search

chakra-core / ChakraCore

ChakraCore is an open source Javascript engine with a C API.
MIT License
9.1k stars 1.19k forks source link

ASSERTION 31891: (/home/yongheng/ChakraCore/lib/Backend/FlowGraph.cpp, line 2090) this->func->IsLoopBodyInTry() Failure: (this->func->IsLoopBodyInTry()) #6473

Open Changochen opened 4 years ago

Changochen commented 4 years ago

POC:

function a() {
  for (; 0;)
    switch (b) {
    case c:
      try {
        try {
          for (;;)
            try {
            } finally {
              switch (2) {
              case d:
                try {
                } catch {
                  break
                }
              default:
                c
              }
            }
        } catch {
        }
      } catch {
      }
    }
}
for (;;)
a()

ch version: ch version 1.12.0.0-beta, git hash 33db8efd9f02cd528a7305391d7d10765a2e85f3

In release build, it triggers a segmentation fault. Stack dump:

#0  0x00007ffff34eec32 in FlowGraph::Build() () from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#1  0x00007ffff3508871 in Func::TryCodegen() () from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#2  0x00007ffff3508360 in Func::Codegen(Memory::JitArenaAllocator*, JITTimeWorkItem*, ThreadContextInfo*, ScriptContextInfo*, JITOutputIDL*, Js::EntryPointInfo*, FunctionJITRuntimeInfo const*, JITTimePolymorphicInlineCacheInfo*, void*, Js::ScriptContextProfiler*, bool) () from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#3  0x00007ffff36ce5d4 in NativeCodeGenerator::CodeGen(Memory::PageAllocatorBase<Memory::VirtualAllocWrapper, Memory::SegmentBase<Memory::VirtualAllocWrapper>, Memory::PageSegmentBase<Memory::VirtualAllocWrapper> >*, CodeGenWorkItemIDL*, JITOutputIDL&, bool, Js::EntryPointInfo*) () from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#4  0x00007ffff36cebf0 in NativeCodeGenerator::CodeGen(Memory::PageAllocatorBase<Memory::VirtualAllocWrapper, Memory::SegmentBase<Memory::VirtualAllocWrapper>, Memory::PageSegmentBase<Memory::VirtualAllocWrapper> >*, CodeGenWorkItem*, bool) () from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#5  0x00007ffff36cfbfc in NativeCodeGenerator::Process(JsUtil::Job*, JsUtil::ParallelThreadData*) ()
   from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#6  0x00007ffff371e46e in JsUtil::BackgroundJobProcessor::Process(JsUtil::Job*, JsUtil::ParallelThreadData*) ()
   from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#7  0x00007ffff371e81e in JsUtil::BackgroundJobProcessor::Run(JsUtil::ParallelThreadData*) ()
   from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#8  0x00007ffff371d189 in JsUtil::BackgroundJobProcessor::StaticThreadProc(void*) ()
   from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#9  0x00007ffff340ba5f in CorUnix::CPalThread::ThreadEntry(void*) ()
   from /home/yongheng/ChakraCore/out/Release/libChakraCore.so
#10 0x00007ffff73646db in start_thread (arg=0x7ff7f26e0700) at pthread_create.c:463
#11 0x00007ffff654a88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
ppenzin commented 4 years ago

Thank you for the report! This looks like something we need to investigate.