Assertion PARSER_ARGS_EQ (opcode, CBC_HAS_LITERAL_ARG) in parser_emit_cbc_literal #3048
Description
JerryScript revision
Build platform
Linux-4.15.0-54-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
this[delete $];Output
ICE: Assertion 'PARSER_ARGS_EQ (opcode, CBC_HAS_LITERAL_ARG)' failed at jerryscript/jerry-core/parser/js/js-parser-util.c(parser_emit_cbc_literal):266.
Error: ERR_FAILED_INTERNAL_ASSERTION
Backtrace
bt
#0 0xf7fd5059 in __kernel_vsyscall ()
#1 0xf77fc832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2 0xf77fdcc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3 0x5657ac87 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#4 0x566173a1 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5 0x566173e2 in jerry_assert_fail (assertion=0x5668d780 "PARSER_ARGS_EQ (opcode, CBC_HAS_LITERAL_ARG)", file=0x5668d4c0 "jerryscript/jerry-core/parser/js/js-parser-util.c", function=0x5668fa60 <__func__.3819> "parser_emit_cbc_literal", line=266) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6 0x565713ce in parser_emit_cbc_literal (context_p=0xffffc5d0, opcode=153, literal_index=10) at jerryscript/jerry-core/parser/js/js-parser-util.c:266
#7 0x5659b4a0 in parser_emit_unary_lvalue_opcode (context_p=0xffffc5d0, opcode=CBC_DELETE_PUSH_RESULT) at jerryscript/jerry-core/parser/js/js-parser-expr.c:171
#8 0x565a18fd in parser_process_unary_expression (context_p=0xffffc5d0) at jerryscript/jerry-core/parser/js/js-parser-expr.c:1864
#9 0x565a483d in parser_parse_expression (context_p=0xffffc5d0, options=0) at jerryscript/jerry-core/parser/js/js-parser-expr.c:2254
#10 0x565a0921 in parser_process_unary_expression (context_p=0xffffc5d0) at jerryscript/jerry-core/parser/js/js-parser-expr.c:1598
#11 0x565a483d in parser_parse_expression (context_p=0xffffc5d0, options=5) at jerryscript/jerry-core/parser/js/js-parser-expr.c:2254
#12 0x565abec1 in parser_parse_var_statement.lto_priv.190 (context_p=0xffffc5d0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:386
#13 0x5656e14b in parser_parse_statements (context_p=0xffffc5d0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:2366
#14 0x565db85c in parser_parse_source (arg_list_p=0x0, arg_list_size=0, source_p=0x566e5680 <buffer.lto_priv> "var c = 0 ; \nvar id_0 = this [ c ++ ] ; \nprint ( id_1 === undefined ) ; \nprint ( c === 1 ) ; \nvar id_2 = this [ c -- ] ; \nprint ( id_3 === undefined ) ; \nprint ( c === 0 ) ; \nvar id_4 = this [ delete "..., source_size=345, parse_opts=0, error_location_p=0xffffc7c0) at jerryscript/jerry-core/parser/js/js-parser.c:2477
#15 0x565de591 in parser_parse_script (arg_list_p=0x0, arg_list_size=0, source_p=0x566e5680 <buffer.lto_priv> "var c = 0 ; \nvar id_0 = this [ c ++ ] ; \nprint ( id_1 === undefined ) ; \nprint ( c === 1 ) ; \nvar id_2 = this [ c -- ] ; \nprint ( id_3 === undefined ) ; \nprint ( c === 0 ) ; \nvar id_4 = this [ delete "..., source_size=345, parse_opts=0, bytecode_data_p=0xffffc880) at jerryscript/jerry-core/parser/js/js-parser.c:2936
#16 0x566407ec in jerry_parse (resource_name_p=0xffffce8b "/home/reni/.fuzzinator_32283//jerryscript/picireny/14052654147194631846405044687624856458.js", resource_name_length=92, source_p=0x566e5680 <buffer.lto_priv> "var c = 0 ; \nvar id_0 = this [ c ++ ] ; \nprint ( id_1 === undefined ) ; \nprint ( c === 1 ) ; \nvar id_2 = this [ c -- ] ; \nprint ( id_3 === undefined ) ; \nprint ( c === 0 ) ; \nvar id_4 = this [ delete "..., source_size=345, parse_opts=0) at jerryscript/jerry-core/api/jerry.c:420
#17 0x5663d741 in main (argc=3, argv=0xffffcc14) at jerryscript/jerry-main/main-unix.c:734
Found by Fuzzinator with grammarinator.