Assertion `findResult.first != (18446744073709551615UL)' failed in Escargot::Object::redefineOwnProperty
Ye0nny opened this issue · 1 comments
Ye0nny commented
Escargot
- OS: Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)
- Revision : bd95de3
Build Steps
cmake -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=shell -GNinja
Describe the bug
Assertion failure
Test case
testcase
var r = 0 ;
function func0 ( ) { } delete Array ;
for ( var a in [, 1,, 2 ] ) { r ++ ; }
2 ; r ; r = 0 ;
for ( var a in new Array ( 8 ) ) { r ++ ; }
0 ; r ;// poc.js
delete Array ;
for ( var a in [] ) { }Execution steps & Output
$ ./escargot poc.js
escargot: src/runtime/Object.cpp:1672: void Escargot::Object::redefineOwnProperty(Escargot::ExecutionState&, const Escargot::ObjectPropertyName&, const Escargot::ObjectPropertyDescriptor&): Assertion `findResult.first != (18446744073709551615UL)' failed.
Aborted
Backtrace
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7a70859 in __GI_abort () at abort.c:79
#2 0x00007ffff7a70729 in __assert_fail_base (fmt=0x7ffff7c06588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555555b57aa0 "findResult.first != (18446744073709551615UL)",
file=0x555555b56e9b "src/runtime/Object.cpp", line=1672, function=<optimized out>) at assert.c:92
#3 0x00007ffff7a81fd6 in __GI___assert_fail (assertion=0x555555b57aa0 "findResult.first != (18446744073709551615UL)", file=0x555555b56e9b "src/runtime/Object.cpp", line=1672,
function=0x555555b57ee0 "void Escargot::Object::redefineOwnProperty(Escargot::ExecutionState&, const Escargot::ObjectPropertyName&, const Escargot::ObjectPropertyDescriptor&)") at assert.c:101
#4 0x00005555559285c9 in Escargot::Object::redefineOwnProperty (this=0xa35b0, state=..., P=..., desc=...) at src/runtime/Object.cpp:1672
#5 0x000055555565cf62 in Escargot::GlobalObject::installArray (this=0xa35b0, state=...) at src/builtins/BuiltinArray.cpp:2112
#6 0x000055555563c6c3 in Escargot::GlobalObject::arrayPrototype (this=0xa35b0) at src/runtime/GlobalObject.h:356
#7 0x00005555558ae2a4 in Escargot::ArrayObject::ArrayObject (this=0xaef90, state=..., size=@0x7fffffffd318: 0, shouldConsiderHole=true) at src/runtime/ArrayObject.cpp:69
#8 0x00005555557259e6 in Escargot::InterpreterSlowPath::createArrayOperation (state=..., code=0x555555d14528, byteCodeBlock=0xc2f50, registerFile=0x7fffffffd9c0) at src/interpreter/ByteCodeInterpreter.cpp:3104
#9 0x000055555571d4d7 in Escargot::Interpreter::interpret (state=0x7fffffffd9f0, byteCodeBlock=0xc2f50, programCounter=93825000359208, registerFile=0x7fffffffd9c0) at src/interpreter/ByteCodeInterpreter.cpp:1182
#10 0x00005555557da97b in Escargot::Script::execute (this=0xbcee0, state=..., isExecuteOnEvalFunction=false, inStrictMode=false) at src/parser/Script.cpp:499
#11 0x0000555555643544 in Escargot::ScriptRef::execute (this=0xbcee0, state=0x7fffffffde80) at src/api/EscargotPublic.cpp:4706
#12 0x00005555559a3bc5 in <lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::operator()(Escargot::ExecutionStateRef *, Escargot::ScriptRef *) const (__closure=0x0, state=0x7fffffffde80, script=0xbcee0)
at src/shell/Shell.cpp:781
#13 0x00005555559a3bf0 in <lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *) () at src/shell/Shell.cpp:782
#14 0x00005555559a8f66 in Escargot::EvaluatorUtil::ApplyTupleIntoArgumentsOfVariadicTemplateFunction<0ul>::apply<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&, Escargot::ExecutionStateRef*&, Escargot::ScriptRef*&> (
f=@0x7fffffffdd88: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.h:521
#15 0x00005555559a8a1e in Escargot::EvaluatorUtil::ApplyTupleIntoArgumentsOfVariadicTemplateFunction<1ul>::apply<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&, Escargot::ScriptRef*&> (
f=@0x7fffffffdd88: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>, t=std::tuple containing = {...})
at src/api/EscargotPublic.h:510
#16 0x00005555559a829a in Escargot::EvaluatorUtil::ApplyTupleIntoArgumentsOfVariadicTemplateFunction<2ul>::apply<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&> (f=@0x7fffffffdd88: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>,
t=std::tuple containing = {...}) at src/api/EscargotPublic.h:510
#17 0x00005555559a792d in Escargot::EvaluatorUtil::applyTupleIntoArgumentsOfVariadicTemplateFunction<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&> (f=@0x7fffffffdd88: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>,
t=std::tuple containing = {...}) at src/api/EscargotPublic.h:531
#18 0x00005555559a6bff in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::operator()(Escargot::ExecutionStateRef*, void*, void*) const (this=0x0, state=0x7fffffffde80, tuplePtr=0x7fffffffe000,
fnPtr=0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.h:612
#19 0x00005555559a6c46 in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::_FUN(Escargot::ExecutionStateRef*, void*, void*) () at src/api/EscargotPublic.h:606
#20 0x0000555555641896 in Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::operator()(Escargot::ExecutionState &, void *) const (__closure=0x0, state=..., data=0x7fffffffdf20)
at src/api/EscargotPublic.cpp:1087
#21 0x00005555556418d0 in Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::_FUN(Escargot::ExecutionState &, void *) () at src/api/EscargotPublic.cpp:1088
#22 0x0000555555958874 in Escargot::SandBox::run (this=0x7fffffffdf70, scriptRunner=0x5555556418a7 <Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::_FUN(Escargot::ExecutionState &, void *)>,
data=0x7fffffffdf20) at src/runtime/SandBox.cpp:111
#23 0x00005555556419a0 in Escargot::Evaluator::executeFunction (ctx=0xa3af0,
runner=0x5555559a6c15 <Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::_FUN(Escargot::ExecutionStateRef*, void*, void*)>, data=0x7fffffffe000,
data2=0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.cpp:1089
#24 0x00005555559a6cd7 in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*> (p=0xa3af0,
fn=0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.h:614
#25 0x00005555559a5e39 in Escargot::Evaluator::execute<Escargot::ScriptRef*, evalScript(Escargot::ContextRef*, Escargot::StringRef*, Escargot::StringRef*, bool, bool)::<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)> >(Escargot::ContextRef *, <lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)> &&) (ctx=0xa3af0, closure=...) at src/api/EscargotPublic.h:585
#26 0x00005555559a3ecd in evalScript (context=0xa3af0, source=0xabf70, srcName=0x7a390, shouldPrintScriptResult=false, isModule=false) at src/shell/Shell.cpp:783
#27 0x00005555559a52bd in main (argc=2, argv=0x7fffffffe358) at src/shell/Shell.cpp:1130
Expected behavior
true
undefined
clover2123 commented
Fixed by #1329