Generator ScriptFunctions should only be invoked by generator APIs with the pair of arguments they pass in

anbu1024 commented 7 months ago

ChakraCore version: commit c3ead3f

Build cmd:

./build.sh --debug --static

Test case:

function opt(){
    async function foo(a) {
        for (let i = 3705358555; i < foo; i = i + 3705358555) {
            const v7 = await a;
        }
        function bar() {
            'use strict';
            const x = [5.0];
            const y = new Int32Array();
            y[x] = 5.0;
        }
        const z = bar();
    }
    const zz = foo();
    return zz;
}

for(let i=0; i<1024; i++){
    opt();
}

Execute

./ch ./test.js

Error msg:

ASSERTION 2776368: (ChakraCore/lib/Backend/BailOut.cpp, line 1536) Generator ScriptFunctions should only be invoked by generator APIs with the pair of arguments they pass in -- the generator object and a resume yield object
 Failure: (args.Info.Count == 2)
Illegal instruction

pseudoSOURABH commented 2 months ago

i would like to work on this issue?

ppenzin commented 2 months ago

Please go ahead, let me know if you need help.

rhuanjl commented 2 months ago

This bug is yet another generator jit issue - doesn't look like a repeat of the bug that led me to give up on having it ready for our next release.

I think some aspects of the whole approach to generator jit need re-working; I wonder if we should switch it off by default in master?

chakra-core / ChakraCore

Generator ScriptFunctions should only be invoked by generator APIs with the pair of arguments they pass in #6960