Assertion context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT in scanner_scan_primary_expression_end

[renatahodovan]

JerryScript revision

b8bc013

Build platform

Linux-4.15.0-72-generic-x86_64-with-Ubuntu-18.04-bionic

Build steps

./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset

Test case

try {} catch ([{}

Output

ICE: Assertion 'context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at jerryscript/jerry-core/parser/js/js-scanner.c(scanner_scan_primary_expression_end):1215.
Error: ERR_FAILED_INTERNAL_ASSERTION

Backtrace

bt
#0  0xf7fd5079 in __kernel_vsyscall ()
#1  0xf77fc832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf77fdcc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x5657b698 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:30
#4  0x56647006 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5  0x56647047 in jerry_assert_fail (assertion=0x566defc0 "context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT", file=0x566de7e0 "jerryscript/jerry-core/parser/js/js-scanner.c", function=0x566b8b60 <__func__.5255.lto_priv.495> "scanner_scan_primary_expression_end", line=1215) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6  0x56618685 in scanner_scan_primary_expression_end (context_p=0xffffc4b0, scanner_context_p=0xffffc2f0, type=LEXER_RIGHT_BRACE, stack_top=SCAN_STACK_OBJECT_LITERAL) at jerryscript/jerry-core/parser/js/js-scanner.c:1215
#7  0x5661eb39 in scanner_scan_all (context_p=0xffffc4b0, arg_list_p=0x0, arg_list_end_p=0x0, source_p=0x56725ac0 <buffer.lto_priv> "function id_0 ( code ) { try { eval ( code ) ; \nString ( false ) ; \n} catch ( e ) { String ( e instanceof SyntaxError ) ; \n} \n} \nid_1 ( \"try {} catch() {}\" ) ; \nid_2 ( \"try {} catch([a] {}\" ) ; \nid_3 "..., source_end_p=0x56725e83 <buffer.lto_priv+963> "") at jerryscript/jerry-core/parser/js/js-scanner.c:2702
#8  0x566063ee in parser_parse_source (arg_list_p=0x0, arg_list_size=0, source_p=0x56725ac0 <buffer.lto_priv> "function id_0 ( code ) { try { eval ( code ) ; \nString ( false ) ; \n} catch ( e ) { String ( e instanceof SyntaxError ) ; \n} \n} \nid_1 ( \"try {} catch() {}\" ) ; \nid_2 ( \"try {} catch([a] {}\" ) ; \nid_3 "..., source_size=963, parse_opts=0, error_location_p=0xffffc6c0) at jerryscript/jerry-core/parser/js/js-parser.c:1914
#9  0x5660a398 in parser_parse_script (arg_list_p=0x0, arg_list_size=0, source_p=0x56725ac0 <buffer.lto_priv> "function id_0 ( code ) { try { eval ( code ) ; \nString ( false ) ; \n} catch ( e ) { String ( e instanceof SyntaxError ) ; \n} \n} \nid_1 ( \"try {} catch() {}\" ) ; \nid_2 ( \"try {} catch([a] {}\" ) ; \nid_3 "..., source_size=963, parse_opts=0, bytecode_data_p=0xffffc780) at jerryscript/jerry-core/parser/js/js-parser.c:2519
#10 0x56696783 in jerry_parse (resource_name_p=0xffffcd8d "/home/reni/.fuzzinator_42037//jerryscript/picireny/163535895612646929922597031973760816716.js", resource_name_length=93, source_p=0x56725ac0 <buffer.lto_priv> "function id_0 ( code ) { try { eval ( code ) ; \nString ( false ) ; \n} catch ( e ) { String ( e instanceof SyntaxError ) ; \n} \n} \nid_1 ( \"try {} catch() {}\" ) ; \nid_2 ( \"try {} catch([a] {}\" ) ; \nid_3 "..., source_size=963, parse_opts=0) at jerryscript/jerry-core/api/jerry.c:445
#11 0x56693507 in main (argc=2, argv=0xffffcb14) at jerryscript/jerry-main/main-unix.c:731

^{Found by Fuzzinator with grammarinator.}

[ossy-szeged]

It started to assert since 3198887
"Support destructuring bindings as catch variables. (#3399)"