Assertion scope_stack_p > context_p->scope_stack_p in scanner_literal_is_created

JerryScript revision

0d496966

Build platform

Linux-5.4.0-104-generic-x86_64-with-glibc2.29

Build steps

./tools/build.py --clean --debug --profile=es.next  --error-messages=ON --logging=ON

Test case

new { async [ yield ] ( ... yield ) { }}

Output

ICE: Assertion 'scope_stack_p > context_p->scope_stack_p' failed at jerryscript/jerry-core/parser/js/js-scanner-util.c(scanner_literal_is_created):2920.
Error: JERRY_FATAL_FAILED_ASSERTION
AddressSanitizer:DEADLYSIGNAL
=================================================================
==698757==ERROR: AddressSanitizer: ABRT on unknown address 0x03e9000aa985 (pc 0x7fe4192d503b bp 0x7ffe32c02ff0 sp 0x7ffe32c02d80 T0)
    #0 0x7fe4192d503b in raise /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x7fe4192b4858 in abort /build/glibc-sMfBJT/glibc-2.31/stdlib/abort.c:79:7
    #2 0x806f07 in jerry_port_fatal jerryscript/jerry-port/common/jerry-port-process.c:29:5
    #3 0x6281ca in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63:3
    #4 0x627f7a in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:83:3
    #5 0x670b4c in scanner_literal_is_created jerryscript/jerry-core/parser/js/js-scanner-util.c:2920:5
    #6 0x63cf16 in parser_parse_function_arguments jerryscript/jerry-core/parser/js/js-parser.c:1824:13
    #7 0x638a5c in parser_parse_function jerryscript/jerry-core/parser/js/js-parser.c:2685:3
    #8 0x799476 in lexer_construct_function_object jerryscript/jerry-core/parser/js/js-lexer.c:2695:23
    #9 0x7c5bee in parser_parse_object_literal jerryscript/jerry-core/parser/js/js-parser-expr.c:1405:43
    #10 0x7b3107 in parser_parse_unary_expression jerryscript/jerry-core/parser/js/js-parser-expr.c:2133:7
    #11 0x7a6d30 in parser_parse_expression jerryscript/jerry-core/parser/js/js-parser-expr.c:4115:9
    #12 0x7aee42 in parser_parse_block_expression jerryscript/jerry-core/parser/js/js-parser-expr.c:4065:3
    #13 0x7da34d in parser_parse_statements jerryscript/jerry-core/parser/js/js-parser-statm.c:3079:11
    #14 0x650243 in parser_parse_source jerryscript/jerry-core/parser/js/js-parser.c:2280:5
    #15 0x64bcca in parser_parse_script jerryscript/jerry-core/parser/js/js-parser.c:3326:38
    #16 0x4cd866 in jerry_parse_common jerryscript/jerry-core/api/jerryscript.c:412:21
    #17 0x4cd103 in jerry_parse jerryscript/jerry-core/api/jerryscript.c:480:10
    #18 0x805137 in jerryx_source_parse_script jerryscript/jerry-ext/util/sources.c:52:26
    #19 0x80526e in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:63:26
    #20 0x4c4cb6 in main jerryscript/jerry-main/main-desktop.c:156:20
    #21 0x7fe4192b60b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #22 0x41c53d in _start (jerryscript/build/bin/jerry+0x41c53d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1 in raise
==698757==ABORTING

Backtrace

bt
#0  [33m__GI_raise[m ([36msig=sig@entry[m=6) at [32m../sysdeps/unix/sysv/linux/raise.c[m:50
#1  [34m0x00007ffff7c33859[m in [33m__GI_abort[m () at [32mabort.c[m:79
#2  [34m0x0000000000806f08[m in [33mjerry_port_fatal[m ([36mcode[m=JERRY_FATAL_FAILED_ASSERTION) at [32mjerryscript/jerry-port/common/jerry-port-process.c[m:29
#3  [34m0x00000000006281cb[m in [33mjerry_fatal[m ([36mcode[m=JERRY_FATAL_FAILED_ASSERTION) at [32mjerryscript/jerry-core/jrt/jrt-fatals.c[m:63
#4  [34m0x0000000000627f7b[m in [33mjerry_assert_fail[m ([36massertion[m=0x863b80 <str> "scope_stack_p > context_p->scope_stack_p", [36mfile[m=0x861a20 <str> "jerryscript/jerry-core/parser/js/js-scanner-util.c", [36mfunction[m=0x863cc0 <__func__.scanner_literal_is_created> "scanner_literal_is_created", [36mline[m=2920) at [32mjerryscript/jerry-core/jrt/jrt-fatals.c[m:83
#5  [34m0x0000000000670b4d[m in [33mscanner_literal_is_created[m ([36mcontext_p[m=0x7fffffffcd20, [36mliteral_index[m=0) at [32mjerryscript/jerry-core/parser/js/js-scanner-util.c[m:2920
#6  [34m0x000000000063cf17[m in [33mparser_parse_function_arguments[m ([36mcontext_p[m=0x7fffffffcd20, [36mend_type[m=LEXER_RIGHT_PAREN) at [32mjerryscript/jerry-core/parser/js/js-parser.c[m:1824
#7  [34m0x0000000000638a5d[m in [33mparser_parse_function[m ([36mcontext_p[m=0x7fffffffcd20, [36mstatus_flags[m=98310) at [32mjerryscript/jerry-core/parser/js/js-parser.c[m:2685
#8  [34m0x0000000000799477[m in [33mlexer_construct_function_object[m ([36mcontext_p[m=0x7fffffffcd20, [36mextra_status_flags[m=98310) at [32mjerryscript/jerry-core/parser/js/js-lexer.c[m:2695
#9  [34m0x00000000007c5bef[m in [33mparser_parse_object_literal[m ([36mcontext_p[m=0x7fffffffcd20) at [32mjerryscript/jerry-core/parser/js/js-parser-expr.c[m:1405
#10 [34m0x00000000007b3108[m in [33mparser_parse_unary_expression[m ([36mcontext_p[m=0x7fffffffcd20, [36mgrouping_level_p[m=0x7fffffffb3c0) at [32mjerryscript/jerry-core/parser/js/js-parser-expr.c[m:2133
#11 [34m0x00000000007a6d31[m in [33mparser_parse_expression[m ([36mcontext_p[m=0x7fffffffcd20, [36moptions[m=2) at [32mjerryscript/jerry-core/parser/js/js-parser-expr.c[m:4115
#12 [34m0x00000000007aee43[m in [33mparser_parse_block_expression[m ([36mcontext_p[m=0x7fffffffcd20, [36moptions[m=0) at [32mjerryscript/jerry-core/parser/js/js-parser-expr.c[m:4065
#13 [34m0x00000000007da34e[m in [33mparser_parse_statements[m ([36mcontext_p[m=0x7fffffffcd20) at [32mjerryscript/jerry-core/parser/js/js-parser-statm.c[m:3079
#14 [34m0x0000000000650244[m in [33mparser_parse_source[m ([36msource_p[m=0x7fffffffd3a0, [36mparse_opts[m=0, [36moptions_p[m=0x7fffffffd4d0) at [32mjerryscript/jerry-core/parser/js/js-parser.c[m:2280
#15 [34m0x000000000064bccb[m in [33mparser_parse_script[m ([36msource_p[m=0x7fffffffd3a0, [36mparse_opts[m=0, [36moptions_p[m=0x7fffffffd4d0) at [32mjerryscript/jerry-core/parser/js/js-parser.c[m:3326
#16 [34m0x00000000004cd867[m in [33mjerry_parse_common[m ([36msource_p[m=0x7fffffffd3a0, [36moptions_p[m=0x7fffffffd4d0, [36mparse_opts[m=0) at [32mjerryscript/jerry-core/api/jerryscript.c[m:412
#17 [34m0x00000000004cd104[m in [33mjerry_parse[m ([36msource_p[m=0x60f000000040 "new { async [ yield     ]  ( ... yield       ) { { }     }    , [ let    ?? yield       ]  ( ... { }    + class { }        ) { try { }  finally { }       }    }", ' ' <repeats 13 times>, [36msource_size[m=173, [36moptions_p[m=0x7fffffffd4d0) at [32mjerryscript/jerry-core/api/jerryscript.c[m:480
#18 [34m0x0000000000805138[m in [33mjerryx_source_parse_script[m ([36mpath_p[m=0x7fffffffde38 "/run/user/1001/fuzzinator/697673/698753-FileWriterDecorator-3723f093c7934ab69135d6408fa0ee48/0.js") at [32mjerryscript/jerry-ext/util/sources.c[m:52
#19 [34m0x000000000080526f[m in [33mjerryx_source_exec_script[m ([36mpath_p[m=0x7fffffffde38 "/run/user/1001/fuzzinator/697673/698753-FileWriterDecorator-3723f093c7934ab69135d6408fa0ee48/0.js") at [32mjerryscript/jerry-ext/util/sources.c[m:63
#20 [34m0x00000000004c4cb7[m in [33mmain[m ([36margc[m=2, [36margv[m=0x7fffffffdb08) at [32mjerryscript/jerry-main/main-desktop.c[m:156

^{Found by Fuzzinator with grammarinator.}

jerryscript-project / jerryscript

Assertion scope_stack_p > context_p->scope_stack_p in scanner_literal_is_created #5005

JerryScript revision

Build platform

Build steps

Test case

Output

Backtrace