecma-objects.c:637
#9  0x5660101d in ecma_op_object_get (object_p=0xf5f00940, property_name_p=0x194d) at jerryscript/jerry-core/ecma/operations/ecma-objects.c:811
#10 0x565e481c in vm_op_get_value (object=4126148931, property=6477) at jerryscript/jerry-core/vm/vm.c:111
#11 0x565ec75c in vm_loop (frame_ctx_p=0xffffc6e0) at jerryscript/jerry-core/vm/vm.c:1796
#12 0x565f6a1e in vm_execute (frame_ctx_p=0xffffc6e0, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3598
#13 0x565f7381 in vm_run (bytecode_header_p=0xf5300ed0, this_binding_value=4126149459, lex_env_p=0xf5d007b0, parse_opts=0, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3724
#14 0x565e4b2b in vm_run_global (bytecode_p=0xf5300ed0) at jerryscript/jerry-core/vm/vm.c:282
#15 0x566713c7 in jerry_run (func_val=4126148979) at jerryscript/jerry-core/api/jerry.c:576
#16 0x5666db4f in main (argc=2, argv=0xffffcb14) at jerryscript/jerry-main/main-unix.c:739

Found by Fuzzinator with grammarinator.

@rerobika rerobika added the bug Undesired behaviour label Oct 25, 2019
rerobika added a commit to rerobika/jerryscript that referenced this issue Oct 25, 2019
@rerobika
Arrow functions prototype property should not be lazy instantiated
5894455 
This patch fixes jerryscript-project#3250

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik [email protected]
@rerobika rerobika mentioned this issue Oct 25, 2019
Merged
@rerobika rerobika self-assigned this Oct 25, 2019
rerobika added a commit that referenced this issue Oct 28, 2019
@rerobika
Arrow functions prototype property should not be lazy instantiated (#…
351b881 
…3251)

This patch fixes #3250

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik [email protected]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rerobika rerobika

Labels
bug Undesired behaviour
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Arrow functions prototype property should not be lazy instantiated rerobika/jerryscript
2 participants
@renatahodovan @rerobika