search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.92k stars 669 forks source link

Assertion 'compressed_pointer != JMEM_CP_NULL' in jmem_decompress_pointer #1997

Closed renatahodovan closed 7 years ago

renatahodovan commented 7 years ago
Jerry version:
Checked revision: 7905422
Build command: ./tools/build.py --clean --debug --profile=es2015-subset
OS:
Ubuntu 16.04.3 LTS
Test case:
var a = Promise.resolve();
for (;;)
    Promise.race([a]).then()
$
Backtrace:
ICE: Assertion 'compressed_pointer != JMEM_CP_NULL' failed at jerryscript/jerry-core/jmem/jmem-allocator.c(jmem_decompress_pointer):96.
Error: ERR_FAILED_INTERNAL_ASSERTION
bt
#0  0x000000000047971f in syscall_2 () at jerryscript/jerry-libc/target/posix/jerry-asm.S:59
#1  0x000000000040489e in raise (sig=6) at jerryscript/jerry-libc/target/posix/jerry-libc-target.c:95
#2  0x0000000000404870 in abort () at jerryscript/jerry-libc/target/posix/jerry-libc-target.c:81
#3  0x0000000000406dc4 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#4  0x000000000042aa80 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5  0x000000000042aad0 in jerry_assert_fail (assertion=0x480c18 "compressed_pointer != JMEM_CP_NULL", file=0x480b38 "jerryscript/jerry-core/jmem/jmem-allocator.c", function=0x494750 <__func__.3185.lto_priv.290> "jmem_decompress_pointer", line=96) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6  0x000000000042a8ce in jmem_decompress_pointer (compressed_pointer=0) at jerryscript/jerry-core/jmem/jmem-allocator.c:96
#7  0x00000000004728d0 in ecma_collection_iterator_next (iterator_p=0x7fffffffc890) at jerryscript/jerry-core/ecma/base/ecma-helpers-values-collection.c:332
#8  0x0000000000473327 in ecma_gc_mark (object_p=0x6a4b00 <jerry_global_heap+6160>) at jerryscript/jerry-core/ecma/base/ecma-gc.c:282
#9  0x0000000000474187 in ecma_gc_run (severity=JMEM_FREE_UNUSED_MEMORY_SEVERITY_LOW) at jerryscript/jerry-core/ecma/base/ecma-gc.c:753
#10 0x0000000000474368 in ecma_free_unused_memory (severity=JMEM_FREE_UNUSED_MEMORY_SEVERITY_LOW) at jerryscript/jerry-core/ecma/base/ecma-gc.c:849
#11 0x000000000042aa04 in jmem_run_free_unused_memory_callbacks (severity=JMEM_FREE_UNUSED_MEMORY_SEVERITY_LOW) at jerryscript/jerry-core/jmem/jmem-allocator.c:148
#12 0x0000000000431582 in jmem_heap_gc_and_alloc_block.lto_priv.296 (size=8, ret_null_on_error=false) at jerryscript/jerry-core/jmem/jmem-heap.c:359
#13 0x000000000042a2e6 in jmem_heap_alloc_block (size=8) at jerryscript/jerry-core/jmem/jmem-heap.c:408
#14 0x000000000042a695 in jmem_pools_alloc (size=8) at jerryscript/jerry-core/jmem/jmem-poolman.c:102
#15 0x0000000000472b53 in ecma_alloc_collection_chunk () at jerryscript/jerry-core/ecma/base/ecma-alloc.c:85
#16 0x000000000047239c in ecma_append_to_values_collection (header_p=0x6a4b28 <jerry_global_heap+6200>, v=8123, do_ref_if_object=false) at jerryscript/jerry-core/ecma/base/ecma-helpers-values-collection.c:168
#17 0x0000000000437765 in ecma_promise_do_then (promise=6163, on_fulfilled=7891, on_rejected=7907, result_capability=6371) at jerryscript/jerry-core/ecma/operations/ecma-promise-object.c:700
#18 0x0000000000437943 in ecma_promise_then (promise=6163, on_fulfilled=7891, on_rejected=7907) at jerryscript/jerry-core/ecma/operations/ecma-promise-object.c:765
#19 0x0000000000445375 in ecma_builtin_promise_prototype_then (this_arg=6163, on_fulfilled=7891, on_rejected=7907) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-promise-prototype.c:51
#20 0x000000000044530f in ecma_builtin_promise_prototype_dispatch_routine (builtin_routine_id=58, this_arg_value=6163, arguments_list=0x7fffffffce5c, arguments_number=2) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-promise-prototype.inc.h:31
#21 0x000000000046019c in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_PROMISE_PROTOTYPE, builtin_routine_id=58, this_arg_value=6163, arguments_list=0x7fffffffce5c, arguments_number=2) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.inc.h:467
#22 0x0000000000460334 in ecma_builtin_dispatch_call (obj_p=0x6a3d78 <jerry_global_heap+2696>, this_arg_value=6163, arguments_list_p=0x7fffffffce5c, arguments_list_len=2) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:844
#23 0x000000000043c2ac in ecma_op_function_call (func_obj_p=0x6a3d78 <jerry_global_heap+2696>, this_arg_value=6163, arguments_list_p=0x7fffffffce5c, arguments_list_len=2) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:419
#24 0x00000000004203ef in opfunc_call.lto_priv.142 (frame_ctx_p=0x7fffffffcea0) at jerryscript/jerry-core/vm/vm.c:408
#25 0x000000000041286e in vm_execute (frame_ctx_p=0x7fffffffcea0, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2743
#26 0x0000000000412aef in vm_run (bytecode_header_p=0x6a3890 <jerry_global_heap+1440>, this_binding_value=27, lex_env_p=0x6a3320 <jerry_global_heap+48>, is_eval_code=false, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2823
#27 0x000000000042005f in vm_run_global (bytecode_p=0x6a3890 <jerry_global_heap+1440>) at jerryscript/jerry-core/vm/vm.c:231
#28 0x0000000000477214 in jerry_run (func_val=259) at jerryscript/jerry-core/api/jerry.c:444
#29 0x0000000000476119 in main (argc=3, argv=0x7fffffffd188) at jerryscript/jerry-main/main-unix.c:707

Found by Fuzzinator

jiangzidong commented 7 years ago

fixed in #2000.