samsung / escargot Goto Github PK

View Code? Open in Web Editor NEW

235.0 13.0 39.0 62.28 MB

Escargot is a memory optimized JavaScript engine for mid-range devices such as mobile phone, tablet and TV.

License: GNU Lesser General Public License v2.1

JavaScript 2.09% CMake 0.44% Shell 0.22% C++ 91.40% Python 3.69% C 0.09% Batchfile 0.03% Java 2.04%

javascript-engine

escargot's Introduction

Escargot

Prerequisites

On Ubuntu Linux

General build prerequisites:

sudo apt-get install autoconf automake cmake libtool libicu-dev ninja-build

Prerequisites for x86-64-to-x86 compilation:

sudo apt-get install gcc-multilib g++-multilib
sudo apt-get install libicu-dev:i386

On macOS

brew install autoconf automake cmake icu4c libtool ninja pkg-config

Build Escargot

git clone https://github.com/Samsung/escargot.git
cd escargot
git submodule update --init third_party
cmake -DESCARGOT_MODE=release -DESCARGOT_OUTPUT=shell -GNinja
ninja

Build Android version

git clone https://github.com/Samsung/escargot.git
cd escargot
git submodule update --init third_party
export ANDROID_SDK_ROOT=.... # set your android SDK root first
cd build/android/
./gradlew bundleReleaseAar # build escargot AAR
./gradlew assembleDebug # build debug test shell
./gradlew :escargot:connectedDebugAndroidTest # run escargot-jni tests on android device
./gradlew :escargot:testDebugUnitTest # run escargot-jni tests on host
./gradlew bundleHostJar # bundle jar for host

Build Windows version

Install VS2022 with cmake and ninja. Open [ x86 Native Tools Command Prompt for VS 2022 | x64 Native Tools Command Prompt for VS 2022 ]

git clone https://github.com/Samsung/escargot.git
cd escargot
git submodule update --init third_party

CMake -G "Visual Studio 17 2022" -DCMAKE_SYSTEM_NAME=[ Windows | WindowsStore ] -DCMAKE_SYSTEM_VERSION:STRING="10.0"  -DCMAKE_SYSTEM_PROCESSOR=[ x86 | x64 ] -DCMAKE_GENERATOR_PLATFORM=[ Win32 | x64 ],version=10.0.18362.0 -DESCARGOT_ARCH=[ x86 | x64 ] -DESCARGOT_MODE=release -Bout -DESCARGOT_HOST=windows -DESCARGOT_OUTPUT=shell -DESCARGOT_LIBICU_SUPPORT=ON -DESCARGOT_LIBICU_SUPPORT_WITH_DLOPEN=OFF -DESCARGOT_THREADING=ON
cd out
msbuild ESCARGOT.sln /property:Configuration=Release /p:platform=[ Win32 | x64 ]

Build options

The following build options are supported when generating ninja rules using cmake.

-DESCARGOT_HOST=[ linux | tizen_obs | darwin | android | windows ]
Compile Escargot for Linux, Tizen, macOS, or Windows platform
-DESCARGOT_ARCH=[ x64 | x86 | arm | i686 | aarch64 ]
Compile Escargot for each architecture
-DESCARGOT_MODE=[ debug | release ]
Compile Escargot for either release or debug mode
-DESCARGOT_OUTPUT=[ shared_lib | static_lib | shell | cctest ]
Define target output type
-DESCARGOT_LIBICU_SUPPORT=[ ON | OFF ]
Enable libicu library if set ON. (Optional, default = ON)
-DESCARGOT_THREADING=[ ON | OFF ]
Enable Threading support. (Optional, default = OFF)
-DESCARGOT_CODE_CACHE=[ ON | OFF ]
Enable Code cache support. (Optional, default = OFF)
-DESCARGOT_WASM=[ ON | OFF ]
Enable WASM support. (Optional, default = OFF)
-DESCARGOT_SMALL_CONFIG=[ ON | OFF ]
Enable Options for small devices. (Optional, default = OFF)

Testing

First, get benchmarks and tests:

git submodule update --init

Benchmarks

Test run for each benchmark (Sunspider, Octane, V8, Chakracore, test262, SpiderMonkey, etc.):

tools/run-tests.py --arch=x86_64 spidermonkey test262 v8

escargot's People

Contributors

Stargazers

Watchers

escargot's Issues

Segmentation fault in Escargot::Node::isIdentifier

Escargot version:

Checked revision: bfb1b7d
Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-45-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

Function("func`foo`");

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x0000555555628016 in Escargot::Node::isIdentifier (this=0x0) at ../src/parser/ast/Node.h:197
197	        return type() == ASTNodeType::Identifier;
(gdb) bt
#0  0x0000555555628016 in Escargot::Node::isIdentifier (this=0x0) at ../src/parser/ast/Node.h:197
#1  0x00005555556814c0 in Escargot::esprima::Parser::finalize<Escargot::CallExpressionNode> (this=0x7fffffff89c0, meta=..., 
    node=0x7ffff45f4d70) at ../src/parser/esprima_cpp/esprima.cpp:608
#2  0x0000555555653da5 in Escargot::esprima::Parser::convertTaggedTempleateExpressionToCallExpression (this=0x7fffffff89c0, 
    node=..., taggedTemplateExpression=...) at ../src/parser/esprima_cpp/esprima.cpp:2772
#3  0x00005555556527a5 in Escargot::esprima::Parser::scanLeftHandSideExpressionAllowCall (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:2620
#4  0x000055555567db4a in Escargot::esprima::Parser::scanInheritCoverGrammar<std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)()> (this=0x7fffffff89c0, 
    parseFunction=(std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555652204 <Escargot::esprima::Parser::scanLeftHandSideExpressionAllowCall()>)
    at ../src/parser/esprima_cpp/esprima.cpp:864
#5  0x0000555555654c88 in Escargot::esprima::Parser::scanUpdateExpression (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:2863
#6  0x0000555555656506 in Escargot::esprima::Parser::scanUnaryExpression (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:3064
#7  0x000055555567db4a in Escargot::esprima::Parser::scanInheritCoverGrammar<std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)()> (this=0x7fffffff89c0, 
    parseFunction=(std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555655c76 <Escargot::esprima::Parser::scanUnaryExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:864
#8  0x0000555555656680 in Escargot::esprima::Parser::scanExponentiationExpression (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:3087
#9  0x000055555567db4a in Escargot::esprima::Parser::scanInheritCoverGrammar<std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)()> (this=0x7fffffff89c0, 
    parseFunction=(std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555656642 <Escargot::esprima::Parser::scanExponentiationExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:864
#10 0x0000555555657458 in Escargot::esprima::Parser::scanBinaryExpressions (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:3259
#11 0x000055555567db4a in Escargot::esprima::Parser::scanInheritCoverGrammar<std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)()> (this=0x7fffffff89c0, 
    parseFunction=(std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555657402 <Escargot::esprima::Parser::scanBinaryExpressions()>) at ../src/parser/esprima_cpp/esprima.cpp:864
#12 0x0000555555658902 in Escargot::esprima::Parser::scanConditionalExpression (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:3507
#13 0x000055555565a65d in Escargot::esprima::Parser::scanAssignmentExpression (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:3781
#14 0x000055555567faae in Escargot::esprima::Parser::scanIsolateCoverGrammar<std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)()> (this=0x7fffffff89c0, 
    parseFunction=(std::pair<Escargot::ASTNodeType, Escargot::AtomicString> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x55555565a51e <Escargot::esprima::Parser::scanAssignmentExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:772
#15 0x000055555565b8d4 in Escargot::esprima::Parser::scanExpression (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:3949
#16 0x0000555555662b7f in Escargot::esprima::Parser::scanLabelledStatement (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:5311
#17 0x00005555556652ba in Escargot::esprima::Parser::scanStatement (this=0x7fffffff89c0, allowFunctionDeclaration=true)
    at ../src/parser/esprima_cpp/esprima.cpp:5649
#18 0x000055555565bc5a in Escargot::esprima::Parser::scanStatementListItem (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:4037
#19 0x00005555556662c4 in Escargot::esprima::Parser::parseFunctionSourceElements (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:5825
#20 0x0000555555666ce6 in Escargot::esprima::Parser::parseFunctionDeclaration (this=0x7fffffff89c0, identifierIsOptional=false)
    at ../src/parser/esprima_cpp/esprima.cpp:5907
#21 0x000055555565ba70 in Escargot::esprima::Parser::parseStatementListItem (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:3976
#22 0x0000555555668f39 in Escargot::esprima::Parser::parseProgram (this=0x7fffffff89c0)
    at ../src/parser/esprima_cpp/esprima.cpp:6356
#23 0x000055555566927f in Escargot::esprima::parseProgram (ctx=0x7ffff4663ed0, source=..., strictFromOutside=false, 
    stackRemain=18446744073709551615) at ../src/parser/esprima_cpp/esprima.cpp:6608
#24 0x0000555555624341 in Escargot::ScriptParser::parse (this=0x7fffffffc6b8, scriptSource=..., fileName=0x7ffff45f26b0, 
    parentCodeBlock=0x0, strictFromOutside=false, isEvalCodeInFunction=false, stackSizeRemain=18446744073709551615)
    at ../src/parser/ScriptParser.cpp:188
#25 0x00005555555c74b8 in Escargot::ScriptParser::parse (this=0x7fffffffc6b8, script=0x7ffff45f2610, fileName=0x7ffff45f26b0, 
    strictFromOutside=false, isEvalCodeInFunction=false, stackSizeRemain=18446744073709551615) at ../src/parser/ScriptParser.h:63
#26 0x00005555556ee4c0 in Escargot::builtinFunctionConstructor (state=..., thisValue=..., argc=1, argv=0x7fffffffd690, 
    isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinFunction.cpp:105
#27 0x00005555556c03ba in Escargot::FunctionObject::processCall (this=0x7ffff4662960, state=..., receiverSrc=..., 
    argc=@0x7fffffffd620: 1, argv=0x7fffffffd690, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:332
#28 0x00005555555f17a0 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd620: 1, 
    argv=0x7fffffffd690) at ../src/runtime/FunctionObject.h:105
#29 0x00005555555f4821 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff46723d0, 
    programCounter=93824998868416, registerFile=0x7fffffffd680, initAddressFiller=0x7fffffffd6f8)
    at ../src/interpreter/ByteCodeInterpreter.cpp:513
#30 0x0000555555621911 in Escargot::Script::execute (this=0x7ffff45eb4f0, state=..., isEvalMode=false, needNewEnv=false, 
    isOnGlobal=true) at ../src/parser/Script.cpp:80
#31 0x0000555555621a63 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffda10)
    at ../src/parser/Script.cpp:93
#32 0x0000555555622a7a in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#33 0x00005555557a4a9c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffda10)
    at /usr/include/c++/7/bits/std_function.h:706
#34 0x00005555557a3581 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd980, scriptRunner=...)
    at ../src/runtime/SandBox.cpp:36
#35 0x0000555555621b40 in Escargot::Script::sandboxExecute (this=0x7ffff45eb4f0, state=...) at ../src/parser/Script.cpp:94
#36 0x00005555557c1abd in eval (context=0x7ffff4663ed0, str=0x7ffff45f2a70, fileName=0x7ffff45f29d0, shouldPrintScriptResult=false)
    at ../src/shell/Shell.cpp:46
#37 0x00005555557c240c in main (argc=2, argv=0x7fffffffdd38) at ../src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Difference to jerryscript - or: what is escargot?

What are the differences between escargot and jerryscript?
What is escargot exactly?

What's the difference between Jerryscript and Escargot?

I came across escargot and found its code is very neat and follows the ECMA262 v6 strictly.

My questions is:
What's the difference between escargot and Jerryscript?

Thanks!

String.prototype.match() does not properly change `lastIndex`.

var global = /./g;
global.lastIndex = { valueOf: function() { assert(false); } };
assert("X", "x".replace(global, function(a) { return "X"; }));
assert(0 == global.lastIndex);

The above assertions fail, due to valueOf: function() { assert(false); } being called, since lastIndex is not properly modified.

Follow up submodule updates #121

Assertion `isArrayObject()' failed in Escargot::PointerValue::asArrayObject

Escargot version:

Checked revision: 958b293

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

var a = [ ]
a.constructor = {
  [Symbol.species]: function (...args) {
    var p = new Proxy(Array(...args), { })
    return p
  }
}

a.concat()

Backtrace:

escargot: ../src/runtime/PointerValue.h:248: Escargot::ArrayObject* Escargot::PointerValue::asArrayObject(): Assertion `isArrayObject()' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555582d634 "isArrayObject()", file=file@entry=0x55555582d5f5 "../src/runtime/PointerValue.h", line=line@entry=248, function=function@entry=0x55555582e2e0 <Escargot::PointerValue::asArrayObject()::__PRETTY_FUNCTION__> "Escargot::ArrayObject* Escargot::PointerValue::asArrayObject()") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x55555582d634 "isArrayObject()", file=0x55555582d5f5 "../src/runtime/PointerValue.h", line=248, function=0x55555582e2e0 <Escargot::PointerValue::asArrayObject()::__PRETTY_FUNCTION__> "Escargot::ArrayObject* Escargot::PointerValue::asArrayObject()") at assert.c:101
#4  0x00005555555c5e9c in Escargot::PointerValue::asArrayObject (this=0x7ffff461d750) at ../src/runtime/PointerValue.h:248
#5  0x00005555556dda12 in Escargot::builtinArrayConcat (state=..., thisValue=..., argc=0, argv=0x7fffffffcbd0, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinArray.cpp:600
#6  0x00005555556cd6f2 in Escargot::FunctionObject::processCall (this=0x7ffff464c6a0, state=..., receiverSrc=..., argc=0, argv=0x7fffffffcbd0, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:357
#7  0x00005555555f50dc in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=0, argv=0x7fffffffd5f0, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#8  0x00005555555f82f6 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bcd0, programCounter=93824999022712, registerFile=0x7fffffffd5d0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:540
#9  0x0000555555625d97 in Escargot::Script::execute (this=0x7ffff462c3d0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#10 0x0000555555625ee9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd990) at ../src/parser/Script.cpp:92
#11 0x0000555555626ef2 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#12 0x00005555557bf72c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd990) at /usr/include/c++/7/bits/std_function.h:706
#13 0x00005555557be2df in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd900, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#14 0x0000555555625fc6 in Escargot::Script::sandboxExecute (this=0x7ffff462c3d0, state=...) at ../src/parser/Script.cpp:93
#15 0x00005555557dbd0c in eval (context=0x7ffff7e5bed0, str=0x7ffff46297f0, fileName=0x7ffff46296b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#16 0x00005555557dc631 in main (argc=2, argv=0x7fffffffdcb8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator.}

RELEASE_ASSERT_NOT_REACHED in Escargot::Node::generateStatementByteCode

Escargot version:

Checked revision: 8f6925a

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -Cout

OS:

Linux-4.15.0-38-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

for ( /৉/ ; ; ) { 
}

Backtrace:

RELEASE_ASSERT_NOT_REACHED at ../src/parser/ast/Node.h (251)

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x0000555555615e16 in Escargot::Node::generateStatementByteCode (this=0x7ffff7e3ced0, codeBlock=0x7ffff487a730, context=0x7fffffffd260) at ../src/parser/ast/Node.h:251
#3  0x000055555562f61c in Escargot::ForStatementNode::generateStatementByteCode (this=0x7ffff47eef70, codeBlock=0x7ffff487a730, context=0x7fffffffd820) at escargot//src/parser/ast/ForStatementNode.h:52
#4  0x000055555561f32c in Escargot::StatementContainer::generateStatementByteCode (this=0x555555bac590, codeBlock=0x7ffff487a730, context=0x7fffffffd820) at escargot//src/parser/ast/StatementNode.h:75
#5  0x0000555555632079 in Escargot::ProgramNode::generateStatementByteCode (this=0x7ffff47eff90, codeBlock=0x7ffff487a730, context=0x7fffffffd820) at escargot//src/parser/ast/ProgramNode.h:48
#6  0x00005555555e1715 in Escargot::ByteCodeGenerator::generateByteCode (this=0x7fffffffda77, c=0x7ffff486bed0, codeBlock=0x7ffff47f0ed0, ast=0x7ffff47eff90, scopeCtx=0x7ffff487a850, isEvalMode=false, isOnGlobal=true, shouldGenerateLOCData=false) at ../src/interpreter/ByteCodeGenerator.cpp:188
#7  0x00005555556118f5 in Escargot::Script::execute (this=0x7ffff47e42b0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:46
#8  0x0000555555611e33 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd90) at ../src/parser/Script.cpp:93
#9  0x0000555555612ed6 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#10 0x00005555557a43e4 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd90) at /usr/include/c++/7/bits/std_function.h:706
#11 0x00005555557a2f29 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdd00, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#12 0x0000555555611f10 in Escargot::Script::sandboxExecute (this=0x7ffff47e42b0, state=...) at ../src/parser/Script.cpp:94
#13 0x00005555557c12f9 in eval (context=0x7ffff486bed0, str=0x7ffff47e9750, fileName=0x7ffff47e96b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:46
#14 0x00005555557c1c48 in main (argc=2, argv=0x7fffffffe0b8) at ../src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Segmentation fault in Escargot::ByteCodeInterpreter::interpret

Escargot version:

Checked revision: 958b293

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

function test () {
  var $ = class $ { }
}

test()

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00005555555fa0f8 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bbb0, 
    programCounter=93824999008096, registerFile=0x7fffffffcc80, initAddressFiller=0x0)
    at ../src/interpreter/ByteCodeInterpreter.cpp:911
911	                registerFile[code->m_registerIndex] = new FunctionObject(state, NativeFunctionInfo(::Escargot::AtomicString::fromPayload(String::emptyString), implicitClassConstructor, 1, implicitClassConstructorCtor, NativeFunctionInfo::Flags::Strict | NativeFunctionInfo::Flags::Constructor | NativeFunctionInfo::Flags::ClassConstructor));
bt
#0  0x00005555555fa0f8 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bbb0, programCounter=93824999007392, registerFile=0x7fffffffcbc0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:911
#1  0x00005555556000ae in Escargot::ByteCodeInterpreter::tryOperation (state=..., code=0x555555bca460, ec=0x7ffff461fed0, env=0x7ffff4638070, programCounter=93824999007328, byteCodeBlock=0x7ffff7e6bbb0, registerFile=0x7fffffffcbc0) at ../src/interpreter/ByteCodeInterpreter.cpp:1983
#2  0x00005555555fa1c3 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bbb0, programCounter=93824999007328, registerFile=0x7fffffffcbc0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:929
#3  0x00005555556ce948 in Escargot::FunctionObject::processCall (this=0x7ffff4631120, state=..., receiverSrc=..., argc=0, argv=0x7fffffffd610, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:536
#4  0x00005555555f50dc in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=0, argv=0x7fffffffd610, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#5  0x00005555555f8209 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bcd0, programCounter=93824999010032, registerFile=0x7fffffffd5f0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:529
#6  0x0000555555625d97 in Escargot::Script::execute (this=0x7ffff4638730, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#7  0x0000555555625ee9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd980) at ../src/parser/Script.cpp:92
#8  0x0000555555626ef2 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#9  0x00005555557bf72c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd980) at /usr/include/c++/7/bits/std_function.h:706
#10 0x00005555557be2df in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd8f0, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#11 0x0000555555625fc6 in Escargot::Script::sandboxExecute (this=0x7ffff4638730, state=...) at ../src/parser/Script.cpp:93
#12 0x00005555557dbd0c in eval (context=0x7ffff7e5bed0, str=0x7ffff46297f0, fileName=0x7ffff46296b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#13 0x00005555557dc631 in main (argc=2, argv=0x7fffffffdca8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator.}

Assertion `valueStringLiteralData.getTagInFirstDataArea() == 0x3' failed in Escargot::EscargotLexer::Scanner::ScannerResult::valueStringLiteral

Escargot version:

Checked revision: 958b293

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

var $ = class {
*

Backtrace:

escargot: ../src/parser/Lexer.cpp:511: Escargot::StringView Escargot::EscargotLexer::Scanner::ScannerResult::valueStringLiteral(): Assertion `valueStringLiteralData.getTagInFirstDataArea() == 0x3' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5555558366d0 "valueStringLiteralData.getTagInFirstDataArea() == 0x3", file=file@entry=0x55555583662c "../src/parser/Lexer.cpp", line=line@entry=511, function=function@entry=0x5555558376a0 <Escargot::EscargotLexer::Scanner::ScannerResult::valueStringLiteral()::__PRETTY_FUNCTION__> "Escargot::StringView Escargot::EscargotLexer::Scanner::ScannerResult::valueStringLiteral()") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x5555558366d0 "valueStringLiteralData.getTagInFirstDataArea() == 0x3", file=0x55555583662c "../src/parser/Lexer.cpp", line=511, function=0x5555558376a0 <Escargot::EscargotLexer::Scanner::ScannerResult::valueStringLiteral()::__PRETTY_FUNCTION__> "Escargot::StringView Escargot::EscargotLexer::Scanner::ScannerResult::valueStringLiteral()") at assert.c:101
#4  0x000055555561b824 in Escargot::EscargotLexer::Scanner::ScannerResult::valueStringLiteral (this=0x7fffffffd478) at ../src/parser/Lexer.cpp:511
#5  0x000055555565a852 in Escargot::esprima::Parser::parseClassElement (this=0x7fffffff9d30, constructor=0x7fffffff8d48) at ../src/parser/esprima_cpp/esprima.cpp:5676
#6  0x000055555565aff6 in Escargot::esprima::Parser::parseClassBody (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:5724
#7  0x000055555565b422 in Escargot::esprima::Parser::parseClassProperties (this=0x7fffffff9d30, identifierIsOptional=true) at ../src/parser/esprima_cpp/esprima.cpp:5761
#8  0x000055555565b775 in Escargot::esprima::Parser::parseClassExpression (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:5776
#9  0x0000555555694de2 in Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:1151
#10 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff9d30, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555693de2 <Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#11 0x00005555556837ea in Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:2342
#12 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff9d30, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556835ee <Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#13 0x000055555568d298 in Escargot::esprima::Parser::updateExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:2596
#14 0x0000555555676d2c in Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:2802
#15 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff9d30, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555675f9c <Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#16 0x0000555555652311 in Escargot::esprima::Parser::parseExponentiationExpression (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:2808
#17 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff9d30, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556522b0 <Escargot::esprima::Parser::parseExponentiationExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#18 0x0000555555652763 in Escargot::esprima::Parser::parseBinaryExpression (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:2916
#19 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff9d30, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556526d8 <Escargot::esprima::Parser::parseBinaryExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#20 0x000055555568a513 in Escargot::esprima::Parser::conditionalExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:3227
#21 0x0000555555671e41 in Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:3384
#22 0x000055555567317e in Escargot::esprima::Parser::isolateCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff9d30, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555671d32 <Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:802
#23 0x0000555555678954 in Escargot::esprima::Parser::variableDeclaration<Escargot::esprima::Parser::PassNode<Escargot::VariableDeclaratorNode>, true> (this=0x7fffffff9d30, options=...) at ../src/parser/esprima_cpp/esprima.cpp:4061
#24 0x00005555556553c3 in Escargot::esprima::Parser::parseVariableDeclarationList (this=0x7fffffff9d30, options=...) at ../src/parser/esprima_cpp/esprima.cpp:4082
#25 0x0000555555655634 in Escargot::esprima::Parser::parseVariableStatement (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:4110
#26 0x0000555555656e21 in Escargot::esprima::Parser::parseStatement (this=0x7fffffff9d30, allowFunctionDeclaration=true) at ../src/parser/esprima_cpp/esprima.cpp:5026
#27 0x0000555555679c30 in Escargot::esprima::Parser::statementListItem<Escargot::esprima::Parser::PassNode<Escargot::StatementNode>, true> (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:3690
#28 0x000055555565b9e1 in Escargot::esprima::Parser::parseProgram (this=0x7fffffff9d30) at ../src/parser/esprima_cpp/esprima.cpp:5791
#29 0x000055555565bd49 in Escargot::esprima::parseProgram (ctx=0x7ffff7e5bed0, source=..., strictFromOutside=false, stackRemain=18446744073709551615) at ../src/parser/esprima_cpp/esprima.cpp:6043
#30 0x00005555556284d9 in Escargot::ScriptParser::parse (this=0x7ffff7e52f70, scriptSource=..., fileName=0x7ffff46296b0, parentCodeBlock=0x0, strictFromOutside=false, isEvalCodeInFunction=false, stackSizeRemain=18446744073709551615) at ../src/parser/ScriptParser.cpp:165
#31 0x00005555555ca156 in Escargot::ScriptParser::parse (this=0x7ffff7e52f70, script=0x7ffff46297f0, fileName=0x7ffff46296b0, strictFromOutside=false, isEvalCodeInFunction=false, stackSizeRemain=18446744073709551615) at ../src/parser/ScriptParser.h:63
#32 0x00005555557dbc56 in eval (context=0x7ffff7e5bed0, str=0x7ffff46297f0, fileName=0x7ffff46296b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:38
#33 0x00005555557dc631 in main (argc=2, argv=0x7fffffffdca8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator.}

for-of statement

ES2015 description

Assertion `env' failed in Escargot::ByteCodeInterpreter::declareFunctionDeclarations

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

try { 
    throw ReferenceError('');
} catch ( x ) { 
    eval ( "function arguments (){};" );
}

Backtrace:

escargot: src/interpreter/ByteCodeInterpreter.cpp:2080: static void Escargot::ByteCodeInterpreter::declareFunctionDeclarations(Escargot::ExecutionState&, Escargot::DeclareFunctionDeclarations*, Escargot::LexicalEnvironment*, Escargot::Value*): Assertion `env' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555818fb8 "env", 
    file=file@entry=0x555555818c30 "src/interpreter/ByteCodeInterpreter.cpp", line=line@entry=2080, 
    function=function@entry=0x55555581a440 <Escargot::ByteCodeInterpreter::declareFunctionDeclarations(Escargot::ExecutionState&, Escargot::DeclareFunctionDeclarations*, Escargot::LexicalEnvironment*, Escargot::Value*)::__PRETTY_FUNCTION__> "static void Escargot::ByteCodeInterpreter::declareFunctionDeclarations(Escargot::ExecutionState&, Escargot::DeclareFunctionDeclarations*, Escargot::LexicalEnvironment*, Escargot::Value*)") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x555555818fb8 "env", file=0x555555818c30 "src/interpreter/ByteCodeInterpreter.cpp", line=2080, 
    function=0x55555581a440 <Escargot::ByteCodeInterpreter::declareFunctionDeclarations(Escargot::ExecutionState&, Escargot::DeclareFunctionDeclarations*, Escargot::LexicalEnvironment*, Escargot::Value*)::__PRETTY_FUNCTION__> "static void Escargot::ByteCodeInterpreter::declareFunctionDeclarations(Escargot::ExecutionState&, Escargot::DeclareFunctionDeclarations*, Escargot::LexicalEnvironment*, Escargot::Value*)") at assert.c:101
#4  0x00005555555f9789 in Escargot::ByteCodeInterpreter::declareFunctionDeclarations (state=..., code=0x555555bacf10, lexicalEnvironment=0x7ffff48326a0, stackStorage=0x7fffffffc5b0)
    at src/interpreter/ByteCodeInterpreter.cpp:2080
#5  0x00005555555f3b64 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e682b0, programCounter=93824998887184, registerFile=0x7fffffffc5a0, initAddressFiller=0x7fffffffc610)
    at src/interpreter/ByteCodeInterpreter.cpp:1101
#6  0x0000555555612687 in Escargot::Script::executeLocal (this=0x7ffff4832850, state=..., thisValue=..., parentCodeBlock=0x7ffff4831ed0, isEvalMode=true, needNewRecord=false) at src/parser/Script.cpp:187
#7  0x00005555556d1ac1 in Escargot::GlobalObject::evalLocal (this=0x7ffff7e5aaf0, state=..., arg=..., thisValue=..., parentCodeBlock=0x7ffff4831ed0) at src/runtime/GlobalObject.cpp:274
#8  0x00005555555f8aeb in Escargot::ByteCodeInterpreter::evalOperation (state=..., code=0x555555bacda0, registerFile=0x7fffffffd9a0, byteCodeBlock=0x7ffff7e68730, ec=0x7ffff4829250)
    at src/interpreter/ByteCodeInterpreter.cpp:1942
#9  0x00005555555f2e4e in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e68730, programCounter=93824998886816, registerFile=0x7fffffffd9a0, initAddressFiller=0x7fffffffcf58)
    at src/interpreter/ByteCodeInterpreter.cpp:871
#10 0x00005555555f87a6 in Escargot::ByteCodeInterpreter::tryOperation (state=..., code=0x555555bacbd0, ec=0x7fffffffda90, env=0x7ffff4832fa0, programCounter=93824998886352, byteCodeBlock=0x7ffff7e68730, 
    registerFile=0x7fffffffd9a0) at src/interpreter/ByteCodeInterpreter.cpp:1897
#11 0x00005555555f2ea7 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e68730, programCounter=93824998886352, registerFile=0x7fffffffd9a0, initAddressFiller=0x7fffffffda28)
    at src/interpreter/ByteCodeInterpreter.cpp:880
#12 0x0000555555611a21 in Escargot::Script::execute (this=0x7ffff48242b0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:80
#13 0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd30) at src/parser/Script.cpp:93
#14 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#15 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd30) at /usr/include/c++/7/bits/std_function.h:706
#16 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdca0, scriptRunner=...) at src/runtime/SandBox.cpp:36
#17 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff48242b0, state=...) at src/parser/Script.cpp:94
#18 0x00005555557c102b in eval (context=0x7ffff7e59ed0, str=0x7ffff4829750, fileName=0x7ffff48296b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:46
#19 0x00005555557c197a in main (argc=2, argv=0x7fffffffe058) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Assertion isFunctionObject() in Escargot::PointerValue::asFunctionObject

Escargot version:

Checked revision: 106b9c8
Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-51-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

EvalError.bind( ).call( )

Backtrace:

escargot: ../src/runtime/PointerValue.h:287: Escargot::FunctionObject* Escargot::PointerValue::asFunctionObject(): Assertion `isFunctionObject()' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5555558420c4 "isFunctionObject()", file=file@entry=0x555555842075 "../src/runtime/PointerValue.h", line=line@entry=287, function=function@entry=0x555555843060 <Escargot::PointerValue::asFunctionObject()::__PRETTY_FUNCTION__> "Escargot::FunctionObject* Escargot::PointerValue::asFunctionObject()") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x5555558420c4 "isFunctionObject()", file=0x555555842075 "../src/runtime/PointerValue.h", line=287, function=0x555555843060 <Escargot::PointerValue::asFunctionObject()::__PRETTY_FUNCTION__> "Escargot::FunctionObject* Escargot::PointerValue::asFunctionObject()") at assert.c:101
#4  0x00005555555cd85c in Escargot::PointerValue::asFunctionObject (this=0x7ffff4612970) at ../src/runtime/PointerValue.h:287
#5  0x00005555555d0d4e in Escargot::Value::asFunction (this=0x7fffffffce70) at ../src/runtime/ValueInlines.h:542
#6  0x0000555555717385 in Escargot::builtinFunctionCall (state=..., thisValue=..., argc=1, argv=0x7fffffffda10, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinFunction.cpp:201
#7  0x00005555556e6839 in Escargot::FunctionObject::processCall (this=0x7ffff4662430, state=..., receiverSrc=..., argc=1, argv=0x7fffffffda10, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:328
#8  0x00005555556e46af in Escargot::FunctionObject::call (this=0x7ffff4662430, state=..., thisValue=..., argc=1, argv=0x7fffffffda10) at ../src/runtime/FunctionObject.h:169
#9  0x0000555555609655 in Escargot::FunctionObject::call (state=..., callee=..., thisValue=..., argc=1, argv=0x7fffffffda10) at ../src/runtime/FunctionObject.h:182
#10 0x000055555560cc22 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4678cd0, programCounter=93824999119536, registerFile=0x7fffffffd9e0) at ../src/interpreter/ByteCodeInterpreter.cpp:573
#11 0x0000555555639b31 in Escargot::Script::execute (this=0x7ffff45f16a0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#12 0x0000555555639c83 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd90) at ../src/parser/Script.cpp:92
#13 0x000055555563ac8c in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#14 0x00005555557d410a in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd90) at /usr/include/c++/7/bits/std_function.h:706
#15 0x00005555557d2cbd in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdd00, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#16 0x0000555555639d60 in Escargot::Script::sandboxExecute (this=0x7ffff45f16a0, state=...) at ../src/parser/Script.cpp:93
#17 0x00005555557f075a in eval (context=0x7ffff4669ed0, str=0x7ffff45d0570, fileName=0x7ffff45d04d0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#18 0x00005555557f10bc in main (argc=2, argv=0x7fffffffe0b8) at ../src/shell/Shell.cpp:133

^{Found by Fuzzinator with grammarinator}

Assertion `s <= e' failed in Escargot::StringView::StringView

Escargot version:

Checked revision: 958b293

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

Intl.NumberFormat('en-u-foo-U-foo')

Backtrace:

escargot: ../src/runtime/StringView.h:33: Escargot::StringView::StringView(Escargot::String*, size_t, size_t): Assertion `s <= e' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555582d7b3 "s <= e", file=file@entry=0x55555582d797 "../src/runtime/StringView.h", line=line@entry=33, function=function@entry=0x5555558302e0 <Escargot::StringView::StringView(Escargot::String*, unsigned long, unsigned long)::__PRETTY_FUNCTION__> "Escargot::StringView::StringView(Escargot::String*, size_t, size_t)") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x55555582d7b3 "s <= e", file=0x55555582d797 "../src/runtime/StringView.h", line=33, function=0x5555558302e0 <Escargot::StringView::StringView(Escargot::String*, unsigned long, unsigned long)::__PRETTY_FUNCTION__> "Escargot::StringView::StringView(Escargot::String*, size_t, size_t)") at assert.c:101
#4  0x00005555555c67e6 in Escargot::StringView::StringView (this=0x7ffff461db70, str=0x7ffff45c67f0, s=8, e=6) at ../src/runtime/StringView.h:33
#5  0x00005555557c7acd in Escargot::String::substring (this=0x7ffff45c67f0, from=8, to=6) at ../src/runtime/String.cpp:728
#6  0x000055555570398f in Escargot::lookupMatcher (state=..., availableLocales=..., requestedLocales=...) at ../src/runtime/GlobalObjectBuiltinIntl.cpp:791
#7  0x0000555555703a31 in Escargot::bestFitMatcher (state=..., availableLocales=..., requestedLocales=...) at ../src/runtime/GlobalObjectBuiltinIntl.cpp:805
#8  0x0000555555703e7a in Escargot::resolveLocale (state=..., availableLocales=..., requestedLocales=..., options=0x7ffff46285b0, relevantExtensionKeys=0x555555b36dc0 <Escargot::intlNumberFormatRelevantExtensionKeys>, relevantExtensionKeyCount=1, localeData=0x55555570e48d <Escargot::localeDataNumberFormat(Escargot::String*, size_t)>) at ../src/runtime/GlobalObjectBuiltinIntl.cpp:827
#9  0x000055555570ec68 in Escargot::initializeNumberFormat (state=..., numberFormat=0x7ffff45fc610, locales=..., options=...) at ../src/runtime/GlobalObjectBuiltinIntl.cpp:2219
#10 0x00005555557117d8 in Escargot::builtinIntlNumberFormatConstructor (state=..., thisValue=..., argc=1, argv=0x7fffffffcbb0, isNewExpression=true) at ../src/runtime/GlobalObjectBuiltinIntl.cpp:2472
#11 0x00005555556cd6f2 in Escargot::FunctionObject::processCall (this=0x7ffff45fb490, state=..., receiverSrc=..., argc=1, argv=0x7fffffffcbb0, isNewExpression=true) at ../src/runtime/FunctionObject.cpp:357
#12 0x00005555556cd202 in Escargot::FunctionObject::newInstance (this=0x7ffff45fb490, state=..., argc=1, argv=0x7fffffffcbb0) at ../src/runtime/FunctionObject.cpp:300
#13 0x00005555555fc5d6 in Escargot::ByteCodeInterpreter::newOperation (state=..., callee=..., argc=1, argv=0x7fffffffcbb0) at ../src/interpreter/ByteCodeInterpreter.cpp:1382
#14 0x00005555555f9760 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bbb0, programCounter=93824999017304, registerFile=0x7fffffffcb50, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:802
#15 0x00005555556000ae in Escargot::ByteCodeInterpreter::tryOperation (state=..., code=0x555555bcca60, ec=0x7ffff45fc930, env=0x7ffff461cb20, programCounter=93824999017056, byteCodeBlock=0x7ffff7e6bbb0, registerFile=0x7fffffffcb50) at ../src/interpreter/ByteCodeInterpreter.cpp:1983
#16 0x00005555555fa1c3 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bbb0, programCounter=93824999017056, registerFile=0x7fffffffcb50, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:929
#17 0x00005555556ce948 in Escargot::FunctionObject::processCall (this=0x7ffff4631120, state=..., receiverSrc=..., argc=1, argv=0x7fffffffd5c0, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:536
#18 0x00005555555f50dc in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=1, argv=0x7fffffffd5c0, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#19 0x00005555555f8209 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bcd0, programCounter=93824999022304, registerFile=0x7fffffffd5b0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:529
#20 0x0000555555625d97 in Escargot::Script::execute (this=0x7ffff462cb20, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#21 0x0000555555625ee9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd980) at ../src/parser/Script.cpp:92
#22 0x0000555555626ef2 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#23 0x00005555557bf72c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd980) at /usr/include/c++/7/bits/std_function.h:706
#24 0x00005555557be2df in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd8f0, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#25 0x0000555555625fc6 in Escargot::Script::sandboxExecute (this=0x7ffff462cb20, state=...) at ../src/parser/Script.cpp:93
#26 0x00005555557dbd0c in eval (context=0x7ffff7e5bed0, str=0x7ffff46297f0, fileName=0x7ffff46296b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#27 0x00005555557dc631 in main (argc=2, argv=0x7fffffffdca8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator.}

preventExtenstions error within Array object

Test Case

(function () {
  var a = Object.preventExtensions([1, , 3, , 4, 5]);
  try {
    a.copyWithin(2, 1, 4);
    assert(false);
  } catch (e) {
    assert(e instanceof TypeError);
  }
})();

(function () {
  var a = Object.preventExtensions([1, , 3, , 4, 5]);
  a[1] = 1;
  a[2] = 2;
  assert(a[1] === undefined);
  assert(a[2] === 2);
})();

Issues

array should be converted to non-fast-mode if it is not extensible

Assertion `m_deletionHasBegun' failed in JSC::Yarr::RefCountedBase::~RefCountedBase

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

try { 
} catch ( o ) { 
    function fun( ) { } (1);
}

Backtrace:

escargot: escargot/third_party/yarr/wtfbridge.h:112: JSC::Yarr::RefCountedBase::~RefCountedBase(): Assertion `m_deletionHasBegun' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555581cb0c "m_deletionHasBegun", 
    file=file@entry=0x55555581caa8 "escargot/third_party/yarr/wtfbridge.h", line=line@entry=112, 
    function=function@entry=0x555555820000 <JSC::Yarr::RefCountedBase::~RefCountedBase()::__PRETTY_FUNCTION__> "JSC::Yarr::RefCountedBase::~RefCountedBase()") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x55555581cb0c "m_deletionHasBegun", file=0x55555581caa8 "escargot/third_party/yarr/wtfbridge.h", line=112, 
    function=0x555555820000 <JSC::Yarr::RefCountedBase::~RefCountedBase()::__PRETTY_FUNCTION__> "JSC::Yarr::RefCountedBase::~RefCountedBase()") at assert.c:101
#4  0x0000555555618ab5 in JSC::Yarr::RefCountedBase::~RefCountedBase (this=0x7fffffffd3a8, __in_chrg=<optimized out>) at escargot/third_party/yarr/wtfbridge.h:112
#5  0x000055555566a93c in JSC::Yarr::RefCounted<Escargot::Node>::~RefCounted (this=0x7fffffffd3a8, __in_chrg=<optimized out>) at escargot/third_party/yarr/wtfbridge.h:179
#6  0x0000555555618d7a in Escargot::Node::~Node (this=0x7fffffffd3a0, __in_chrg=<optimized out>) at escargot/src/parser/ast/Node.h:180
#7  0x00005555556b58fe in Escargot::IdentifierNode::~IdentifierNode (this=0x7fffffffd3a0, __in_chrg=<optimized out>) at escargot/src/parser/ast/IdentifierNode.h:31
#8  0x0000555555634935 in Escargot::TryStatementNode::generateStatementByteCode (this=0x7ffff482de80, codeBlock=0x7ffff7e68610, context=0x7fffffffd7c0)
    at escargot/src/parser/ast/TryStatementNode.h:74
#9  0x000055555561f06c in Escargot::StatementContainer::generateStatementByteCode (this=0x555555bac510, codeBlock=0x7ffff7e68610, context=0x7fffffffd7c0)
    at escargot/src/parser/ast/StatementNode.h:75
#10 0x0000555555631db9 in Escargot::ProgramNode::generateStatementByteCode (this=0x7ffff482ff90, codeBlock=0x7ffff7e68610, context=0x7fffffffd7c0)
    at escargot/src/parser/ast/ProgramNode.h:48
#11 0x00005555555e1789 in Escargot::ByteCodeGenerator::generateByteCode (this=0x7fffffffda17, c=0x7ffff7e59ed0, codeBlock=0x7ffff4830ed0, ast=0x7ffff482ff90, scopeCtx=0x7ffff7e68850, isEvalMode=false, 
    isOnGlobal=true, shouldGenerateLOCData=false) at src/interpreter/ByteCodeGenerator.cpp:188
#12 0x0000555555611635 in Escargot::Script::execute (this=0x7ffff4824190, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:46
#13 0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd30) at src/parser/Script.cpp:93
#14 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#15 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd30) at /usr/include/c++/7/bits/std_function.h:706
#16 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdca0, scriptRunner=...) at src/runtime/SandBox.cpp:36
#17 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff4824190, state=...) at src/parser/Script.cpp:94
#18 0x00005555557c102b in eval (context=0x7ffff7e59ed0, str=0x7ffff4829750, fileName=0x7ffff48296b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:46
#19 0x00005555557c197a in main (argc=2, argv=0x7fffffffe058) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

RegExp.prototype.toString() does not work properly

var fake =
    {
      get source() {
        return {
          toString: function() {
            return "pattern";
          }
        };
      },
      get flags() {
        return {
          toString: function() {
            return "flags";
          }
        };
      }
    }

assert("/pattern/flags" == RegExp.prototype.toString.call(fake));

The above assertion fails.

JSON.stringify gives incorrect result for typed arrays

Test case

JSON.stringify(new Uint32Array())

Problem

This is the same test case as in #31 . It has been fixed by #38 not to crash the engine but the outcome of the test case is different from the result of other engines.

Escargot gives "[]"
Safari/JSC, Chrome/V8, and JerryScript all give "{}"

Notes

It should be double checked whether the engines used as reference are conforming to the standard.
Other types (not only uint32) and non-empty arrays should also be checked whether they are handled OK.

Assertion `idx < m_size' failed in Escargot::ObjectStructure::readProperty

Escargot version:

Checked revision: 0f4df2a
Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -Cout

OS:

Ubuntu 18.04, x86_64

Test case:

var bDeletesC = {$ : $, get b() { delete this.$}, c: $};   
var $ = Object.values(bDeletesC);

Backtrace:

escargot: ../src/util/Vector.h:219: T& Escargot::Vector<T, Allocator, glowFactor>::operator[](const size_t&) [with T = Escargot::ObjectStructureItem; Allocator = GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::ObjectStructureItem>; int glowFactor = 120; size_t = long unsigned int]: Assertion `idx < m_size' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x5555558182fa "idx < m_size", file=file@entry=0x555555818307 "../src/util/Vector.h", 
    line=line@entry=219, 
    function=function@entry=0x555555819ba0 <Escargot::Vector<Escargot::ObjectStructureItem, GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::ObjectStructureItem>, 120>::operator[](unsigned long const&)::__PRETTY_FUNCTION__> "T& Escargot::Vector<T, Allocator, glowFactor>::operator[](const size_t&) [with T = Escargot::ObjectStructureItem; Allocator = GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::ObjectStructureItem>"...) at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x5555558182fa "idx < m_size", file=0x555555818307 "../src/util/Vector.h", 
    line=219, 
    function=0x555555819ba0 <Escargot::Vector<Escargot::ObjectStructureItem, GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::ObjectStructureItem>, 120>::operator[](unsigned long const&)::__PRETTY_FUNCTION__> "T& Escargot::Vector<T, Allocator, glowFactor>::operator[](const size_t&) [with T = Escargot::ObjectStructureItem; Allocator = GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::ObjectStructureItem>"...) at assert.c:101
#4  0x00005555555d27f5 in Escargot::Vector<Escargot::ObjectStructureItem, GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::ObjectStructureItem>, 120>::operator[] (this=0x7ffff45f1808, idx=@0x7fffffffcc18: 2) at ../src/util/Vector.h:219
#5  0x00005555555f07fb in Escargot::ObjectStructure::readProperty (this=0x7ffff45f1800, idx=2)
    at ../src/runtime/ObjectStructure.h:116
#6  0x0000555555792d5b in Escargot::Object::enumeration (this=0x7ffff45f26b0, state=..., 
    callback=0x555555743405 <Escargot::<lambda(Escargot::ExecutionState&, Escargot::Object*, const Escargot::ObjectPropertyName&, const Escargot::ObjectStructurePropertyDescriptor&, void*)>::_FUN(Escargot::ExecutionState &, Escargot::Object *, const Escargot::ObjectPropertyName &, const Escargot::ObjectStructurePropertyDescriptor &, void *)>, data=0x7fffffffcd30, shouldSkipSymbolKey=true)
    at ../src/runtime/Object.cpp:701
#7  0x000055555574382a in Escargot::enumerableOwnProperties (state=..., O=0x7ffff45f26b0, 
    kind=Escargot::EnumerableOwnPropertiesTypeValue) at ../src/runtime/GlobalObjectBuiltinObject.cpp:677
#8  0x0000555555743901 in Escargot::builtinObjectValues (state=..., thisValue=..., argc=1, argv=0x7fffffffd6e0, 
    isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinObject.cpp:722
#9  0x00005555556c4bc0 in Escargot::FunctionObject::processCall (this=0x7ffff466a120, state=..., receiverSrc=..., 
    argc=@0x7fffffffd660: 1, argv=0x7fffffffd6e0, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:332
#10 0x00005555555f16c0 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd660: 1, 
    argv=0x7fffffffd6e0) at ../src/runtime/FunctionObject.h:105
#11 0x00005555555f484c in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff46722b0, 
    programCounter=93824998900272, registerFile=0x7fffffffd6c0, initAddressFiller=0x7fffffffd748)
    at ../src/interpreter/ByteCodeInterpreter.cpp:524
#12 0x0000555555621877 in Escargot::Script::execute (this=0x7ffff45eb3d0, state=..., isEvalMode=false, needNewEnv=false, 
    isOnGlobal=true) at ../src/parser/Script.cpp:80
#13 0x00005555556219c9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffda60)
    at ../src/parser/Script.cpp:93
#14 0x00005555556229e0 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#15 0x00005555557a92a2 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffda60)
    at /usr/include/c++/7/bits/std_function.h:706
#16 0x00005555557a7d87 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd9d0, scriptRunner=...)
    at ../src/runtime/SandBox.cpp:36
#17 0x0000555555621aa6 in Escargot::Script::sandboxExecute (this=0x7ffff45eb3d0, state=...) at ../src/parser/Script.cpp:94
#18 0x00005555557c62c3 in eval (context=0x7ffff4663ed0, str=0x7ffff45f2a70, fileName=0x7ffff45f29d0, shouldPrintScriptResult=false)
    at ../src/shell/Shell.cpp:46
#19 0x00005555557c6c12 in main (argc=2, argv=0x7fffffffdd88) at ../src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Wrong operations of bind function

Test Case

function foo(x, y, z) {
  return [this, arguments.length, x];
}

var f = foo.bind(foo);
assert([foo, 3, 1] === f(1, 2, 3));
assert(3 === f.length);
assert("function () { [native code] }" === f.toString()); // failed


function bar(x, y, z) {
  this.x = x;
  this.y = y;
  this.z = z;
}

f = bar.bind(bar, 1).bind(bar, 2).bind(bar, 3);
obj2 = new f(); // failed
assert(1 === obj2.x); // failed
assert(2 === obj2.y); // failed
assert(3 === obj2.z); // failed

assert(true === obj2 instanceof bar); // failed
assert(true === obj2 instanceof f); // failed

Issues

function name of bound function
nested bound function and its constructor operation

Segmentation fault in Escargot::SmallValue::operator=

Escargot version:

Checked revision: bfb1b7d
Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-45-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

var arr = [ ];
Array.prototype[Object.defineProperty(arr, 0, {get: function() {Object.defineProperty(Array.prototype, 0, {}); return  0}})] = 0

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00005555555c4917 in Escargot::SmallValue::operator= (this=0x0, from=...) at ../src/runtime/SmallValue.h:270
270             m_data.payload = SmallValueImpl::PlatformSmiTagging::IntToSmi(i32);
(gdb) bt
#0  0x00005555555c4917 in Escargot::SmallValue::operator= (this=0x0, from=...) at ../src/runtime/SmallValue.h:270
#1  0x00005555555f441b in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e672b0, programCounter=93824998871624, registerFile=0x7fffffffdae0, initAddressFiller=0x7fffffffdb98)
    at ../src/interpreter/ByteCodeInterpreter.cpp:439
#2  0x0000555555621911 in Escargot::Script::execute (this=0x7ffff462b3d0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:80
#3  0x0000555555621a63 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdeb0) at ../src/parser/Script.cpp:93
#4  0x0000555555622a7a in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#5  0x00005555557a4a9c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdeb0) at /usr/include/c++/7/bits/std_function.h:706
#6  0x00005555557a3581 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffde20, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#7  0x0000555555621b40 in Escargot::Script::sandboxExecute (this=0x7ffff462b3d0, state=...) at ../src/parser/Script.cpp:94
#8  0x00005555557c1abd in eval (context=0x7ffff7e58ed0, str=0x7ffff4632a70, fileName=0x7ffff46329d0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:46
#9  0x00005555557c240c in main (argc=2, argv=0x7fffffffe1d8) at ../src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

TC Fail

x64.release (-DVENDORTEST=1) :: run-v8-x64
mjsunit/delete: in our environment, this TC runs longer than 30 seconds. Maybe it is failed due to time limit
x64.release (-DVENDORTEST=1) :: run-spidermonkey-x64
All failed cases seem to use ES6 let feature which is not yet implemented.
Some commands are missed in test.cmake file.
Please add following commands at run-spidermonkey-x86 and run-spidermonkey-x64 targets.
These commands replace each ES6 featured code with equivalent ES5.1 code.

COMMAND @rm ${PROJECT_SOURCE_DIR}/test/vendortest/SpiderMonkey/ecma_6/Math/shell.js
COMMAND @ln -s ${PROJECT_SOURCE_DIR}/test/vendortest/driver/spidermonkey.ecma_6.Math.shell.js ${PROJECT_SOURCE_DIR}/test/vendortest/SpiderMonkey/ecma_6/Math/shell.js

terminate called after throwing an instance of 'Escargot::Value'

Escargot version:

Checked revision: 8f6925a

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -Cout

OS:

Linux-4.15.0-38-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

Error.prototype.toString = Object.getOwnPropertyDescriptor.toString;
throw ReferenceError("x");

Backtrace:

terminate called after throwing an instance of 'Escargot::Value'

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff72808b7 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00007ffff7286a06 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4  0x00007ffff7286a41 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5  0x00007ffff7286c74 in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x00005555557a3289 in Escargot::SandBox::throwException (this=0x7fffffffdd00, state=..., exception=...) at ../src/runtime/SandBox.cpp:65
#7  0x00005555555fa7b0 in Escargot::ByteCodeInterpreter::processException (state=..., value=..., ecInput=0x7fffffffd970, programCounter=18446744073709551615) at ../src/interpreter/ByteCodeInterpreter.cpp:2183
#8  0x00005555556ccb51 in Escargot::FunctionObject::processCall (this=0x7ffff486a6a0, state=..., receiverSrc=..., argc=@0x7fffffffda80: 0, argv=0x0, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:328
#9  0x00005555555c5313 in Escargot::FunctionObject::call (this=0x7ffff486a6a0, state=..., receiver=..., argc=@0x7fffffffda80: 0, argv=0x0) at escargot//src/runtime/FunctionObject.h:92
#10 0x00005555557be469 in Escargot::Value::ordinaryToPrimitive (this=0x7fffffffdd68, state=..., preferredType=Escargot::Value::PreferString) at ../src/runtime/Value.cpp:147
#11 0x00005555557bea0d in Escargot::Value::toPrimitiveSlowCase (this=0x7fffffffdd68, state=..., preferredType=Escargot::Value::PreferString) at ../src/runtime/Value.cpp:213
#12 0x00005555555ee015 in Escargot::Value::toPrimitive (this=0x7fffffffdd68, ec=..., preferredType=Escargot::Value::PreferString) at escargot//src/runtime/ValueInlines.h:683
#13 0x00005555557be0d8 in Escargot::Value::toStringSlowCase (this=0x7fffffffdd68, ec=...) at ../src/runtime/Value.cpp:115
#14 0x00005555555c199c in Escargot::Value::toString (this=0x7fffffffdd68, ec=...) at escargot//src/runtime/Value.h:182
#15 0x00005555557a2fbc in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdd00, scriptRunner=...) at ../src/runtime/SandBox.cpp:40
#16 0x0000555555611f10 in Escargot::Script::sandboxExecute (this=0x7ffff47e4070, state=...) at ../src/parser/Script.cpp:94
#17 0x00005555557c12f9 in eval (context=0x7ffff486bed0, str=0x7ffff47e9750, fileName=0x7ffff47e96b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:46
#18 0x00005555557c1c48 in main (argc=2, argv=0x7fffffffe0b8) at ../src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

#51 seems to be aimed to expand escargot with ES6 features. By looking at the code i found, that it has guards for some of these, for example:
ESCARGOT_ENABLE_PROXY_REFLECT, ESCARGOT_ENABLE_TYPEDARRAY

As i'm about to start to contribute in this field, i wanted to ask if you have a plan for guard groups, or just to have a separate guard for all of them?

To draw a parallel to a similar project, JerryScript has a CONFIG_DISABLE_ES2015 to turn on/off all features, and has one for all major ones, like: CONFIG_DISABLE_ES2015_CLASS, CONFIG_DISABLE_REGEXP_BUILTIN etc...
As Escargot is aimed at mid-range devices, i'm not so sure if the project needs the smaller ones, but what about a big one, like a ENABLE_ES2015? I wanted to ask you about your opinion in the topic before first diving into the code, and adding unnecessary guards. Any plans, ideas?
(edit: just correction of myself)

Assertion `isArrayObject()' failed in Escargot::Object::asArrayObject

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

JSON.stringify(new Uint32Array());

Backtrace:

escargot: escargot/src/runtime/Object.h:546: Escargot::ArrayObject* Escargot::Object::asArrayObject(): Assertion `isArrayObject()' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555818a39 "isArrayObject()", 
    file=file@entry=0x555555818958 "escargot/src/runtime/Object.h", line=line@entry=546, 
    function=function@entry=0x555555819900 <Escargot::Object::asArrayObject()::__PRETTY_FUNCTION__> "Escargot::ArrayObject* Escargot::Object::asArrayObject()") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x555555818a39 "isArrayObject()", file=0x555555818958 "escargot/src/runtime/Object.h", line=546, 
    function=0x555555819900 <Escargot::Object::asArrayObject()::__PRETTY_FUNCTION__> "Escargot::ArrayObject* Escargot::Object::asArrayObject()") at assert.c:101
#4  0x00005555555edbb2 in Escargot::Object::asArrayObject (this=0x7ffff4828430) at escargot/src/runtime/Object.h:546
#5  0x000055555572811c in Escargot::<lambda(Escargot::ObjectPropertyName, Escargot::Object*)>::operator()(Escargot::ObjectPropertyName, Escargot::Object *) const (__closure=0x555555bac550, key=..., 
    holder=0x7ffff4829430) at src/runtime/GlobalObjectBuiltinJSON.cpp:422
#6  0x000055555572faf2 in std::_Function_handler<Escargot::Value(Escargot::ObjectPropertyName, Escargot::Object*), Escargot::builtinJSONStringify(Escargot::ExecutionState&, Escargot::Value, size_t, Escargot::Value*, bool)::<lambda(Escargot::ObjectPropertyName, Escargot::Object*)> >::_M_invoke(const std::_Any_data &, Escargot::ObjectPropertyName &&, Escargot::Object *&&) (__functor=..., __args#0=..., 
    __args#1=@0x7fffffffce70: 0x7ffff4829430) at /usr/include/c++/7/bits/std_function.h:302
#7  0x000055555572b6bd in std::function<Escargot::Value (Escargot::ObjectPropertyName, Escargot::Object*)>::operator()(Escargot::ObjectPropertyName, Escargot::Object*) const (this=0x7fffffffd060, 
    __args#0=..., __args#1=0x7ffff4829430) at /usr/include/c++/7/bits/std_function.h:706
#8  0x000055555572a1d7 in Escargot::builtinJSONStringify (state=..., thisValue=..., argc=1, argv=0x7fffffffd120, isNewExpression=false) at src/runtime/GlobalObjectBuiltinJSON.cpp:631
#9  0x00005555556cba78 in Escargot::FunctionObject::processCall (this=0x7ffff48725f0, state=..., receiverSrc=..., argc=@0x7fffffffd940: 1, argv=0x7fffffffd120, isNewExpression=false)
    at src/runtime/FunctionObject.cpp:326
#10 0x00005555555ee742 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd940: 1, argv=0x7fffffffd9b8)
    at escargot/src/runtime/FunctionObject.h:100
#11 0x00005555555f15bf in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e68730, programCounter=93824998886616, registerFile=0x7fffffffd9a0, initAddressFiller=0x7fffffffda28)
    at src/interpreter/ByteCodeInterpreter.cpp:527
#12 0x0000555555611a21 in Escargot::Script::execute (this=0x7ffff48242b0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:80
#13 0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd30) at src/parser/Script.cpp:93
#14 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#15 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd30) at /usr/include/c++/7/bits/std_function.h:706
#16 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdca0, scriptRunner=...) at src/runtime/SandBox.cpp:36
#17 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff48242b0, state=...) at src/parser/Script.cpp:94
#18 0x00005555557c102b in eval (context=0x7ffff7e59ed0, str=0x7ffff4829750, fileName=0x7ffff48296b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:46
#19 0x00005555557c197a in main (argc=2, argv=0x7fffffffe058) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Update Map/Set & WeakMap/WeakSet features

Update missing features and TCs

Assertion byteindex + elementSize <= m_bytelength failed in Escargot::ArrayBufferObject::getValueFromBuffer

Escargot version:

Checked revision: cd03a08

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

new Int16Array(new Int8Array(777));

Backtrace:

escargot: ../src/runtime/ArrayBufferObject.h:69: Escargot::Value Escargot::ArrayBufferObject::getValueFromBuffer(Escargot::ExecutionState&, unsigned int, bool) [with Type = short int]: Assertion `byteindex + elementSize <= m_bytelength' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555843300 "byteindex + elementSize <= m_bytelength", file=file@entry=0x5555558432d0 "../src/runtime/ArrayBufferObject.h", line=line@entry=69, function=function@entry=0x555555843780 <Escargot::Value Escargot::ArrayBufferObject::getValueFromBuffer<short>(Escargot::ExecutionState&, unsigned int, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::ArrayBufferObject::getValueFromBuffer(Escargot::ExecutionState&, unsigned int, bool) [with Type = short int]") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x555555843300 "byteindex + elementSize <= m_bytelength", file=0x5555558432d0 "../src/runtime/ArrayBufferObject.h", line=69, function=0x555555843780 <Escargot::Value Escargot::ArrayBufferObject::getValueFromBuffer<short>(Escargot::ExecutionState&, unsigned int, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::ArrayBufferObject::getValueFromBuffer(Escargot::ExecutionState&, unsigned int, bool) [with Type = short int]") at assert.c:101
#4  0x00005555556ec482 in Escargot::ArrayBufferObject::getValueFromBuffer<short> (this=0x7ffff4638b70, state=..., byteindex=776, isLittleEndian=true) at ../src/runtime/ArrayBufferObject.h:69
#5  0x0000555555780fa3 in Escargot::builtinTypedArrayConstructor<Escargot::Int16ArrayObject, 2, Escargot::Int16Adaptor> (state=..., thisValue=..., argc=1, argv=0x7fffffffca80, isNewExpression=true) at ../src/runtime/GlobalObjectBuiltinTypedArray.cpp:459
#6  0x00005555556cca22 in Escargot::FunctionObject::processCall (this=0x7ffff45d75f0, state=..., receiverSrc=..., argc=1, argv=0x7fffffffca80, isNewExpression=true) at ../src/runtime/FunctionObject.cpp:357
#7  0x00005555556cc556 in Escargot::FunctionObject::newInstance (this=0x7ffff45d75f0, state=..., argc=1, argv=0x7fffffffd508) at ../src/runtime/FunctionObject.cpp:300
#8  0x00005555555fc40a in Escargot::ByteCodeInterpreter::newOperation (state=..., callee=..., argc=1, argv=0x7fffffffd508) at ../src/interpreter/ByteCodeInterpreter.cpp:1382
#9  0x00005555555f9591 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4676cd0, programCounter=93824999005456, registerFile=0x7fffffffd4f0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:802
#10 0x0000555555625aed in Escargot::Script::execute (this=0x7ffff45f8730, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#11 0x0000555555625c3f in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd8a0) at ../src/parser/Script.cpp:92
#12 0x0000555555626c48 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#13 0x00005555557be90c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd8a0) at /usr/include/c++/7/bits/std_function.h:706
#14 0x00005555557bd4bf in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd810, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#15 0x0000555555625d1c in Escargot::Script::sandboxExecute (this=0x7ffff45f8730, state=...) at ../src/parser/Script.cpp:93
#16 0x00005555557daeb0 in eval (context=0x7ffff4666ed0, str=0x7ffff45e97f0, fileName=0x7ffff45e96b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#17 0x00005555557db7d5 in main (argc=2, argv=0x7fffffffdbc8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator with grammarinator.}

Assertion `isValuePresent()' failed in Escargot::ObjectPropertyDescriptor::value

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

var proto = { } ; 
Object.defineProperty ( proto , "2" , { get : function ( ) { }, configurable : true } ) ; 
Object.defineProperty ( proto , "2" , { writable : false } ) ;

Backtrace:

escargot: escargot/src/runtime/Object.h:289: const Escargot::Value& Escargot::ObjectPropertyDescriptor::value() const: Assertion `isValuePresent()' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555812eb9 "isValuePresent()", 
    file=file@entry=0x555555812dd8 "escargot/src/runtime/Object.h", line=line@entry=289, 
    function=function@entry=0x555555814920 <Escargot::ObjectPropertyDescriptor::value() const::__PRETTY_FUNCTION__> "const Escargot::Value& Escargot::ObjectPropertyDescriptor::value() const")
    at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x555555812eb9 "isValuePresent()", file=0x555555812dd8 "escargot/src/runtime/Object.h", line=289, 
    function=0x555555814920 <Escargot::ObjectPropertyDescriptor::value() const::__PRETTY_FUNCTION__> "const Escargot::Value& Escargot::ObjectPropertyDescriptor::value() const") at assert.c:101
#4  0x00005555555c3448 in Escargot::ObjectPropertyDescriptor::value (this=0x7fffffffd0e0) at escargot/src/runtime/Object.h:289
#5  0x00005555557905c2 in Escargot::Object::defineOwnProperty (this=0x7ffff4829250, state=..., P=..., desc=...) at src/runtime/Object.cpp:544
#6  0x00005555556c4ca7 in Escargot::Object::defineOwnPropertyThrowsException (this=0x7ffff4829250, state=..., P=..., desc=...) at escargot/src/runtime/Object.h:678
#7  0x0000555555746a69 in Escargot::builtinObjectDefineProperty (state=..., thisValue=..., argc=3, argv=0x7fffffffd998, isNewExpression=false) at src/runtime/GlobalObjectBuiltinObject.cpp:159
#8  0x00005555556cba78 in Escargot::FunctionObject::processCall (this=0x7ffff7e5fe30, state=..., receiverSrc=..., argc=@0x7fffffffd920: 3, argv=0x7fffffffd998, isNewExpression=false)
    at src/runtime/FunctionObject.cpp:326
#9  0x00005555555ee742 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd920: 3, argv=0x7fffffffd998)
    at escargot/src/runtime/FunctionObject.h:100
#10 0x00005555555f15bf in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e68610, programCounter=93824998889744, registerFile=0x7fffffffd980, initAddressFiller=0x7fffffffda28)
    at src/interpreter/ByteCodeInterpreter.cpp:527
#11 0x0000555555611a21 in Escargot::Script::execute (this=0x7ffff4824190, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:80
#12 0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd30) at src/parser/Script.cpp:93
#13 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#14 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd30) at /usr/include/c++/7/bits/std_function.h:706
#15 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdca0, scriptRunner=...) at src/runtime/SandBox.cpp:36
#16 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff4824190, state=...) at src/parser/Script.cpp:94
#17 0x00005555557c102b in eval (context=0x7ffff7e59ed0, str=0x7ffff4829750, fileName=0x7ffff48296b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:46
#18 0x00005555557c197a in main (argc=2, argv=0x7fffffffe058) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Assertion `idx < m_size' failed in Escargot::TightVector::operator[]

Escargot version:

Checked revision: 958b293

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

function test0 () {
  var $ = function ($ = ({ $: function () { } })) { }
}
test0()

Backtrace:

escargot: ../src/util/TightVector.h:180: const T& Escargot::TightVector<T, Allocator>::operator[](size_t) const [with T = Escargot::InterpretedCodeBlock*; Allocator = GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::InterpretedCodeBlock*>; size_t = long unsigned int]: Assertion `idx < m_size' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555582dd39 "idx < m_size", file=file@entry=0x55555582de19 "../src/util/TightVector.h", line=line@entry=180, function=function@entry=0x55555582f9e0 <Escargot::TightVector<Escargot::InterpretedCodeBlock*, GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::InterpretedCodeBlock*> >::operator[](unsigned long) const::__PRETTY_FUNCTION__> "const T& Escargot::TightVector<T, Allocator>::operator[](size_t) const [with T = Escargot::InterpretedCodeBlock*; Allocator = GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::InterpretedCodeBlock"...) at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x55555582dd39 "idx < m_size", file=0x55555582de19 "../src/util/TightVector.h", line=180, function=0x55555582f9e0 <Escargot::TightVector<Escargot::InterpretedCodeBlock*, GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::InterpretedCodeBlock*> >::operator[](unsigned long) const::__PRETTY_FUNCTION__> "const T& Escargot::TightVector<T, Allocator>::operator[](size_t) const [with T = Escargot::InterpretedCodeBlock*; Allocator = GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::InterpretedCodeBlock"...) at assert.c:101
#4  0x00005555555d6423 in Escargot::TightVector<Escargot::InterpretedCodeBlock*, GCUtil::gc_malloc_ignore_off_page_allocator<Escargot::InterpretedCodeBlock*> >::operator[] (this=0x7ffff45bdd90, idx=1) at ../src/util/TightVector.h:180
#5  0x0000555555658438 in Escargot::esprima::Parser::parseFunctionSourceElements (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:5245
#6  0x0000555555682806 in Escargot::esprima::Parser::parseFunction<Escargot::FunctionExpressionNode, false> (this=0x7fffffff8ee0, node=...) at ../src/parser/esprima_cpp/esprima.cpp:5390
#7  0x0000555555658fd6 in Escargot::esprima::Parser::parseFunctionExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:5424
#8  0x0000555555694c3f in Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:1136
#9  0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555693de2 <Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#10 0x00005555556837ea in Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2342
#11 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556835ee <Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#12 0x000055555568d298 in Escargot::esprima::Parser::updateExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2596
#13 0x0000555555676d2c in Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2802
#14 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555675f9c <Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#15 0x0000555555652311 in Escargot::esprima::Parser::parseExponentiationExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2808
#16 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556522b0 <Escargot::esprima::Parser::parseExponentiationExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#17 0x0000555555652763 in Escargot::esprima::Parser::parseBinaryExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2916
#18 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556526d8 <Escargot::esprima::Parser::parseBinaryExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#19 0x000055555568a513 in Escargot::esprima::Parser::conditionalExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3227
#20 0x0000555555671e41 in Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3384
#21 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555671d32 <Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#22 0x00005555556ab4e0 in Escargot::esprima::Parser::objectProperty<Escargot::esprima::Parser::PassNode<Escargot::PropertyNode>, true> (this=0x7fffffff8ee0, hasProto=@0x7fffffff649f: false, usedNames=std::__debug::vector of length 0, capacity 0) at ../src/parser/esprima_cpp/esprima.cpp:1722
#23 0x00005555556a2a5e in Escargot::esprima::Parser::objectInitializer<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:1814
#24 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556a29a4 <Escargot::esprima::Parser::objectInitializer<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#25 0x00005555556948a9 in Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:1100
#26 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555693de2 <Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#27 0x00005555556837ea in Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2342
#28 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556835ee <Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#29 0x000055555568d298 in Escargot::esprima::Parser::updateExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2596
#30 0x0000555555676d2c in Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2802
#31 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555675f9c <Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#32 0x0000555555652311 in Escargot::esprima::Parser::parseExponentiationExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2808
#33 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556522b0 <Escargot::esprima::Parser::parseExponentiationExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#34 0x0000555555652763 in Escargot::esprima::Parser::parseBinaryExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2916
#35 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556526d8 <Escargot::esprima::Parser::parseBinaryExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#36 0x000055555568a513 in Escargot::esprima::Parser::conditionalExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3227
#37 0x0000555555671e41 in Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3384
#38 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555671d32 <Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#39 0x00005555556a167f in Escargot::esprima::Parser::groupExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2130
#40 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556a138c <Escargot::esprima::Parser::groupExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#41 0x000055555569480f in Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:1089
#42 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555693de2 <Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#43 0x00005555556837ea in Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2342
#44 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556835ee <Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#45 0x000055555568d298 in Escargot::esprima::Parser::updateExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2596
#46 0x0000555555676d2c in Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2802
#47 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555675f9c <Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#48 0x0000555555652311 in Escargot::esprima::Parser::parseExponentiationExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2808
#49 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556522b0 <Escargot::esprima::Parser::parseExponentiationExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#50 0x0000555555652763 in Escargot::esprima::Parser::parseBinaryExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2916
#51 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556526d8 <Escargot::esprima::Parser::parseBinaryExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#52 0x000055555568a513 in Escargot::esprima::Parser::conditionalExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3227
#53 0x0000555555671e41 in Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3384
#54 0x000055555567317e in Escargot::esprima::Parser::isolateCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555671d32 <Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:802
#55 0x000055555564eece in Escargot::esprima::Parser::parsePatternWithDefault (this=0x7fffffff8ee0, params=std::__debug::vector of length 1, capacity 1 = {...}, kind=Escargot::EscargotLexer::KeywordKindEnd) at ../src/parser/esprima_cpp/esprima.cpp:1280
#56 0x000055555564f31c in Escargot::esprima::Parser::parseFormalParameter (this=0x7fffffff8ee0, options=...) at ../src/parser/esprima_cpp/esprima.cpp:1304
#57 0x000055555564f7a1 in Escargot::esprima::Parser::parseFormalParameters (this=0x7fffffff8ee0, firstRestricted=...) at ../src/parser/esprima_cpp/esprima.cpp:1345
#58 0x000055555568273e in Escargot::esprima::Parser::parseFunction<Escargot::FunctionExpressionNode, false> (this=0x7fffffff8ee0, node=...) at ../src/parser/esprima_cpp/esprima.cpp:5380
#59 0x0000555555658fd6 in Escargot::esprima::Parser::parseFunctionExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:5424
#60 0x0000555555694c3f in Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:1136
#61 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555693de2 <Escargot::esprima::Parser::primaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#62 0x00005555556837ea in Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2342
#63 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556835ee <Escargot::esprima::Parser::leftHandSideExpressionAllowCall<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#64 0x000055555568d298 in Escargot::esprima::Parser::updateExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2596
#65 0x0000555555676d2c in Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2802
#66 0x0000555555677082 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555675f9c <Escargot::esprima::Parser::unaryExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#67 0x0000555555652311 in Escargot::esprima::Parser::parseExponentiationExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2808
#68 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556522b0 <Escargot::esprima::Parser::parseExponentiationExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#69 0x0000555555652763 in Escargot::esprima::Parser::parseBinaryExpression (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:2916
#70 0x0000555555677be6 in Escargot::esprima::Parser::inheritCoverGrammar<JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(JSC::Yarr::PassRefPtr<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x5555556526d8 <Escargot::esprima::Parser::parseBinaryExpression()>) at ../src/parser/esprima_cpp/esprima.cpp:896
#71 0x000055555568a513 in Escargot::esprima::Parser::conditionalExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3227
#72 0x0000555555671e41 in Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3384
#73 0x000055555567317e in Escargot::esprima::Parser::isolateCoverGrammar<Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)()> (this=0x7fffffff8ee0, parseFunction=(Escargot::esprima::Parser::PassNode<Escargot::Node> (Escargot::esprima::Parser::*)(Escargot::esprima::Parser * const)) 0x555555671d32 <Escargot::esprima::Parser::assignmentExpression<Escargot::esprima::Parser::PassNode<Escargot::Node>, true>()>) at ../src/parser/esprima_cpp/esprima.cpp:802
#74 0x0000555555678954 in Escargot::esprima::Parser::variableDeclaration<Escargot::esprima::Parser::PassNode<Escargot::VariableDeclaratorNode>, true> (this=0x7fffffff8ee0, options=...) at ../src/parser/esprima_cpp/esprima.cpp:4061
#75 0x00005555556553c3 in Escargot::esprima::Parser::parseVariableDeclarationList (this=0x7fffffff8ee0, options=...) at ../src/parser/esprima_cpp/esprima.cpp:4082
#76 0x0000555555655634 in Escargot::esprima::Parser::parseVariableStatement (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:4110
#77 0x0000555555656e21 in Escargot::esprima::Parser::parseStatement (this=0x7fffffff8ee0, allowFunctionDeclaration=true) at ../src/parser/esprima_cpp/esprima.cpp:5026
#78 0x0000555555679c30 in Escargot::esprima::Parser::statementListItem<Escargot::esprima::Parser::PassNode<Escargot::StatementNode>, true> (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:3690
#79 0x0000555555658928 in Escargot::esprima::Parser::parseFunctionSourceElements (this=0x7fffffff8ee0) at ../src/parser/esprima_cpp/esprima.cpp:5286
#80 0x000055555565bfcd in Escargot::esprima::parseSingleFunction (ctx=0x7ffff7e5bed0, codeBlock=0x7ffff45bdcb0, stackRemain=3141996) at ../src/parser/esprima_cpp/esprima.cpp:6060
#81 0x0000555555628a6b in Escargot::ScriptParser::parseFunction (this=0x7ffff7e52f70, codeBlock=0x7ffff45bdcb0, stackSizeRemain=3141996, state=0x7fffffffd710) at ../src/parser/ScriptParser.cpp:257
#82 0x00005555556ccc03 in Escargot::FunctionObject::generateBytecodeBlock (this=0x7ffff46311d0, state=...) at ../src/runtime/FunctionObject.cpp:246
#83 0x00005555556cd75c in Escargot::FunctionObject::processCall (this=0x7ffff46311d0, state=..., receiverSrc=..., argc=0, argv=0x7fffffffd610, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:365
#84 0x00005555555f50dc in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=0, argv=0x7fffffffd610, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#85 0x00005555555f8209 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bcd0, programCounter=93824999011584, registerFile=0x7fffffffd600, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:529
#86 0x0000555555625d97 in Escargot::Script::execute (this=0x7ffff462cb20, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#87 0x0000555555625ee9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd990) at ../src/parser/Script.cpp:92
#88 0x0000555555626ef2 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#89 0x00005555557bf72c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd990) at /usr/include/c++/7/bits/std_function.h:706
#90 0x00005555557be2df in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd900, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#91 0x0000555555625fc6 in Escargot::Script::sandboxExecute (this=0x7ffff462cb20, state=...) at ../src/parser/Script.cpp:93
#92 0x00005555557dbd0c in eval (context=0x7ffff7e5bed0, str=0x7ffff46297f0, fileName=0x7ffff46296b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#93 0x00005555557dc631 in main (argc=2, argv=0x7fffffffdcb8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator.}

Smi, Value32/64

I am thinking about working on an optimization, but before I do anything, I would like to ask your opinion about it. As far as I see Escargot uses three different representation for values: an SmallValue, which contains uintptr_t data, and a Value which size is always 8 byte, but there are two different implementations for 32 and 64 bit systems.

The problem is conversion costs: Value->SmallValue and SmallValue->Value happens frequently. It would be good to reduce these conversion costs. I am thinking about using common constants for Value and SmallValue for primitive types (true/false,undefined). Do you think this is possible?

In general, is it worth to have these two representations? If we would keep only one, which one would be better: SmallValue or Value?

(As far as I know returning with two uint32 on 32 bit machines is efficient since it just use two registers)

ECMAScript 2016 Internationalization API Specification (ECMA-402)

ECMAScript® 2016 Internationalization API Specification

ECMA-402 3rd Edition / June 2016

ECMA-402 Spec : ecma-402/3rd

Based on the upper spec, we are going to update/implement ECMA-402 Intl features one by one.

Collation
Number Formatting
Currency Formatting
Date/Time Formatting

Enable Microsoft Windows Build and Setup AppVeyor

Windows Build : Once done before, needs to be updated
Windows CI with AppVeyor

Build & Test Issue

Build based on Make or Ninja via cmake

We've moved to ninja based build & test system.
But make (Makefile) based build & test is also available.
You can freely choose one of them based on your comfort.

Travis CI fail

v8's regress-394673.js failed sometimes due to out-of-memory (too many recursive function calls. other JS engine, e.g. JSC, also failed running this TC).
So, the latest commit(#f3f0fdd) excludes this TC.

Property enumeration segfault

var props = {
  get bar() {
    delete props.prop2;
    return { value : 2, writable : true };
  },
  prop2: {
    value: 3,
    writable: true,
  },
};

Object.defineProperties({}, props);

It seems the problem is that it goes through the properties of a structure, while the structure is changed in the meantime.

Update ECMAScript 6 Features

ES6 Features on Escargot

ES6 Spec : ecma-262/6.0
ES6 New Features : New Features Overview & Comparison

Based on the upper spec, we are going to update ES6 features one by one.
Current status of implemented/unimplemented ES6 features are as follows.

Implementation Priority

const / let variables (widely used, but also most difficult)
Classes
Generators
Modules

Current Status of ES6 Features

ES6 Feature List based on New Features Overview & Comparison

Constants

const Variables

Scoping

let Variables
Block scoped function definitions

Arrow Function

Arrow function

Extended Parameter Handling

Default parameter
Rest parameter
Spread operator

Template Literals

String interpolation
Custom interpolation
Raw string access

Extended Literals

Binary & Octal Literal
Unicode String & RegExp Literal

Enhanced Regular Expression

Regular Expression Sticky Matching

Enhanced Object Properties

Property Shorthand
Computed Property Names
Method Properties

Destructuring Assignment

Array Matching
Object Matching
Parameter Context Matching
Fail-Soft Destructuring

Modules

Value Export/Import
Default & Wildcard

Classes

Symbol Type

Symbol Type (partially implemented)
Global Symbols (partially implemented)

Iterators

Iterator & For-Of Operator

Generators

Map/Set & WeakMap/WeakSet

Set Data-Structure
Map Data-Structure
Weak-Link Data-Structures

Typed Arrays

Typed Arrays

New Builtin Methods

Promises

Promise Usage (partially implemented)
Promise Combination (partially implemented)

Meta-Programming

Proxy
Reflect

Internationalization & Localization

Collation
Number Formatting
Currency Formatting
Date/Time Formatting

NOTE

The above list may miss some ES6 features or mark already implemented features as unimplemented.
Please mark an check-box after completely update each feature.
Add related TC when each feature is updated

Duplicated expression value if template literal is in return

OS: Ubuntu 16.04 LTS
Escargot version: 8fbf6d0
Build commad:
cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -DESCARGOT_ENABLE_PROXY_REFLECT=1 -GNinja && ninja

Example:

var hello = function() {
  var a = "world"
  return `Hello ${a}`
}
print(hello())

Expected result:
Hello world

Given result:
Hello worldworld

However this does not occour if it's passed directly:

var a = "world"
print(`Hello ${a}`)

prints out Hello world as expected.

Assertion `!m_isDataProperty' failed in Escargot::ObjectGetResult::jsGetterSetter

Escargot version:

Checked revision: 958b293

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

var handler = {
  get: function () {}
}

var proxy = new Proxy([ ], handler)
var boundFilter = Array.prototype.filter.bind(proxy)
boundFilter()

Backtrace:

escargot: ../src/runtime/Object.h:463: Escargot::JSGetterSetter* Escargot::ObjectGetResult::jsGetterSetter(): Assertion `!m_isDataProperty' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555842b66 "!m_isDataProperty", file=file@entry=0x555555842a91 "../src/runtime/Object.h", line=line@entry=463, function=function@entry=0x5555558430e0 <Escargot::ObjectGetResult::jsGetterSetter()::__PRETTY_FUNCTION__> "Escargot::JSGetterSetter* Escargot::ObjectGetResult::jsGetterSetter()") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x555555842b66 "!m_isDataProperty", file=0x555555842a91 "../src/runtime/Object.h", line=463, function=0x5555558430e0 <Escargot::ObjectGetResult::jsGetterSetter()::__PRETTY_FUNCTION__> "Escargot::JSGetterSetter* Escargot::ObjectGetResult::jsGetterSetter()") at assert.c:101
#4  0x00005555556d2285 in Escargot::ObjectGetResult::jsGetterSetter (this=0x7fffffffbb60) at ../src/runtime/Object.h:463
#5  0x00005555557af515 in Escargot::ProxyObject::get (this=0x7ffff4626070, state=..., propertyName=...) at ../src/runtime/ProxyObject.cpp:693
#6  0x00005555557a88d0 in Escargot::Object::length (this=0x7ffff4626070, state=...) at ../src/runtime/Object.cpp:888
#7  0x00005555556df788 in Escargot::builtinArrayFilter (state=..., thisValue=..., argc=1, argv=0x7fffffffbfb0, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinArray.cpp:942
#8  0x00005555556cd6f2 in Escargot::FunctionObject::processCall (this=0x7ffff4653cd0, state=..., receiverSrc=..., argc=1, argv=0x7fffffffbfb0, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:357
#9  0x00005555555f50dc in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=1, argv=0x7fffffffbfb0, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#10 0x00005555556150e9 in Escargot::functionBindImpl (state=..., thisValue=..., calledArgc=1, calledArgv=0x7fffffffd600, isNewExpression=false) at ../src/parser/CodeBlock.cpp:179
#11 0x00005555556cd6f2 in Escargot::FunctionObject::processCall (this=0x7ffff461dd80, state=..., receiverSrc=..., argc=1, argv=0x7fffffffd600, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:357
#12 0x00005555555f50dc in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=1, argv=0x7fffffffd600, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#13 0x00005555555f8209 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bcd0, programCounter=93824999022968, registerFile=0x7fffffffd5f0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:529
#14 0x00005555556000ae in Escargot::ByteCodeInterpreter::tryOperation (state=..., code=0x555555bcde70, ec=0x7fffffffd6f0, env=0x7ffff462c8e0, programCounter=93824999022192, byteCodeBlock=0x7ffff7e6bcd0, registerFile=0x7fffffffd5f0) at ../src/interpreter/ByteCodeInterpreter.cpp:1983
#15 0x00005555555fa1c3 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e6bcd0, programCounter=93824999022192, registerFile=0x7fffffffd5f0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:929
#16 0x0000555555625d97 in Escargot::Script::execute (this=0x7ffff4638100, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#17 0x0000555555625ee9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd990) at ../src/parser/Script.cpp:92
#18 0x0000555555626ef2 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#19 0x00005555557bf72c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd990) at /usr/include/c++/7/bits/std_function.h:706
#20 0x00005555557be2df in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd900, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#21 0x0000555555625fc6 in Escargot::Script::sandboxExecute (this=0x7ffff4638100, state=...) at ../src/parser/Script.cpp:93
#22 0x00005555557dbd0c in eval (context=0x7ffff7e5bed0, str=0x7ffff46297f0, fileName=0x7ffff46296b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#23 0x00005555557dc631 in main (argc=2, argv=0x7fffffffdcb8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator.}

Assertion `isExtensible() || newLength <= getArrayLength(state)' failed in Escargot::ArrayObject::setArrayLength

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

var arrObj = [ ] ; 
Object.preventExtensions( arrObj , "length" , { writable : false } ) ; 
Object.defineProperty( arrObj , "length" , { value : 12 } ) ;

Backtrace:

escargot: src/runtime/ArrayObject.cpp:269: bool Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, const uint64_t&): Assertion `isExtensible() || newLength <= getArrayLength(state)' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x555555823ec8 "isExtensible() || newLength <= getArrayLength(state)", 
    file=file@entry=0x555555823e8c "src/runtime/ArrayObject.cpp", line=line@entry=269, 
    function=function@entry=0x555555824340 <Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, unsigned long const&)::__PRETTY_FUNCTION__> "bool Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, const uint64_t&)") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x555555823ec8 "isExtensible() || newLength <= getArrayLength(state)", 
    file=0x555555823e8c "src/runtime/ArrayObject.cpp", line=269, 
    function=0x555555824340 <Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, unsigned long const&)::__PRETTY_FUNCTION__> "bool Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, const uint64_t&)") at assert.c:101
#4  0x00005555556bc060 in Escargot::ArrayObject::setArrayLength (this=0x7ffff480fe30, state=..., newLength=@0x7fffffffca00: 12)
    at src/runtime/ArrayObject.cpp:269
#5  0x00005555557b28bf in Escargot::VMInstance::arrayLengthNativeSetter (state=..., self=0x7ffff480fe30, 
    privateDataFromObjectPrivateArea=..., setterInputData=...) at src/runtime/VMInstance.cpp:79
#6  0x00005555555edd19 in Escargot::Object::setOwnDataPropertyUtilForObjectInner (this=0x7ffff480fe30, state=..., idx=0, item=..., 
    newValue=...) at escargot/src/runtime/Object.h:857
#7  0x0000555555790ca1 in Escargot::Object::defineOwnProperty (this=0x7ffff480fe30, state=..., P=..., desc=...)
    at src/runtime/Object.cpp:642
#8  0x00005555556bb3ea in Escargot::ArrayObject::defineOwnProperty (this=0x7ffff480fe30, state=..., P=..., desc=...)
    at src/runtime/ArrayObject.cpp:103
#9  0x00005555556c4ca7 in Escargot::Object::defineOwnPropertyThrowsException (this=0x7ffff480fe30, state=..., P=..., desc=...)
    at escargot/src/runtime/Object.h:678
#10 0x0000555555746a69 in Escargot::builtinObjectDefineProperty (state=..., thisValue=..., argc=3, argv=0x7fffffffd5b8, 
    isNewExpression=false) at src/runtime/GlobalObjectBuiltinObject.cpp:159
#11 0x00005555556cba78 in Escargot::FunctionObject::processCall (this=0x7ffff4871e30, state=..., receiverSrc=..., 
    argc=@0x7fffffffd540: 3, argv=0x7fffffffd5b8, isNewExpression=false) at src/runtime/FunctionObject.cpp:326
#12 0x00005555555ee742 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd540: 3, 
    argv=0x7fffffffd5b8) at escargot/src/runtime/FunctionObject.h:100
#13 0x00005555555f15bf in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff487a730, 
    programCounter=93824998889696, registerFile=0x7fffffffd5a0, initAddressFiller=0x7fffffffd648)
    at src/interpreter/ByteCodeInterpreter.cpp:527
#14 0x0000555555611a21 in Escargot::Script::execute (this=0x7ffff47e4220, state=..., isEvalMode=false, needNewEnv=false, 
    isOnGlobal=true) at src/parser/Script.cpp:80
#15 0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd950)
    at src/parser/Script.cpp:93
#16 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#17 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd950)
    at /usr/include/c++/7/bits/std_function.h:706
#18 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd8c0, scriptRunner=...)
    at src/runtime/SandBox.cpp:36
#19 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff47e4220, state=...) at src/parser/Script.cpp:94
#20 0x00005555557c102b in eval (context=0x7ffff486bed0, str=0x7ffff47e9750, fileName=0x7ffff47e96b0, shouldPrintScriptResult=false)
    at src/shell/Shell.cpp:46
#21 0x00005555557c197a in main (argc=2, argv=0x7fffffffdc78) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Assertion `iterable->isArrayObject()' failed in Escargot::builtinPromiseAll

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

Object.prototype[1] = 0 ; 
Promise.all('x') ;

Backtrace:

escargot: src/runtime/GlobalObjectBuiltinPromise.cpp:96: Escargot::Value Escargot::builtinPromiseAll(Escargot::ExecutionState&, Escargot::Value, size_t, Escargot::Value*, bool): Assertion `iterable->isArrayObject()' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555834d63 "iterable->isArrayObject()", 
    file=file@entry=0x555555834d38 "src/runtime/GlobalObjectBuiltinPromise.cpp", line=line@entry=96, 
    function=function@entry=0x555555834f40 <Escargot::builtinPromiseAll(Escargot::ExecutionState&, Escargot::Value, unsigned long, Escargot::Value*, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::builtinPromiseAll(Escargot::ExecutionState&, Escargot::Value, size_t, Escargot::Value*, bool)") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x555555834d63 "iterable->isArrayObject()", file=0x555555834d38 "src/runtime/GlobalObjectBuiltinPromise.cpp", line=96, 
    function=0x555555834f40 <Escargot::builtinPromiseAll(Escargot::ExecutionState&, Escargot::Value, unsigned long, Escargot::Value*, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::builtinPromiseAll(Escargot::ExecutionState&, Escargot::Value, size_t, Escargot::Value*, bool)") at assert.c:101
#4  0x000055555575116c in Escargot::builtinPromiseAll (state=..., thisValue=..., argc=1, argv=0x7fffffffd9b8, isNewExpression=false) at src/runtime/GlobalObjectBuiltinPromise.cpp:96
#5  0x00005555556cba78 in Escargot::FunctionObject::processCall (this=0x7ffff486d330, state=..., receiverSrc=..., argc=@0x7fffffffd940: 1, argv=0x7fffffffd9b8, isNewExpression=false)
    at src/runtime/FunctionObject.cpp:326
#6  0x00005555555ee742 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd940: 1, argv=0x7fffffffd9b8)
    at escargot/src/runtime/FunctionObject.h:100
#7  0x00005555555f15bf in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e68730, programCounter=93824998886912, registerFile=0x7fffffffd9a0, initAddressFiller=0x7fffffffda28)
    at src/interpreter/ByteCodeInterpreter.cpp:527
#8  0x0000555555611a21 in Escargot::Script::execute (this=0x7ffff48242b0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:80
#9  0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd30) at src/parser/Script.cpp:93
#10 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#11 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd30) at /usr/include/c++/7/bits/std_function.h:706
#12 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdca0, scriptRunner=...) at src/runtime/SandBox.cpp:36
#13 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff48242b0, state=...) at src/parser/Script.cpp:94
#14 0x00005555557c102b in eval (context=0x7ffff7e59ed0, str=0x7ffff4829750, fileName=0x7ffff48296b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:46
#15 0x00005555557c197a in main (argc=2, argv=0x7fffffffe058) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Update Array.prototype functions to ES2015 versions

Related issue: #124
Related PRs: #140 #153

Assertion isRegExpObject() failed in Escargot::Object::asRegExpObject

Escargot version:

Checked revision: cd03a08

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

var obj = { };
RegExp.prototype.compile.call(obj);

Backtrace:

escargot: ../src/runtime/Object.h:555: Escargot::RegExpObject* Escargot::Object::asRegExpObject(): Assertion `isRegExpObject()' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555584e87e "isRegExpObject()", file=file@entry=0x55555584e7ce "../src/runtime/Object.h", line=line@entry=555, function=function@entry=0x55555584eb80 <Escargot::Object::asRegExpObject()::__PRETTY_FUNCTION__> "Escargot::RegExpObject* Escargot::Object::asRegExpObject()") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x55555584e87e "isRegExpObject()", file=0x55555584e7ce "../src/runtime/Object.h", line=555, function=0x55555584eb80 <Escargot::Object::asRegExpObject()::__PRETTY_FUNCTION__> "Escargot::RegExpObject* Escargot::Object::asRegExpObject()") at assert.c:101
#4  0x000055555575ccb6 in Escargot::Object::asRegExpObject (this=0x7ffff45d6250) at ../src/runtime/Object.h:555
#5  0x000055555575e084 in Escargot::builtinRegExpCompile (state=..., thisValue=..., argc=1, argv=0x7fffffffbdc0, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinRegExp.cpp:140
#6  0x00005555556cca22 in Escargot::FunctionObject::processCall (this=0x7ffff4664330, state=..., receiverSrc=..., argc=1, argv=0x7fffffffbdc0, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:357
#7  0x00005555555ca3af in Escargot::FunctionObject::call (this=0x7ffff4664330, state=..., receiver=..., argc=1, argv=0x7fffffffc050) at ../src/runtime/FunctionObject.h:103
#8  0x00005555556fc8c8 in Escargot::builtinFunctionCall (state=..., thisValue=..., argc=2, argv=0x7fffffffcae8, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinFunction.cpp:197
#9  0x00005555556cca22 in Escargot::FunctionObject::processCall (this=0x7ffff46653e0, state=..., receiverSrc=..., argc=2, argv=0x7fffffffcae8, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:357
#10 0x00005555555f4f02 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=2, argv=0x7fffffffcae8, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#11 0x00005555555f812a in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4676bb0, programCounter=93824999009200, registerFile=0x7fffffffcad0, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:540
#12 0x00005555556cdc72 in Escargot::FunctionObject::processCall (this=0x7ffff4638b70, state=..., receiverSrc=..., argc=1, argv=0x7fffffffd530, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:536
#13 0x00005555555f4f02 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=1, argv=0x7fffffffd530, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#14 0x00005555555f803d in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4676cd0, programCounter=93824999003936, registerFile=0x7fffffffd520, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:529
#15 0x0000555555625aed in Escargot::Script::execute (this=0x7ffff45f8190, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#16 0x0000555555625c3f in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd8a0) at ../src/parser/Script.cpp:92
#17 0x0000555555626c48 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#18 0x00005555557be90c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd8a0) at /usr/include/c++/7/bits/std_function.h:706
#19 0x00005555557bd4bf in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd810, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#20 0x0000555555625d1c in Escargot::Script::sandboxExecute (this=0x7ffff45f8190, state=...) at ../src/parser/Script.cpp:93
#21 0x00005555557daeb0 in eval (context=0x7ffff4666ed0, str=0x7ffff45e97f0, fileName=0x7ffff45e96b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#22 0x00005555557db7d5 in main (argc=2, argv=0x7fffffffdbc8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator with grammarinator.}

Assertion: byteindex + elementSize <= bytelength() in Escargot::Value Escargot::ArrayBufferView::getValueFromBuffer(Escargot::ExecutionState&, unsigned int, bool) [with Type = float]

Escargot version:

Checked revision: 46dd776
Build command: make x64.interpreter.debug

OS:

Linux-4.15.0-38-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

new Float32Array({ length: 0x40000001 });

Backtrace:

escargot: src/runtime/TypedArrayObject.h:108: Escargot::Value Escargot::ArrayBufferView::getValueFromBuffer(Escargot::ExecutionState&, unsigned int, bool) [with Type = float]: Assertion `byteindex + elementSize <= bytelength()' failed.

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s\' failed.\\n%n", assertion=assertion@entry=0x5555557b11c0 "byteindex + elementSize <= bytelength()", file=file@entry=0x5555557b0e60 "src/runtime/TypedArrayObject.h", line=line@entry=108, function=function@entry=0x5555557b1fa0 <Escargot::Value Escargot::ArrayBufferView::getValueFromBuffer<float>(Escargot::ExecutionState&, unsigned int, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::ArrayBufferView::getValueFromBuffer(Escargot::ExecutionState&, unsigned int, bool) [with Type = float]") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x5555557b11c0 "byteindex + elementSize <= bytelength()", file=0x5555557b0e60 "src/runtime/TypedArrayObject.h", line=108, function=0x5555557b1fa0 <Escargot::Value Escargot::ArrayBufferView::getValueFromBuffer<float>(Escargot::ExecutionState&, unsigned int, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::ArrayBufferView::getValueFromBuffer(Escargot::ExecutionState&, unsigned int, bool) [with Type = float]") at assert.c:101
#4  0x0000555555662596 in Escargot::ArrayBufferView::getValueFromBuffer<float> (this=0x7ffff45dfbb0, state=..., byteindex=4, isLittleEndian=true) at src/runtime/TypedArrayObject.h:108
#5  0x000055555565fae3 in Escargot::TypedArrayObject<Escargot::Float32Adaptor, 4>::getOwnProperty (this=0x7ffff45dfbb0, state=..., P=...) at src/runtime/TypedArrayObject.h:246
#6  0x000055555572939e in Escargot::Object::set (this=0x7ffff45dfbb0, state=..., propertyName=..., v=..., receiver=...) at src/runtime/Object.cpp:717
#7  0x00005555557297a0 in Escargot::Object::setThrowsException (this=0x7ffff45dfbb0, state=..., P=..., v=..., receiver=...) at src/runtime/Object.cpp:781
#8  0x000055555565df73 in Escargot::builtinTypedArrayConstructor<Escargot::Float32ArrayObject, 4> (state=..., thisValue=..., argc=1, argv=0x7fffffffd230, isNewExpression=true) at src/runtime/GlobalObjectBuiltinTypedArray.cpp:219
#9  0x00005555556bd6a6 in Escargot::FunctionObject::processCall (this=0x7ffff45c6490, state=..., receiverSrc=..., argc=@0x7fffffffd498: 1, argv=0x7fffffffd230, isNewExpression=true) at src/runtime/FunctionObject.cpp:314
#10 0x00005555556bd27e in Escargot::FunctionObject::newInstance (this=0x7ffff45c6490, state=..., argc=@0x7fffffffd498: 1, argv=0x7fffffffdb10) at src/runtime/FunctionObject.cpp:261
#11 0x000055555559a003 in Escargot::ByteCodeInterpreter::newOperation (state=..., callee=..., argc=1, argv=0x7fffffffdb10) at src/interpreter/ByteCodeInterpreter.cpp:1286
#12 0x0000555555597957 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff465e2b0, programCounter=93824998356792, registerFile=0x7fffffffdb00, initAddressFiller=0x7fffffffdb88) at src/interpreter/ByteCodeInterpreter.cpp:760
#13 0x00005555555b4bdf in Escargot::Script::execute (this=0x7ffff45dc610, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:80
#14 0x00005555555b4d31 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffde90) at src/parser/Script.cpp:93
#15 0x00005555555b5d94 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#16 0x00005555556d28be in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffde90) at /usr/include/c++/7/bits/std_function.h:706
#17 0x00005555556d1403 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffde00, scriptRunner=...) at src/runtime/SandBox.cpp:36
#18 0x00005555555b4e0e in Escargot::Script::sandboxExecute (this=0x7ffff45dc610, state=...) at src/parser/Script.cpp:94
#19 0x0000555555755185 in eval (context=0x7ffff4660d90, str=0x7ffff45dd250, fileName=0x7ffff45dd1b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:44
#20 0x0000555555755ad4 in main (argc=2, argv=0x7fffffffe1b8) at src/shell/Shell.cpp:127

^{Found by Fuzzinator.}

Assertion isPointerValue() failed in Escargot::Value::asPointerValue

Escargot version:

Checked revision: cd03a08

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-48-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

Number.prototype.toLowerCase = RegExp.prototype.compile;
NaN.toLowerCase();

Backtrace:

escargot: ../src/runtime/ValueInlines.h:521: Escargot::PointerValue* Escargot::Value::asPointerValue() const: Assertion `isPointerValue()' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555582cc56 "isPointerValue()", file=file@entry=0x55555582cc17 "../src/runtime/ValueInlines.h", line=line@entry=521, function=function@entry=0x55555582dc40 <Escargot::Value::asPointerValue() const::__PRETTY_FUNCTION__> "Escargot::PointerValue* Escargot::Value::asPointerValue() const") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x55555582cc56 "isPointerValue()", file=0x55555582cc17 "../src/runtime/ValueInlines.h", line=521, function=0x55555582dc40 <Escargot::Value::asPointerValue() const::__PRETTY_FUNCTION__> "Escargot::PointerValue* Escargot::Value::asPointerValue() const") at assert.c:101
#4  0x00005555555c931f in Escargot::Value::asPointerValue (this=0x7fffffffca90) at ../src/runtime/ValueInlines.h:521
#5  0x000055555575e074 in Escargot::builtinRegExpCompile (state=..., thisValue=..., argc=0, argv=0x7fffffffcb00, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinRegExp.cpp:140
#6  0x00005555556cca22 in Escargot::FunctionObject::processCall (this=0x7ffff4664330, state=..., receiverSrc=..., argc=0, argv=0x7fffffffcb00, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:357
#7  0x00005555555f4f02 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=0, argv=0x7fffffffd530, isNewExpression=false) at ../src/runtime/FunctionObject.h:111
#8  0x00005555555f812a in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4676cd0, programCounter=93824999005304, registerFile=0x7fffffffd500, initAddressFiller=0x0) at ../src/interpreter/ByteCodeInterpreter.cpp:540
#9  0x0000555555625aed in Escargot::Script::execute (this=0x7ffff45f86a0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#10 0x0000555555625c3f in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd8a0) at ../src/parser/Script.cpp:92
#11 0x0000555555626c48 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#12 0x00005555557be90c in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd8a0) at /usr/include/c++/7/bits/std_function.h:706
#13 0x00005555557bd4bf in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd810, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#14 0x0000555555625d1c in Escargot::Script::sandboxExecute (this=0x7ffff45f86a0, state=...) at ../src/parser/Script.cpp:93
#15 0x00005555557daeb0 in eval (context=0x7ffff4666ed0, str=0x7ffff45e97f0, fileName=0x7ffff45e96b0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#16 0x00005555557db7d5 in main (argc=2, argv=0x7fffffffdbc8) at ../src/shell/Shell.cpp:128

^{Found by Fuzzinator with grammarinator.}

Assertion constructor.isConstructor() == true in Escargot::FunctionObject::construct

Escargot version:

Checked revision: 106b9c8

Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-51-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

if (Promise.reject.call (Function.prototype));

Backtrace:

escargot: ../src/runtime/FunctionObject.h:193: static Escargot::Object* Escargot::FunctionObject::construct(Escargot::ExecutionState&, const Escargot::Value&, size_t, Escargot::Value*, Escargot::Value): Assertion `constructor.isConstructor() == true' failed.

bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6466801 in __GI_abort () at abort.c:79
#2  0x00007ffff645639a in __assert_fail_base (fmt=0x7ffff65dd7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555584c050 "constructor.isConstructor() == true", file=file@entry=0x55555584c030 "../src/runtime/FunctionObject.h", line=line@entry=193, function=function@entry=0x55555584d3a0 <Escargot::FunctionObject::construct(Escargot::ExecutionState&, Escargot::Value const&, unsigned long, Escargot::Value*, Escargot::Value)::__PRETTY_FUNCTION__> "static Escargot::Object* Escargot::FunctionObject::construct(Escargot::ExecutionState&, const Escargot::Value&, size_t, Escargot::Value*, Escargot::Value)") at assert.c:92
#3  0x00007ffff6456412 in __GI___assert_fail (assertion=0x55555584c050 "constructor.isConstructor() == true", file=0x55555584c030 "../src/runtime/FunctionObject.h", line=193, function=0x55555584d3a0 <Escargot::FunctionObject::construct(Escargot::ExecutionState&, Escargot::Value const&, unsigned long, Escargot::Value*, Escargot::Value)::__PRETTY_FUNCTION__> "static Escargot::Object* Escargot::FunctionObject::construct(Escargot::ExecutionState&, const Escargot::Value&, size_t, Escargot::Value*, Escargot::Value)") at assert.c:101
#4  0x00005555556096bd in Escargot::FunctionObject::construct (state=..., constructor=..., argc=1, argv=0x7fffffffca50, newTarget=...) at ../src/runtime/FunctionObject.h:193
#5  0x00005555557c26ef in Escargot::PromiseObject::newPromiseCapability (state=..., constructor=0x7ffff4662bb0) at ../src/runtime/PromiseObject.cpp:93
#6  0x0000555555771a4b in Escargot::builtinPromiseReject (state=..., thisValue=..., argc=0, argv=0x7fffffffcb10, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinPromise.cpp:287
#7  0x00005555556e6839 in Escargot::FunctionObject::processCall (this=0x7ffff461dd30, state=..., receiverSrc=..., argc=0, argv=0x7fffffffcb10, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:328
#8  0x00005555556e46af in Escargot::FunctionObject::call (this=0x7ffff461dd30, state=..., thisValue=..., argc=0, argv=0x7fffffffce40) at ../src/runtime/FunctionObject.h:169
#9  0x0000555555609655 in Escargot::FunctionObject::call (state=..., callee=..., thisValue=..., argc=0, argv=0x7fffffffce40) at ../src/runtime/FunctionObject.h:182
#10 0x000055555571749f in Escargot::builtinFunctionCall (state=..., thisValue=..., argc=1, argv=0x7fffffffda08, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinFunction.cpp:209
#11 0x00005555556e6839 in Escargot::FunctionObject::processCall (this=0x7ffff4662430, state=..., receiverSrc=..., argc=1, argv=0x7fffffffda08, isNewExpression=false) at ../src/runtime/FunctionObject.cpp:328
#12 0x00005555556e46af in Escargot::FunctionObject::call (this=0x7ffff4662430, state=..., thisValue=..., argc=1, argv=0x7fffffffda08) at ../src/runtime/FunctionObject.h:169
#13 0x0000555555609655 in Escargot::FunctionObject::call (state=..., callee=..., thisValue=..., argc=1, argv=0x7fffffffda08) at ../src/runtime/FunctionObject.h:182
#14 0x000055555560cc22 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4678cd0, programCounter=93824999119640, registerFile=0x7fffffffd9e0) at ../src/interpreter/ByteCodeInterpreter.cpp:573
#15 0x0000555555639b31 in Escargot::Script::execute (this=0x7ffff45f16a0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:79
#16 0x0000555555639c83 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd90) at ../src/parser/Script.cpp:92
#17 0x000055555563ac8c in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#18 0x00005555557d410a in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd90) at /usr/include/c++/7/bits/std_function.h:706
#19 0x00005555557d2cbd in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdd00, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#20 0x0000555555639d60 in Escargot::Script::sandboxExecute (this=0x7ffff45f16a0, state=...) at ../src/parser/Script.cpp:93
#21 0x00005555557f075a in eval (context=0x7ffff4669ed0, str=0x7ffff45d0570, fileName=0x7ffff45d04d0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:47
#22 0x00005555557f10bc in main (argc=2, argv=0x7fffffffe0b8) at ../src/shell/Shell.cpp:133

^{Found by Fuzzinator with grammarinator.}

Segmentation fault in Escargot::Object::setOwnDataPropertyUtilForObjectInner

Escargot version:

Checked revision: bfb1b7d
Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-45-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

var r = / /;
Object.defineProperty(r, 'global', {value: false});

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00005555555f0c65 in Escargot::Object::setOwnDataPropertyUtilForObjectInner (this=0x7ffff45eed70, state=..., idx=2, item=..., newValue=...) at ../src/runtime/Object.h:885
#2  0x00005555557927b4 in Escargot::Object::defineOwnProperty (this=0x7ffff45eed70, state=..., P=..., desc=...) at ../src/runtime/Object.cpp:652
#3  0x000055555579c239 in Escargot::RegExpObject::defineOwnProperty (this=0x7ffff45eed70, state=..., P=..., desc=...) at ../src/runtime/RegExpObject.cpp:180
#4  0x00005555556bdedf in Escargot::Object::defineOwnPropertyThrowsException (this=0x7ffff45eed70, state=..., P=..., desc=...) at ../src/runtime/Object.h:708
#5  0x00005555557405e2 in Escargot::builtinObjectDefineProperty (state=..., thisValue=..., argc=3, argv=0x7fffffffdb18, isNewExpression=false) at ../src/runtime/GlobalObjectBuiltinObject.cpp:164
#6  0x00005555556c4bc0 in Escargot::FunctionObject::processCall (this=0x7ffff466ae30, state=..., receiverSrc=..., argc=@0x7fffffffdaa0: 3, argv=0x7fffffffdb18, isNewExpression=false)
    at ../src/runtime/FunctionObject.cpp:332
#7  0x00005555555f16c0 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffdaa0: 3, argv=0x7fffffffdb18) at ../src/runtime/FunctionObject.h:105
#8  0x00005555555f484c in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff46723d0, programCounter=93824998898648, registerFile=0x7fffffffdb00, initAddressFiller=0x7fffffffdb98)
    at ../src/interpreter/ByteCodeInterpreter.cpp:524
#9  0x0000555555621877 in Escargot::Script::execute (this=0x7ffff45eb4f0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:80
#10 0x00005555556219c9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdeb0) at ../src/parser/Script.cpp:93
#11 0x00005555556229e0 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#12 0x00005555557a92a2 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdeb0) at /usr/include/c++/7/bits/std_function.h:706
#13 0x00005555557a7d87 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffde20, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#14 0x0000555555621aa6 in Escargot::Script::sandboxExecute (this=0x7ffff45eb4f0, state=...) at ../src/parser/Script.cpp:94
#15 0x00005555557c62c3 in eval (context=0x7ffff4663ed0, str=0x7ffff45f2a70, fileName=0x7ffff45f29d0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:46
#16 0x00005555557c6c12 in main (argc=2, argv=0x7fffffffe1d8) at ../src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Array.prototype.concat() should throw TypeError if length is greater than max safe integer

https://www.ecma-international.org/ecma-262/6.0/#sec-array.prototype.concat
According to this section of the EcmaScript 2015 standard, Array.prototype.concat() has to check if the length of the returned array would be greater than MAX_SAFE_INTEGER (2^53).

7.d.iv. If n + len > 2^53-1, throw a TypeError exception.
...
7.e.i. if n >= 2^53-1, throw a TypeError exception.

However, Escargot does not check this.

Segmentation fault in Escargot::Value::isString

Escargot version:

Checked revision: 878482b
Build command: cmake -H. -Bout -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja -C out

OS:

Linux-4.15.0-45-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

function collect(value) {
    var primitive = y(value)
    if (primitive) return
    var index = z(value)
    if (index !== -1) { return } 
    else {
        x.push({ })
        index = x.length - 1
        x[ index ].fv = value
    }

    var ps = Object.getOwnPropertyNames(value)
    for (var i = 0; i < ps.length; i++) {
        var p = ps[i]
        if (a(value, p)) {
            collect(value[p])
        }
    }
}

function y(value) {
    if (value === null)
        return "null"
    var vt = typeof value
    if (vt !== "function" && vt !== "object")
        return vt
}

function a(value, field) {
    try {
        value[field]
        return true
    } catch ( $ ) { }
}

function z(value) {
    for (var i = 0; i < x.length; i++) {
        if (value === x[ i ].fv)
             return i
    }
    return -1
}

var x = [ ];
collect(this);

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00005555555c64ce in Escargot::Value::isString (this=0x7fffffffa578) at ../src/runtime/ValueInlines.h:467
467	    return isPointerValue() && asPointerValue()->isString();
(gdb) bt
#0  0x00005555555c64ce in Escargot::Value::isString (this=0x7fffffffa578) at ../src/runtime/ValueInlines.h:467
#1  0x00005555555f5eb6 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff45c4a90, programCounter=93824998871288, registerFile=0x7fffffffab60, initAddressFiller=0x7fffffffad50)
    at ../src/interpreter/ByteCodeInterpreter.cpp:780
#2  0x00005555556c12a1 in Escargot::FunctionObject::processCall (this=0x7ffff4631c20, state=..., receiverSrc=..., argc=@0x7fffffffb450: 1, argv=0x7fffffffb4e8, isNewExpression=false)
    at ../src/runtime/FunctionObject.cpp:473
#3  0x00005555555f1904 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffb450: 1, argv=0x7fffffffb4e8) at ../src/runtime/FunctionObject.h:105
#4  0x00005555555f4985 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff45c4cd0, programCounter=93824998877856, registerFile=0x7fffffffb4b0, initAddressFiller=0x7fffffffb6d0)
    at ../src/interpreter/ByteCodeInterpreter.cpp:513
#5  0x00005555556c12a1 in Escargot::FunctionObject::processCall (this=0x7ffff4631cd0, state=..., receiverSrc=..., argc=@0x7fffffffbdd0: 1, argv=0x7fffffffbe40, isNewExpression=false)
    at ../src/runtime/FunctionObject.cpp:473
#6  0x00005555555f1904 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffbdd0: 1, argv=0x7fffffffbe40) at ../src/runtime/FunctionObject.h:105
#7  0x00005555555f4985 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff45c4cd0, programCounter=93824998879984, registerFile=0x7fffffffbe30, initAddressFiller=0x7fffffffc050)
    at ../src/interpreter/ByteCodeInterpreter.cpp:513
#8  0x00005555556c12a1 in Escargot::FunctionObject::processCall (this=0x7ffff4631cd0, state=..., receiverSrc=..., argc=@0x7fffffffc750: 1, argv=0x7fffffffc7c0, isNewExpression=false)
    at ../src/runtime/FunctionObject.cpp:473
#9  0x00005555555f1904 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffc750: 1, argv=0x7fffffffc7c0) at ../src/runtime/FunctionObject.h:105
#10 0x00005555555f4985 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff45c4cd0, programCounter=93824998879984, registerFile=0x7fffffffc7b0, initAddressFiller=0x7fffffffc9d0)
    at ../src/interpreter/ByteCodeInterpreter.cpp:513
#11 0x00005555556c12a1 in Escargot::FunctionObject::processCall (this=0x7ffff4631cd0, state=..., receiverSrc=..., argc=@0x7fffffffd0d0: 1, argv=0x7fffffffd140, isNewExpression=false)
    at ../src/runtime/FunctionObject.cpp:473
#12 0x00005555555f1904 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd0d0: 1, argv=0x7fffffffd140) at ../src/runtime/FunctionObject.h:105
#13 0x00005555555f4985 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff45c4cd0, programCounter=93824998879984, registerFile=0x7fffffffd130, initAddressFiller=0x7fffffffd350)
    at ../src/interpreter/ByteCodeInterpreter.cpp:513
#14 0x00005555556c12a1 in Escargot::FunctionObject::processCall (this=0x7ffff4631cd0, state=..., receiverSrc=..., argc=@0x7fffffffda50: 1, argv=0x7fffffffdac0, isNewExpression=false)
    at ../src/runtime/FunctionObject.cpp:473
#15 0x00005555555f1904 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffda50: 1, argv=0x7fffffffdac0) at ../src/runtime/FunctionObject.h:105
#16 0x00005555555f4985 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff45c4f10, programCounter=93824998869072, registerFile=0x7fffffffdab0, initAddressFiller=0x7fffffffdb28)
    at ../src/interpreter/ByteCodeInterpreter.cpp:513
#17 0x0000555555621a75 in Escargot::Script::execute (this=0x7ffff45bbc40, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at ../src/parser/Script.cpp:80
#18 0x0000555555621bc7 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffde40) at ../src/parser/Script.cpp:93
#19 0x0000555555622bde in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#20 0x00005555557a4c00 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffde40) at /usr/include/c++/7/bits/std_function.h:706
#21 0x00005555557a36e5 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffddb0, scriptRunner=...) at ../src/runtime/SandBox.cpp:36
#22 0x0000555555621ca4 in Escargot::Script::sandboxExecute (this=0x7ffff45bbc40, state=...) at ../src/parser/Script.cpp:94
#23 0x00005555557c1c21 in eval (context=0x7ffff7e58ed0, str=0x7ffff4632a70, fileName=0x7ffff46329d0, shouldPrintScriptResult=false) at ../src/shell/Shell.cpp:46
#24 0x00005555557c2570 in main (argc=2, argv=0x7fffffffe168) at ../src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Assertion `blk' failed in Escargot::FunctionExpressionNode::generateExpressionByteCode

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

for ( var id_0 = { toString : function ( ) {} } in Array.toString ) { }

Backtrace:

escargot: escargot/src/parser/ast/FunctionExpressionNode.h:58: virtual void Escargot::FunctionExpressionNode::generateExpressionByteCode(Escargot::ByteCodeBlock*, Escargot::ByteCodeGenerateContext*, ByteCodeRegisterIndex): Assertion `blk' failed.
b
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555581d77a "blk", 
    file=file@entry=0x55555581d9b8 "escargot/src/parser/ast/FunctionExpressionNode.h", line=line@entry=58, 
    function=function@entry=0x555555820320 <Escargot::FunctionExpressionNode::generateExpressionByteCode(Escargot::ByteCodeBlock*, Escargot::ByteCodeGenerateContext*, unsigned short)::__PRETTY_FUNCTION__> "virtual void Escargot::FunctionExpressionNode::generateExpressionByteCode(Escargot::ByteCodeBlock*, Escargot::ByteCodeGenerateContext*, ByteCodeRegisterIndex)") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x55555581d77a "blk", file=0x55555581d9b8 "escargot/src/parser/ast/FunctionExpressionNode.h", line=58, 
    function=0x555555820320 <Escargot::FunctionExpressionNode::generateExpressionByteCode(Escargot::ByteCodeBlock*, Escargot::ByteCodeGenerateContext*, unsigned short)::__PRETTY_FUNCTION__> "virtual void Escargot::FunctionExpressionNode::generateExpressionByteCode(Escargot::ByteCodeBlock*, Escargot::ByteCodeGenerateContext*, ByteCodeRegisterIndex)") at assert.c:101
#4  0x000055555562fa6c in Escargot::FunctionExpressionNode::generateExpressionByteCode (this=0x7ffff482df70, codeBlock=0x7ffff7e68610, context=0x7fffffffd200, dstIndex=3)
    at escargot/src/parser/ast/FunctionExpressionNode.h:58
#5  0x00005555556317db in Escargot::ObjectExpressionNode::generateExpressionByteCode (this=0x7ffff482ff10, codeBlock=0x7ffff7e68610, context=0x7fffffffd200, dstRegister=2)
    at escargot/src/parser/ast/ObjectExpressionNode.h:70
#6  0x00005555556387ff in Escargot::VariableDeclarationNode::generateStoreByteCode (this=0x7ffff482fe40, codeBlock=0x7ffff7e68610, context=0x7fffffffd200, src=2, needToReferenceSelf=true)
    at escargot/src/parser/ast/VariableDeclarationNode.h:56
#7  0x000055555562ebd0 in Escargot::ForInStatementNode::generateStatementByteCode (this=0x7ffff4830f70, codeBlock=0x7ffff7e68610, context=0x7fffffffd7c0)
    at escargot/src/parser/ast/ForInStatementNode.h:89
#8  0x000055555561f06c in Escargot::StatementContainer::generateStatementByteCode (this=0x555555bac510, codeBlock=0x7ffff7e68610, context=0x7fffffffd7c0)
    at escargot/src/parser/ast/StatementNode.h:75
#9  0x0000555555631db9 in Escargot::ProgramNode::generateStatementByteCode (this=0x7ffff482ee30, codeBlock=0x7ffff7e68610, context=0x7fffffffd7c0)
    at escargot/src/parser/ast/ProgramNode.h:48
#10 0x00005555555e1789 in Escargot::ByteCodeGenerator::generateByteCode (this=0x7fffffffda17, c=0x7ffff7e59ed0, codeBlock=0x7ffff4831ed0, ast=0x7ffff482ee30, scopeCtx=0x7ffff7e68850, isEvalMode=false, 
    isOnGlobal=true, shouldGenerateLOCData=false) at src/interpreter/ByteCodeGenerator.cpp:188
#11 0x0000555555611635 in Escargot::Script::execute (this=0x7ffff4824190, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:46
#12 0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd30) at src/parser/Script.cpp:93
#13 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#14 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd30) at /usr/include/c++/7/bits/std_function.h:706
#15 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdca0, scriptRunner=...) at src/runtime/SandBox.cpp:36
#16 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff4824190, state=...) at src/parser/Script.cpp:94
#17 0x00005555557c102b in eval (context=0x7ffff7e59ed0, str=0x7ffff4829750, fileName=0x7ffff48296b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:46
#18 0x00005555557c197a in main (argc=2, argv=0x7fffffffe058) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Assertion `iterable->isArrayObject()' failed in Escargot::builtinPromiseRace

Escargot version:

Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

OS:

Ubuntu 18.04, x86_64

Test case:

Object.prototype[1] = 0 ; 
Promise.race('multiline') ;

Backtrace:

escargot: src/runtime/GlobalObjectBuiltinPromise.cpp:208: Escargot::Value Escargot::builtinPromiseRace(Escargot::ExecutionState&, Escargot::Value, size_t, Escargot::Value*, bool): Assertion `iterable->isArrayObject()' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555555834d63 "iterable->isArrayObject()", 
    file=file@entry=0x555555834d38 "src/runtime/GlobalObjectBuiltinPromise.cpp", line=line@entry=208, 
    function=function@entry=0x5555558350c0 <Escargot::builtinPromiseRace(Escargot::ExecutionState&, Escargot::Value, unsigned long, Escargot::Value*, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::builtinPromiseRace(Escargot::ExecutionState&, Escargot::Value, size_t, Escargot::Value*, bool)") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x555555834d63 "iterable->isArrayObject()", file=0x555555834d38 "src/runtime/GlobalObjectBuiltinPromise.cpp", line=208, 
    function=0x5555558350c0 <Escargot::builtinPromiseRace(Escargot::ExecutionState&, Escargot::Value, unsigned long, Escargot::Value*, bool)::__PRETTY_FUNCTION__> "Escargot::Value Escargot::builtinPromiseRace(Escargot::ExecutionState&, Escargot::Value, size_t, Escargot::Value*, bool)") at assert.c:101
#4  0x00005555557522a4 in Escargot::builtinPromiseRace (state=..., thisValue=..., argc=1, argv=0x7fffffffd9c8, isNewExpression=false) at src/runtime/GlobalObjectBuiltinPromise.cpp:208
#5  0x00005555556cba78 in Escargot::FunctionObject::processCall (this=0x7ffff486d280, state=..., receiverSrc=..., argc=@0x7fffffffd950: 1, argv=0x7fffffffd9c8, isNewExpression=false)
    at src/runtime/FunctionObject.cpp:326
#6  0x00005555555ee742 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd950: 1, argv=0x7fffffffd9c8)
    at src/runtime/FunctionObject.h:100
#7  0x00005555555f15bf in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff7e68730, programCounter=93824998886912, registerFile=0x7fffffffd9b0, initAddressFiller=0x7fffffffda38)
    at src/interpreter/ByteCodeInterpreter.cpp:527
#8  0x0000555555611a21 in Escargot::Script::execute (this=0x7ffff48242b0, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:80
#9  0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdd40) at src/parser/Script.cpp:93
#10 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...)
    at /usr/include/c++/7/bits/std_function.h:302
#11 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdd40) at /usr/include/c++/7/bits/std_function.h:706
#12 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffdcb0, scriptRunner=...) at src/runtime/SandBox.cpp:36
#13 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff48242b0, state=...) at src/parser/Script.cpp:94
#14 0x00005555557c102b in eval (context=0x7ffff7e59ed0, str=0x7ffff4829750, fileName=0x7ffff48296b0, shouldPrintScriptResult=false) at src/shell/Shell.cpp:46
#15 0x00005555557c197a in main (argc=2, argv=0x7fffffffe068) at src/shell/Shell.cpp:129

^{Found by Fuzzinator with grammarinator.}

Dereferencing a null pointer in Escargot::AssignmentExpressionSimpleNode::generateExpressionByteCode()

Test case:

try{eval("if((({ window: window, \u3056: [] }) =  \"\" ) ^ new  /x/g ().yoyo(this)++) { if     ([[]].throw(this.zzz.zzz--)) {var x = [1,,], x5; }} else {{}((-1)); }");}catch(ex){}

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x0000555555638707 in Escargot::AssignmentExpressionSimpleNode::generateResultNotRequiredExpressionByteCode (this=0x7ffff4583e30, codeBlock=0x7ffff4678bb0, context=0x7fffffffbda0)
    at src/parser/ast/AssignmentExpressionSimpleNode.h:110
110	        if (m_left->isPattern()) {
(gdb) bt
#0  0x0000555555638707 in Escargot::AssignmentExpressionSimpleNode::generateResultNotRequiredExpressionByteCode (this=0x7ffff4583e30, codeBlock=0x7ffff4678bb0, 
    context=0x7fffffffbda0) at src/parser/ast/AssignmentExpressionSimpleNode.h:110
#1  0x000055555564cf19 in Escargot::ObjectPatternNode::generateExpressionByteCode (this=0x7ffff457c770, codeBlock=0x7ffff4678bb0, context=0x7fffffffbda0, dstRegister=2)
    at src/parser/ast/ObjectPatternNode.h:161
#2  0x000055555563849c in Escargot::AssignmentExpressionSimpleNode::generateExpressionByteCode (this=0x7ffff7e409d0, codeBlock=0x7ffff4678bb0, context=0x7fffffffbda0, dstRegister=2)
    at src/parser/ast/AssignmentExpressionSimpleNode.h:82
#3  0x000055555563ee24 in Escargot::BinaryExpressionBitwiseXorNode::generateExpressionByteCode (this=0x7ffff7e40750, codeBlock=0x7ffff4678bb0, context=0x7fffffffbda0, dstRegister=1)
    at src/parser/ast/BinaryExpressionBitwiseXorNode.h:52
#4  0x000055555564ab59 in Escargot::IfStatementNode::generateStatementByteCode (this=0x7ffff457d5f0, codeBlock=0x7ffff4678bb0, context=0x7fffffffbda0)
    at src/parser/ast/IfStatementNode.h:55
#5  0x000055555563ad04 in Escargot::StatementContainer::generateStatementByteCode (this=0x555555bdd700, codeBlock=0x7ffff4678bb0, context=0x7fffffffbda0)
    at src/parser/ast/StatementNode.h:75
#6  0x000055555564dafe in Escargot::ProgramNode::generateStatementByteCode (this=0x7ffff457d540, codeBlock=0x7ffff4678bb0, context=0x7fffffffbda0) at src/parser/ast/ProgramNode.h:48
#7  0x00005555555ec71a in Escargot::ByteCodeGenerator::generateByteCode (this=0x7fffffffc015, c=0x7ffff4667ed0, codeBlock=0x7ffff457fcb0, ast=0x7ffff457d540, 
    scopeCtx=0x7ffff4620b20, isEvalMode=true, isOnGlobal=true, shouldGenerateLOCData=false) at src/interpreter/ByteCodeGenerator.cpp:196
#8  0x000055555562cffc in Escargot::Script::executeLocal (this=0x7ffff45ce850, state=..., thisValue=..., parentCodeBlock=0x7ffff457fe70, isEvalMode=true, needNewRecord=false)
    at src/parser/Script.cpp:134
#9  0x00005555556e276e in Escargot::GlobalObject::evalLocal (this=0x7ffff4668af0, state=..., arg=..., thisValue=..., parentCodeBlock=0x7ffff457fe70)
    at src/runtime/GlobalObject.cpp:289
#10 0x0000555555606740 in Escargot::ByteCodeInterpreter::evalOperation (state=..., code=0x555555bddd80, registerFile=0x7fffffffd710, byteCodeBlock=0x7ffff4678cd0, ec=0x7fffffffd7f0)
    at src/interpreter/ByteCodeInterpreter.cpp:2169
#11 0x00005555555ffcb3 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4678cd0, programCounter=93824999087488, registerFile=0x7fffffffd710, 
    initAddressFiller=0x0) at src/interpreter/ByteCodeInterpreter.cpp:974
#12 0x0000555555605f20 in Escargot::ByteCodeInterpreter::tryOperation (state=..., code=0x555555bddce0, ec=0x7fffffffd7f0, env=0x7ffff45de610, programCounter=93824999087328, 
    byteCodeBlock=0x7ffff4678cd0, registerFile=0x7fffffffd710) at src/interpreter/ByteCodeInterpreter.cpp:2081
#13 0x00005555555ffd28 in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff4678cd0, programCounter=93824999087328, registerFile=0x7fffffffd710, 
    initAddressFiller=0x0) at src/interpreter/ByteCodeInterpreter.cpp:983
#14 0x000055555562c987 in Escargot::Script::execute (this=0x7ffff45deb20, state=..., isEvalMode=false, needNewEnv=false, isOnGlobal=true) at src/parser/Script.cpp:79
#15 0x000055555562cad9 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffdaa0) at src/parser/Script.cpp:92
#16 0x000055555562dae8 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (
    __functor=...) at /usr/include/c++/7/bits/std_function.h:302
#17 0x00005555557cf91e in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffdaa0) at /usr/include/c++/7/bits/std_function.h:706
#18 0x00005555557ce4d1 in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffda10, scriptRunner=...) at src/runtime/SandBox.cpp:36
#19 0x000055555562cbb6 in Escargot::Script::sandboxExecute (this=0x7ffff45deb20, state=...) at src/parser/Script.cpp:93
#20 0x00005555557ec33c in eval (context=0x7ffff4667ed0, str=0x7ffff45ec4d0, fileName=0x7ffff45ec390, shouldPrintScriptResult=false) at src/shell/Shell.cpp:47
#21 0x00005555557ecca4 in main (argc=2, argv=0x7fffffffddc8) at src/shell/Shell.cpp:133

Uint8ClampedArray values are not clamped correctly

OS: Ubuntu 16.04 LTS
Escargot version: 54f7a35
cmake version: 3.5.1

Build commad:
cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja

Example:

var a = new Uint8ClampedArray([-12,344,1.5,1.4])
print(a)

Expected result:
0, 255, 2, 1
(ECMA 2015)

Given result:
244,88,1,1

It is possible, that the project does not have it implemented yet, and it falls back to basic uint_8 (which gives the same results), but in the codebase, there are functions and adaptors, that are indicating that we have a ClampedArray type. (such as can be seen in TypedArrayObject.h, here and here)

samsung / escargot Goto Github PK

escargot's Introduction

Escargot

Prerequisites

On Ubuntu Linux

On macOS

Build Escargot

Build Android version

Build Windows version

Build options

Testing

Benchmarks

escargot's People

Contributors

Stargazers

Watchers

Forkers

escargot's Issues

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

for-of statement

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

Test Case

Issues

Escargot version:

OS:

Test case:

Backtrace:

Test case

Problem

Notes

Escargot version:

OS:

Test case:

Backtrace:

Test Case

Issues

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS:

Test case:

Backtrace:

Escargot version:

OS: