RELEASE_ASSERT_NOT_REACHED at src/runtime/EnvironmentRecord.h (94)

Escargot

OS: Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)
Revision : bd95de3c46e515a387ae1c3d0b214d9ddbd99e90

Build Steps

cmake -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=shell -GNinja

Describe the bug RELEASE_ASSERT_NOT_REACHED

Test case

testcase

```javascript class a { static { ( ( a ) => ( { await : new. target || a2. await } ) ( ) ) ( ) ; } } ```

// poc.js
class a { static { ( ( a ) => { await : new. target } ) ( ) ; } }

Execution steps & Output

$ ./escargot poc.js
escargot: src/runtime/ExecutionState.cpp:169: Escargot::Object* Escargot::ExecutionState::getNewTarget(): Assertion `envRec->isDeclarativeEnvironmentRecord() && envRec->asDeclarativeEnvironmentRecord()->isFunctionEnvironmentRecord()' failed.
Aborted

Backtrace

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7a70859 in __GI_abort () at abort.c:79
#2  0x00007ffff7a70729 in __assert_fail_base (fmt=0x7ffff7c06588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
    assertion=0x555555b417a0 "envRec->isDeclarativeEnvironmentRecord() && envRec->asDeclarativeEnvironmentRecord()->isFunctionEnvironmentRecord()", file=0x555555b416d8 "src/runtime/ExecutionState.cpp", line=169,
    function=<optimized out>) at assert.c:92
#3  0x00007ffff7a81fd6 in __GI___assert_fail (assertion=0x555555b417a0 "envRec->isDeclarativeEnvironmentRecord() && envRec->asDeclarativeEnvironmentRecord()->isFunctionEnvironmentRecord()",
    file=0x555555b416d8 "src/runtime/ExecutionState.cpp", line=169, function=0x555555b41760 "Escargot::Object* Escargot::ExecutionState::getNewTarget()") at assert.c:101
#4  0x00005555558e532a in Escargot::ExecutionState::getNewTarget (this=0x7fffffffc7f0) at src/runtime/ExecutionState.cpp:169
#5  0x000055555572ccda in Escargot::InterpreterSlowPath::metaPropertyOperation (state=..., code=0x555555d14888, byteCodeBlock=0xc1d30, registerFile=0x7fffffffc830) at src/interpreter/ByteCodeInterpreter.cpp:4292
#6  0x000055555571de08 in Escargot::Interpreter::interpret (state=0x7fffffffc7f0, byteCodeBlock=0xc1d30, programCounter=93825000360072, registerFile=0x7fffffffc830) at src/interpreter/ByteCodeInterpreter.cpp:1397
#7  0x000055555595b820 in Escargot::FunctionObjectProcessCallGenerator::processCall<Escargot::ScriptArrowFunctionObject, false, false, false, Escargot::ScriptArrowFunctionObjectThisValueBinder, Escargot::FunctionObjectNewTargetBinder, Escargot::FunctionObjectReturnValueBinder> (state=..., self=0xbcb70, thisArgument=..., argc=0, argv=0x7fffffffd060, newTarget=0x0) at src/runtime/FunctionObjectInlines.h:219
#8  0x000055555595b12f in Escargot::ScriptArrowFunctionObject::call (this=0xbcb70, state=..., thisValue=..., argc=0, argv=0x7fffffffd060) at src/runtime/ScriptArrowFunctionObject.cpp:37
#9  0x000055555571bd71 in Escargot::Interpreter::interpret (state=0x7fffffffd020, byteCodeBlock=0xc1e40, programCounter=93825000362968, registerFile=0x7fffffffd060) at src/interpreter/ByteCodeInterpreter.cpp:751
#10 0x0000555555962fbe in Escargot::FunctionObjectProcessCallGenerator::processCall<Escargot::ScriptVirtualArrowFunctionObject, false, false, false, Escargot::ScriptVirtualArrowFunctionObjectThisValueBinder, Escargot::FunctionObjectNewTargetBinder, Escargot::FunctionObjectReturnValueBinder> (state=..., self=0xbccd0, thisArgument=..., argc=1, argv=0x7fffffffd1c0, newTarget=0x0) at src/runtime/FunctionObjectInlines.h:219
#11 0x00005555559627d0 in Escargot::ScriptVirtualArrowFunctionObject::call (this=0xbccd0, state=..., thisValue=..., homeObject=0xabe80) at src/runtime/ScriptVirtualArrowFunctionObject.cpp:46
#12 0x0000555555728992 in Escargot::InterpreterSlowPath::initializeClassOperation (state=..., code=0x555555d144a8, registerFile=0x7fffffffd950) at src/interpreter/ByteCodeInterpreter.cpp:3552
#13 0x000055555571d56d in Escargot::Interpreter::interpret (state=0x7fffffffd990, byteCodeBlock=0xc1f50, programCounter=93825000359080, registerFile=0x7fffffffd950) at src/interpreter/ByteCodeInterpreter.cpp:1200
#14 0x00005555557da97b in Escargot::Script::execute (this=0xbcee0, state=..., isExecuteOnEvalFunction=false, inStrictMode=false) at src/parser/Script.cpp:499
#15 0x0000555555643544 in Escargot::ScriptRef::execute (this=0xbcee0, state=0x7fffffffde20) at src/api/EscargotPublic.cpp:4706
#16 0x00005555559a3bc5 in <lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::operator()(Escargot::ExecutionStateRef *, Escargot::ScriptRef *) const (__closure=0x0, state=0x7fffffffde20, script=0xbcee0)
    at src/shell/Shell.cpp:781
#17 0x00005555559a3bf0 in <lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *) () at src/shell/Shell.cpp:782
#18 0x00005555559a8f66 in Escargot::EvaluatorUtil::ApplyTupleIntoArgumentsOfVariadicTemplateFunction<0ul>::apply<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&, Escargot::ExecutionStateRef*&, Escargot::ScriptRef*&> (f=@0x7fffffffdd28: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>)
    at src/api/EscargotPublic.h:521
#19 0x00005555559a8a1e in Escargot::EvaluatorUtil::ApplyTupleIntoArgumentsOfVariadicTemplateFunction<1ul>::apply<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&, Escargot::ScriptRef*&> (f=@0x7fffffffdd28: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>,
    t=std::tuple containing = {...}) at src/api/EscargotPublic.h:510
#20 0x00005555559a829a in Escargot::EvaluatorUtil::ApplyTupleIntoArgumentsOfVariadicTemplateFunction<2ul>::apply<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&> (f=@0x7fffffffdd28: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>, t=std::tuple containing = {...})
    at src/api/EscargotPublic.h:510
#21 0x00005555559a792d in Escargot::EvaluatorUtil::applyTupleIntoArgumentsOfVariadicTemplateFunction<Escargot::ValueRef* (*&)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), std::tuple<Escargot::ExecutionStateRef*, Escargot::ScriptRef*>&> (f=@0x7fffffffdd28: 0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>, t=std::tuple containing = {...}) at src/api/EscargotPublic.h:531
#22 0x00005555559a6bff in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::operator()(Escargot::ExecutionStateRef*, void*, void*) const (this=0x0, state=0x7fffffffde20, tuplePtr=0x7fffffffdfa0,
    fnPtr=0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.h:612
#23 0x00005555559a6c46 in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::_FUN(Escargot::ExecutionStateRef*, void*, void*) () at src/api/EscargotPublic.h:606
#24 0x0000555555641896 in Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::operator()(Escargot::ExecutionState &, void *) const (__closure=0x0, state=..., data=0x7fffffffdec0) at src/api/EscargotPublic.cpp:1087
#25 0x00005555556418d0 in Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::_FUN(Escargot::ExecutionState &, void *) () at src/api/EscargotPublic.cpp:1088
#26 0x0000555555958874 in Escargot::SandBox::run (this=0x7fffffffdf10, scriptRunner=0x5555556418a7 <Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::_FUN(Escargot::ExecutionState &, void *)>, data=0x7fffffffdec0)
    at src/runtime/SandBox.cpp:111
#27 0x00005555556419a0 in Escargot::Evaluator::executeFunction (ctx=0xa3af0,
    runner=0x5555559a6c15 <Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::_FUN(Escargot::ExecutionStateRef*, void*, void*)>, data=0x7fffffffdfa0,
    data2=0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.cpp:1089
#28 0x00005555559a6cd7 in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*> (p=0xa3af0,
    fn=0x5555559a3bc7 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.h:614
#29 0x00005555559a5e39 in Escargot::Evaluator::execute<Escargot::ScriptRef*, evalScript(Escargot::ContextRef*, Escargot::StringRef*, Escargot::StringRef*, bool, bool)::<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)> >(Escargot::ContextRef *, <lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)> &&) (ctx=0xa3af0, closure=...) at src/api/EscargotPublic.h:585
#30 0x00005555559a3ecd in evalScript (context=0xa3af0, source=0xabf70, srcName=0x7a390, shouldPrintScriptResult=false, isModule=false) at src/shell/Shell.cpp:783
#31 0x00005555559a52bd in main (argc=2, argv=0x7fffffffe2f8) at src/shell/Shell.cpp:1130

when executed in release mode

Output

RELEASE_ASSERT_NOT_REACHED at src/runtime/EnvironmentRecord.h (94)
Aborted

Backtrace

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7a70859 in __GI_abort () at abort.c:79
#2  0x0000555555674b24 in Escargot::EnvironmentRecord::setMutableBindingByIndex (this=<optimized out>, state=..., idx=<optimized out>, v=...) at src/runtime/EnvironmentRecord.h:94
#3  0x0000555555688af5 in Escargot::InterpreterSlowPath::metaPropertyOperation (state=..., code=0x55555598c6f0, byteCodeBlock=<optimized out>, registerFile=0x7fffffffda00) at src/interpreter/ByteCodeInterpreter.cpp:4292
#4  0x00005555556772b9 in Escargot::Interpreter::interpret (state=0x7fffffffd9c0, byteCodeBlock=0x97dc0, programCounter=93824996656880, registerFile=0x7fffffffda00) at src/interpreter/ByteCodeInterpreter.cpp:1397
#5  0x00005555557efc48 in Escargot::FunctionObjectProcessCallGenerator::processCall<Escargot::ScriptArrowFunctionObject, false, false, false, Escargot::ScriptArrowFunctionObjectThisValueBinder, Escargot::FunctionObjectNewTargetBinder, Escargot::FunctionObjectReturnValueBinder> (newTarget=0x0,
    argv=<optimized out>, argc=<optimized out>, thisArgument=..., self=0x6afc0, state=...) at src/interpreter/ByteCodeBlockData.h:103
#6  Escargot::ScriptArrowFunctionObject::call (this=0x6afc0, state=..., thisValue=..., argc=<optimized out>, argv=<optimized out>) at src/runtime/ScriptArrowFunctionObject.cpp:37
#7  0x00005555556768ba in Escargot::Interpreter::interpret (state=0x7fffffffdb70, byteCodeBlock=0x97e60, programCounter=93824996656632, registerFile=0x7fffffffdbb0) at src/runtime/ValueInlines.h:354
#8  0x00005555557f4bef in Escargot::FunctionObjectProcessCallGenerator::processCall<Escargot::ScriptVirtualArrowFunctionObject, false, false, false, Escargot::ScriptVirtualArrowFunctionObjectThisValueBinder, Escargot::FunctionObjectNewTargetBinder, Escargot::FunctionObjectReturnValueBinder> (newTarget=0x0,
    argv=0x7fffffffdc48, argc=1, thisArgument=..., self=<optimized out>, state=...) at src/interpreter/ByteCodeBlockData.h:103
#9  Escargot::ScriptVirtualArrowFunctionObject::call (this=<optimized out>, state=..., thisValue=..., homeObject=homeObject@entry=0x83f50) at src/runtime/ScriptVirtualArrowFunctionObject.cpp:46
#10 0x0000555555683d51 in Escargot::InterpreterSlowPath::initializeClassOperation (state=..., code=<optimized out>, registerFile=0x7fffffffdde0) at src/runtime/ValueInlines.h:398
#11 0x0000555555676ee2 in Escargot::Interpreter::interpret (state=0x7fffffffde20, byteCodeBlock=0x97f00, programCounter=93824996660488, registerFile=0x7fffffffdde0) at src/interpreter/ByteCodeInterpreter.cpp:1200
#12 0x00005555556e5a8c in Escargot::Script::execute (this=<optimized out>, state=..., isExecuteOnEvalFunction=isExecuteOnEvalFunction@entry=false, inStrictMode=inStrictMode@entry=false) at src/interpreter/ByteCodeBlockData.h:103
#13 0x00005555555d4336 in Escargot::ScriptRef::execute (this=<optimized out>, state=<optimized out>) at src/api/internal/ValueAdapter.h:50
#14 0x00005555555d2cb5 in Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::operator() (__closure=0x0, data=<optimized out>, state=...) at src/api/internal/ValueAdapter.h:50
#15 Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::_FUN(Escargot::ExecutionState &, void *) () at src/api/EscargotPublic.cpp:1088
#16 0x00005555557eac9c in Escargot::SandBox::run (this=this@entry=0x7fffffffe030, scriptRunner=scriptRunner@entry=0x5555555d2ca0 <Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::_FUN(Escargot::ExecutionState &, void *)>, data=data@entry=0x7fffffffdfe0) at src/runtime/SandBox.cpp:111
#17 0x00005555555d2d55 in Escargot::Evaluator::executeFunction (ctx=<optimized out>,
    runner=0x555555823f00 <Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::_FUN(Escargot::ExecutionStateRef*, void*, void*)>, data=<optimized out>, data2=0x5555558240b0 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.cpp:1084
#18 0x0000555555825d73 in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*> (fn=0x5555558240b0 <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>, p=0x63a80) at src/api/EscargotPublic.h:606
#19 Escargot::Evaluator::execute<Escargot::ScriptRef*, evalScript(Escargot::ContextRef*, Escargot::StringRef*, Escargot::StringRef*, bool, bool)::<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)> > (closure=..., ctx=0x63a80) at src/api/EscargotPublic.h:585
#20 evalScript (context=0x63a80, source=0x94f60, srcName=<optimized out>, shouldPrintScriptResult=false, isModule=<optimized out>) at src/shell/Shell.cpp:783
#21 0x00005555555d0d57 in main (argc=2, argv=0x7fffffffe338) at src/api/EscargotPublic.h:241

Expected behavior

undefined

Credits: @Ye0nny, @EJueon

Samsung / escargot

RELEASE_ASSERT_NOT_REACHED at src/runtime/EnvironmentRecord.h (94) #1317