ChakraCore icon indicating copy to clipboard operation
ChakraCore copied to clipboard
verified publisher icon chakra-core

ASSERTION Failure "entryPointInfo != nullptr" in ChakraCore/lib/Runtime/Language/JavascriptStackWalker.cpp, line 1289

Open 1789120321 opened this issue 3 years ago • 1 comments 

commit : 41ad58a
Engine version : ch version 1.13.0.0-beta
Build platform : Ubuntu 18.04
Clang version : 6.0.0
Build steps : ./build.sh --sanitize=address --static -j -d

POC

cat c47abaee6c514e2a80bdb63b8b7db8d0.js
----------------------------------------------------------------------------------
async function test(func, funcs) {
  try {
    await func();
    throw new Error("Expected " + func.toString() + " to throw");
  } catch (e) {
    var stack = e.stack.split('\n').slice(1).map(line => line.trim()).map(line => line.match(/at (?:(.*) )?.*$/)[1]).filter(x => typeof x === 'string' && x.length);
    funcs;
    stack;
    `Unexpected stack trace ${"FAIL"}`;
  }
}

function thrower() {
  throw new Error("NOPE");
}

function reject() {
  return Promise.reject(new Error("NOPE"));
}

async function runTests() {
  await test(async function a() {
    throw new Error("FAIL");
  }, ["a", "test", "runTests"]);
  await test(async function a2() {
    runTests();
    throw new Error("FAIL");
  }, ["a2"]);
  await test(async function a3() {
    await 1;

    try {
      await thrower();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, ["a3"]);
  await test(async function a4() {
    await 1;

    try {
      await reject();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, ["a4"]);
  await test({
    async b() {
      throw new Error("FAIL");
    }

  }.b, ["b", "test", "runTests"]);
  await test({
    async b2() {
      await 1;
      throw new Error("FAIL");
    }

  }.b2, ["b2"]);
  await test({
    async b3() {
      await 1;

      try {
        await thrower();
      } catch (e) {
        throw new Error("FAIL");
      }
    }

  }.b3, ["b3"]);
  await test({
    async b4() {
      await 1;

      try {
        await reject();
      } catch (e) {
        throw new Error("FAIL");
      }
    }

  }.b4, ["b4"]);
  await test(new class {
    async c() {
      throw new Error("FAIL");
    }

  }().c, ["c", "test", "runTests"]);
  await test(new class {
    async c2() {
      await 1;
      throw new Error("FAIL");
    }

  }().c2, ["c2"]);
  await test(new class {
    async c3() {
      await 1;

      try {
        await thrower();
      } catch (e) {
        throw new Error("FAIL");
      }
    }

  }().c3, ["c3"]);
  await test(new class {
    async c4() {
      await 1;

      try {
        await reject();
      } catch (e) {
        throw new Error("FAIL");
      }
    }

  }().c4, ["c4"]);
  await test(async x => {
    throw new Error("FAIL");
  }, ["test", "runTests"]);
  await test(async () => {
    throw new Error("FAIL");
  }, ["test", "runTests"]);
  await test(async a => {
    throw new Error("FAIL");
  }, ["set".repeat(1518500249).valueOf(), "runTests"]);
  await test(async (a, b) => {
    throw new Error("FAIL");
  }, ["test", "runTests"]);
  await test(async x => {
    await 1;
    throw new Error("FAIL");
  }, []);
  await test(async () => {
    await 1;
    throw new Error("FAIL");
  }, String.prototype.toLocaleUpperCase.call("test").match(/\w*\d/));
  await test(async a => {
    await 1;
    throw new Error("FAIL");
  }, []);
  await test(async (a, b) => {
    await 1;
    throw new Error("FAIL");
  }, []);
  await test(async x => {
    await 1;

    try {
      await thrower();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
  await test(async () => {
    await 1;

    try {
      await thrower();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
  await test(async a => {
    await 1;

    try {
      await thrower();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
  await test(async (a, b) => {
    await 1;

    try {
      await thrower();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
  await test(async x => {
    await 1;

    try {
      await reject();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
  await test(async () => {
    await 1;

    try {
      await reject();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
  await test(async a => {
    await 1;

    try {
      await reject();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
  await test(async (a, b) => {
    await 1;

    try {
      await reject();
    } catch (e) {
      throw new Error("FAIL");
    }
  }, []);
}

runTests().catch(e => {
  print(e);
  quit(1);
});

Assert Log

./ch c47abaee6c514e2a80bdb63b8b7db8d0.js
-------------------------------------------------
RangeError: String length is out of bound
ASSERTION 3935: (ChakraCore-master/lib/Runtime/Language/JavascriptStackWalker.cpp, line 1289) Inlined frame should resolve to the right parent address
 Failure: (entryPointInfo != nullptr)
Illegal instruction

Hi, Richard, could you please help check this issue?

@rhuanjl

1789120321 avatar Mar 12 '22 15:03 1789120321

Confirmed, the same error without -fsanitize. In release mode it crashes without the assert.

ppenzin avatar Mar 26 '22 00:03 ppenzin