Assertion !ecma_is_value_direct (x) || ecma_is_value_undefined (x) || ecma_is_value_null (x) || ecma_is_value_boolean (x) || ecma_is_value_integer_number (x) in ecma_op_strict_equality_compare

Question

Assertion !ecma_is_value_direct (x) || ecma_is_value_undefined (x) || ecma_is_value_null (x) || ecma_is_value_boolean (x) || ecma_is_value_integer_number (x) in ecma_op_strict_equality_compare

renatahodovan opened this issue 2 years ago · 0 comments

renatahodovan commented 2 years ago

JerryScript revision

0d49696

Build platform

Linux-5.4.0-104-generic-x86_64-with-glibc2.29

Build steps

./tools/build.py --clean --debug --profile=es.next  --error-messages=ON --logging=ON

Test case

class A { f ( ) { return ( { }, this ) } } 
class B extends A { constructor(p_0, b, c, d) { eval ( "eval ('super (a, b, c, d)')" ) ; print(super.f()=== 0) } } 
var a = new B ( )

Output

ICE: Assertion '!ecma_is_value_direct (x) || ecma_is_value_undefined (x) || ecma_is_value_null (x) || ecma_is_value_boolean (x) || ecma_is_value_integer_number (x)' failed at jerryscript/jerry-core/ecma/operations/ecma-comparison.c(ecma_op_strict_equality_compare):256.
Error: JERRY_FATAL_FAILED_ASSERTION
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3268980==ERROR: AddressSanitizer: ABRT on unknown address 0x03e90031e174 (pc 0x7f7250d8d03b bp 0x7ffd4fbe44d0 sp 0x7ffd4fbe4260 T0)
    #0 0x7f7250d8d03b in raise /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x7f7250d6c858 in abort /build/glibc-sMfBJT/glibc-2.31/stdlib/abort.c:79:7
    #2 0x89ef3f in jerry_port_fatal jerryscript/jerry-port/common/jerry-port-process.c:29:5
    #3 0x66b742 in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63:3
    #4 0x66b4da in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:83:3
    #5 0x5c8bda in ecma_op_strict_equality_compare jerryscript/jerry-core/ecma/operations/ecma-comparison.c:255:5
    #6 0x741fce in vm_loop jerryscript/jerry-core/vm/vm.c:3642:27
    #7 0x7182d9 in vm_execute jerryscript/jerry-core/vm/vm.c:5211:37
    #8 0x715ba5 in vm_run jerryscript/jerry-core/vm/vm.c:5312:10
    #9 0x5ee8f8 in ecma_op_function_call_constructor jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1036:15
    #10 0x5e737d in ecma_op_function_call_simple jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1116:14
    #11 0x5e9555 in ecma_op_function_construct_simple jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1492:28
    #12 0x5e902f in ecma_op_function_construct jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1713:14
    #13 0x757b67 in opfunc_construct jerryscript/jerry-core/vm/vm.c:840:7
    #14 0x718420 in vm_execute jerryscript/jerry-core/vm/vm.c:5236:9
    #15 0x715ba5 in vm_run jerryscript/jerry-core/vm/vm.c:5312:10
    #16 0x7155ff in vm_run_global jerryscript/jerry-core/vm/vm.c:286:25
    #17 0x4cf99d in jerry_run jerryscript/jerry-core/api/jerryscript.c:548:24
    #18 0x89cdc9 in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:68:14
    #19 0x4c4d84 in main jerryscript/jerry-main/main-desktop.c:156:20
    #20 0x7f7250d6e0b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #21 0x41c53d in _start (jerryscript/build/bin/jerry+0x41c53d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1 in raise
==3268980==ABORTING

Backtrace

bt
#0  �[33m__GI_raise�[m (�[36msig=sig@entry�[m=6) at �[32m../sysdeps/unix/sysv/linux/raise.c�[m:50
#1  �[34m0x00007ffff7c33859�[m in �[33m__GI_abort�[m () at �[32mabort.c�[m:79
#2  �[34m0x000000000089ef40�[m in �[33mjerry_port_fatal�[m (�[36mcode�[m=JERRY_FATAL_FAILED_ASSERTION) at �[32mjerryscript/jerry-port/common/jerry-port-process.c�[m:29
#3  �[34m0x000000000066b743�[m in �[33mjerry_fatal�[m (�[36mcode�[m=JERRY_FATAL_FAILED_ASSERTION) at �[32mjerryscript/jerry-core/jrt/jrt-fatals.c�[m:63
#4  �[34m0x000000000066b4db�[m in �[33mjerry_assert_fail�[m (�[36massertion�[m=0x8d8b00 <str> "!ecma_is_value_direct (x) || ecma_is_value_undefined (x) || ecma_is_value_null (x) || ecma_is_value_boolean (x) || ecma_is_value_integer_number (x)", �[36mfile�[m=0x8d89a0 <str> "jerryscript/jerry-core/ecma/operations/ecma-comparison.c", �[36mfunction�[m=0x8d8bc0 <__func__.ecma_op_strict_equality_compare> "ecma_op_strict_equality_compare", �[36mline�[m=256) at �[32mjerryscript/jerry-core/jrt/jrt-fatals.c�[m:83
#5  �[34m0x00000000005c8bdb�[m in �[33mecma_op_strict_equality_compare�[m (�[36mx�[m=104, �[36my�[m=80) at �[32mjerryscript/jerry-core/ecma/operations/ecma-comparison.c�[m:255
#6  �[34m0x0000000000741fcf�[m in �[33mvm_loop�[m (�[36mframe_ctx_p�[m=0x7fffffffc820) at �[32mjerryscript/jerry-core/vm/vm.c�[m:3642
#7  �[34m0x00000000007182da�[m in �[33mvm_execute�[m (�[36mframe_ctx_p�[m=0x7fffffffc820) at �[32mjerryscript/jerry-core/vm/vm.c�[m:5211
#8  �[34m0x0000000000715ba6�[m in �[33mvm_run�[m (�[36mshared_p�[m=0x7fffffffcb60, �[36mthis_binding_value�[m=104, �[36mlex_env_p�[m=0x1290440 <jerry_global_heap+1472>) at �[32mjerryscript/jerry-core/vm/vm.c�[m:5312
#9  �[34m0x00000000005ee8f9�[m in �[33mecma_op_function_call_constructor�[m (�[36mshared_args_p�[m=0x7fffffffcb60, �[36mscope_p�[m=0x1290440 <jerry_global_heap+1472>, �[36mthis_binding�[m=104) at �[32mjerryscript/jerry-core/ecma/operations/ecma-function-object.c�[m:1036
#10 �[34m0x00000000005e737e�[m in �[33mecma_op_function_call_simple�[m (�[36mfunc_obj_p�[m=0x1290370 <jerry_global_heap+1264>, �[36mthis_binding�[m=72, �[36marguments_list_p�[m=0x7fffffffd288, �[36marguments_list_len�[m=6) at �[32mjerryscript/jerry-core/ecma/operations/ecma-function-object.c�[m:1116
#11 �[34m0x00000000005e9556�[m in �[33mecma_op_function_construct_simple�[m (�[36mfunc_obj_p�[m=0x1290370 <jerry_global_heap+1264>, �[36mnew_target_p�[m=0x1290370 <jerry_global_heap+1264>, �[36marguments_list_p�[m=0x7fffffffd288, �[36marguments_list_len�[m=6) at �[32mjerryscript/jerry-core/ecma/operations/ecma-function-object.c�[m:1492
#12 �[34m0x00000000005e9030�[m in �[33mecma_op_function_construct�[m (�[36mfunc_obj_p�[m=0x1290370 <jerry_global_heap+1264>, �[36mnew_target_p�[m=0x1290370 <jerry_global_heap+1264>, �[36marguments_list_p�[m=0x7fffffffd288, �[36marguments_list_len�[m=6) at �[32mjerryscript/jerry-core/ecma/operations/ecma-function-object.c�[m:1713
#13 �[34m0x0000000000757b68�[m in �[33mopfunc_construct�[m (�[36mframe_ctx_p�[m=0x7fffffffd240) at �[32mjerryscript/jerry-core/vm/vm.c�[m:840
#14 �[34m0x0000000000718421�[m in �[33mvm_execute�[m (�[36mframe_ctx_p�[m=0x7fffffffd240) at �[32mjerryscript/jerry-core/vm/vm.c�[m:5236
#15 �[34m0x0000000000715ba6�[m in �[33mvm_run�[m (�[36mshared_p�[m=0x7fffffffd460, �[36mthis_binding_value�[m=11, �[36mlex_env_p�[m=0x1290170 <jerry_global_heap+752>) at �[32mjerryscript/jerry-core/vm/vm.c�[m:5312
#16 �[34m0x0000000000715600�[m in �[33mvm_run_global�[m (�[36mbytecode_p�[m=0x1290588 <jerry_global_heap+1800>, �[36mfunction_object_p�[m=0x1290160 <jerry_global_heap+736>) at �[32mjerryscript/jerry-core/vm/vm.c�[m:286
#17 �[34m0x00000000004cf99e�[m in �[33mjerry_run�[m (�[36mscript�[m=739) at �[32mjerryscript/jerry-core/api/jerryscript.c�[m:548
#18 �[34m0x000000000089cdca�[m in �[33mjerryx_source_exec_script�[m (�[36mpath_p�[m=0x7fffffffde36 "/run/user/1001/fuzzinator/3261026/3268976-FileWriterDecorator-18db9a912f2a42289769603c9cc0ed7e/0.js") at �[32mjerryscript/jerry-ext/util/sources.c�[m:68
#19 �[34m0x00000000004c4d85�[m in �[33mmain�[m (�[36margc�[m=2, �[36margv�[m=0x7fffffffdb08) at �[32mjerryscript/jerry-main/main-desktop.c�[m:156

^{Found by Fuzzinator with grammarinator}