Assertion 'jerry_value_is_object(jbuiltin)' failed in iotjs_bufferwrap_from_jbuiltin

[renatahodovan]

IoT.js version:

Checked revision: afe242a
Build command: tools/build.py --buildtype debug

OS:

Ubuntu 17.10

Test case:

var buff5 = new Buffer('a1b2c3');
buff5._builtin.copy(unescape, 4, 2, 6);

Backtrace:

iotjs/src/modules/iotjs_module_buffer.c:63: Assertion 'jerry_value_is_object(jbuiltin)' failed.

[Backtrace]:
#0  iotjs_bufferwrap_from_jbuiltin (jbuiltin=72) at iotjs/src/modules/iotjs_module_buffer.c:63
#1  0x000055555557548f in iotjs_bufferwrap_from_jbuffer (jbuffer=15915) at iotjs/src/modules/iotjs_module_buffer.c:75
#2  0x00005555555764b2 in Copy (jfunc=4875, jthis=15467, jargv=0x7fffffffd030, jargc=4) at iotjs/src/modules/iotjs_module_buffer.c:266
#3  0x00005555555a100e in ecma_op_function_call (func_obj_p=0x55555583ffa8 <jerry_global_heap+4872>, this_arg_value=15467, arguments_list_p=0x7fffffffd030, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:465
#4  0x00005555555b1b0f in opfunc_call (frame_ctx_p=0x7fffffffd080) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#5  0x00005555555b6ab0 in vm_execute (frame_ctx_p=0x7fffffffd080, arg_p=0x7fffffffd478, arg_list_len=3) at iotjs/deps/jerry/jerry-core/vm/vm.c:2861
#6  0x00005555555b6d38 in vm_run (bytecode_header_p=0x555555842c10 <jerry_global_heap+16240>, this_binding_value=14163, lex_env_p=0x55555583ecc8 <jerry_global_heap+40>, is_eval_code=false, 
    arg_list_p=0x7fffffffd478, arg_list_len=3) at iotjs/deps/jerry/jerry-core/vm/vm.c:2941
#7  0x00005555555a0f96 in ecma_op_function_call (func_obj_p=0x555555842a60 <jerry_global_heap+15808>, this_arg_value=14163, arguments_list_p=0x7fffffffd478, arguments_list_len=3)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:404
#8  0x00005555555c28f7 in ecma_builtin_function_prototype_object_call (this_arg=15811, arguments_list_p=0x7fffffffd474, arguments_number=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.c:204
#9  0x00005555555c2357 in ecma_builtin_function_prototype_dispatch_routine (builtin_routine_id=36, this_arg_value=15811, arguments_list=0x7fffffffd474, arguments_number=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.inc.h:42
#10 0x000055555559d838 in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_FUNCTION_PROTOTYPE, builtin_routine_id=36, this_arg_value=15811, arguments_list=0x7fffffffd474, 
    arguments_number=4) at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.inc.h:108
#11 0x000055555559dc09 in ecma_builtin_dispatch_call (obj_p=0x55555583ece0 <jerry_global_heap+64>, this_arg_value=15811, arguments_list_p=0x7fffffffd474, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.c:844
#12 0x00005555555a0dde in ecma_op_function_call (func_obj_p=0x55555583ece0 <jerry_global_heap+64>, this_arg_value=15811, arguments_list_p=0x7fffffffd474, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:341
#13 0x00005555555b1b0f in opfunc_call (frame_ctx_p=0x7fffffffd4c0) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#14 0x00005555555b6ab0 in vm_execute (frame_ctx_p=0x7fffffffd4c0, arg_p=0x7fffffffd738, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2861
#15 0x00005555555b6d38 in vm_run (bytecode_header_p=0x555555841070 <jerry_global_heap+9168>, this_binding_value=14139, lex_env_p=0x5555558410e0 <jerry_global_heap+9280>, is_eval_code=false, 
    arg_list_p=0x7fffffffd738, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2941
#16 0x00005555555a0f96 in ecma_op_function_call (func_obj_p=0x555555842568 <jerry_global_heap+14536>, this_arg_value=14139, arguments_list_p=0x7fffffffd738, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:404
#17 0x00005555555b1b0f in opfunc_call (frame_ctx_p=0x7fffffffd790) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#18 0x00005555555b6ab0 in vm_execute (frame_ctx_p=0x7fffffffd790, arg_p=0x7fffffffd9f0, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:2861
#19 0x00005555555b6d38 in vm_run (bytecode_header_p=0x555555840fc8 <jerry_global_heap+9000>, this_binding_value=9355, lex_env_p=0x5555558410e0 <jerry_global_heap+9280>, is_eval_code=false, 
    arg_list_p=0x7fffffffd9f0, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:2941
#20 0x00005555555a0f96 in ecma_op_function_call (func_obj_p=0x555555842538 <jerry_global_heap+14488>, this_arg_value=9355, arguments_list_p=0x7fffffffd9f0, arguments_list_len=2)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:404
#21 0x00005555555b1b0f in opfunc_call (frame_ctx_p=0x7fffffffda30) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#22 0x00005555555b6ab0 in vm_execute (frame_ctx_p=0x7fffffffda30, arg_p=0x7fffffffdcb4, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2861
#23 0x00005555555b6d38 in vm_run (bytecode_header_p=0x5555558410a0 <jerry_global_heap+9216>, this_binding_value=9355, lex_env_p=0x5555558410e0 <jerry_global_heap+9280>, is_eval_code=false, 
    arg_list_p=0x7fffffffdcb4, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2941
#24 0x00005555555a0f96 in ecma_op_function_call (func_obj_p=0x555555842578 <jerry_global_heap+14552>, this_arg_value=9355, arguments_list_p=0x7fffffffdcb4, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:404
#25 0x00005555555b1b0f in opfunc_call (frame_ctx_p=0x7fffffffdd00) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#26 0x00005555555b6ab0 in vm_execute (frame_ctx_p=0x7fffffffdd00, arg_p=0x7fffffffdf54, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2861
#27 0x00005555555b6d38 in vm_run (bytecode_header_p=0x55555583f078 <jerry_global_heap+984>, this_binding_value=27, lex_env_p=0x55555583f4d0 <jerry_global_heap+2096>, is_eval_code=false, 
    arg_list_p=0x7fffffffdf54, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2941
#28 0x00005555555a0f96 in ecma_op_function_call (func_obj_p=0x55555583f4c0 <jerry_global_heap+2080>, this_arg_value=72, arguments_list_p=0x7fffffffdf54, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:404
#29 0x00005555555b1b0f in opfunc_call (frame_ctx_p=0x7fffffffdf90) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#30 0x00005555555b6ab0 in vm_execute (frame_ctx_p=0x7fffffffdf90, arg_p=0x0, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2861
#31 0x00005555555b6d38 in vm_run (bytecode_header_p=0x55555583f060 <jerry_global_heap+960>, this_binding_value=27, lex_env_p=0x55555583ecc8 <jerry_global_heap+40>, is_eval_code=true, arg_list_p=0x0, 
    arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2941
#32 0x00005555555b1879 in vm_run_eval (bytecode_data_p=0x55555583f060 <jerry_global_heap+960>, is_direct=false) at iotjs/deps/jerry/jerry-core/vm/vm.c:277
#33 0x0000555555582f03 in jerry_snapshot_result_at (snapshot_p=0x555555602cc0 <iotjs_js_modules_s>, snapshot_size=32672, func_index=12, copy_bytecode=false, as_function=false)
    at iotjs/deps/jerry/jerry-core/api/jerry-snapshot.c:723
#34 0x0000555555582f7d in jerry_exec_snapshot_at (snapshot_p=0x555555602cc0 <iotjs_js_modules_s>, snapshot_size=32672, func_index=12, copy_bytecode=false)
    at iotjs/deps/jerry/jerry-core/api/jerry-snapshot.c:762
#35 0x000055555556f3e6 in iotjs_run (env=0x55555583d440 <current_env>) at iotjs/src/iotjs.c:104
#36 0x000055555556f4b8 in iotjs_start (env=0x55555583d440 <current_env>) at iotjs/src/iotjs.c:138
#37 0x000055555556f875 in iotjs_entry (argc=2, argv=0x7fffffffe308) at iotjs/src/iotjs.c:218
#38 0x000055555556f05a in main (argc=2, argv=0x7fffffffe308) at iotjs/src/platform/linux/iotjs_linux.c:19

^{Found by Fuzzinator with grammarinator}

[glistening]

We should not expose _builtin. I would fix this issue by removing _builtin from buffer member and make it private. It means all method that uses this parameter should be changed to explicit parameter. Does anyone have other suggestion or idea?

[zherczeg]

We can make private members by using lexical scope. I.e. modules are actually functions, and builtin objects could be passed as extra arguments. This is the safest method.

A good enough method is creating a var _builtin = ... variable and use it there. Actually _builtin is a singleton, so one instance could be enough.

[glistening]

@zherczeg Thank you for comment. I think we are talking same thing. I will push PR.

[DanielBallaSZTE]

This issue is fixed with #1487 as well.