ChakraCore icon indicating copy to clipboard operation
ChakraCore copied to clipboard

Published 20 hours ago verified publisher icon chakra-core

Wrong Assertion in GlobOpt::CollectMemOpInfo

Open sunlili opened this issue 5 years ago • 3 comments

Hello, running following code in ch 1.11.19 debug version. An Assertion will be throw.

'use strict';
function func(b, c) {
    b[0] = c;
}
function main() {
    let b = new Uint32Array(100);

    for (let i = 0; i < 1000; i++) {
        i += 1;
        i += 0;
        func(b, {});
    }
}
main();

Output:

ASSERTION 19136: (...\chakracore-1.11.19\lib\backend\globopt.cpp, line 2325) !instr->GetDst() || instr->m_opcode == Js::OpCode::IncrLoopBodyCount || !loop->memOpInfo || (instr->m_opcode == Js::OpCode::Ld_I4 && prevInstr && (prevInstr->m_opcode == Js::OpCode::Add_I4 || prevInstr->m_opcode == Js::OpCode::Sub_I4) && instr->GetSrc1()->IsRegOpnd() && instr->GetDst()->IsRegOpnd() && prevInstr->GetDst()->IsRegOpnd() && instr->GetDst()->GetStackSym() == prevInstr->GetSrc1()->GetStackSym() && instr->GetSrc1()->GetStackSym() == prevInstr->GetDst()->GetStackSym()) || !loop->memOpInfo->inductionVariableChangeInfoMap->ContainsKey(GetVarSymID(instr->GetDst()->GetStackSym()))
 Failure: (!instr->GetDst() || instr->m_opcode == Js::OpCode::IncrLoopBodyCount || !loop->memOpInfo || (instr->m_opcode == Js::OpCode::Ld_I4 && prevInstr && (prevInstr->m_opcode == Js::OpCode::Add_I4 || prevInstr->m_opcode == Js::OpCode::Sub_I4) && instr->GetSrc1()->IsRegOpnd() && instr->GetDst()->IsRegOpnd() && prevInstr->GetDst()->IsRegOpnd() && instr->GetDst()->GetStackSym() == prevInstr->GetSrc1()->GetStackSym() && instr->GetSrc1()->GetStackSym() == prevInstr->GetDst()->GetStackSym()) || !loop->memOpInfo->inductionVariableChangeInfoMap->ContainsKey(GetVarSymID(instr->GetDst()->GetStackSym())))
FATAL ERROR: ch.exe failed due to exception code c0000420

I think this is likely just a wrong assertion since the assumption strict too much, may miss some cases. https://github.com/microsoft/ChakraCore/blob/33db8efd9f02cd528a7305391d7d10765a2e85f3/lib/Backend/GlobOpt.cpp#L2360-2374

ISec Lab 2020.7.1

sunlili avatar Jul 01 '20 04:07 sunlili

This issue only manifests itself on Linux - there is at least one check in this long condition that is true on Linux, but is false on Windows.

ppenzin avatar Nov 03 '20 14:11 ppenzin

Can i work on this issue?

VISHESH0932 avatar Oct 14 '24 08:10 VISHESH0932

Sorry, this got rolled under a different thread in my inbox for some reason, @VISHESH0932 you definitely can try.

ppenzin avatar Jan 02 '25 17:01 ppenzin