./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
ICE: Assertion 'object_p->type_flags_refs >= ECMA_OBJECT_REF_ONE' failed at jerryscript/jerry-core/ecma/base/ecma-gc.c(ecma_deref_object):147.
Error: ERR_FAILED_INTERNAL_ASSERTION
bt
#0 0xf7fd5079 in __kernel_vsyscall ()
#1 0xf77fc832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2 0xf77fdcc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3 0x5657bd39 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:30
#4 0x5664e309 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5 0x5664e34a in jerry_assert_fail (assertion=0x566fe360 "object_p->type_flags_refs >= ECMA_OBJECT_REF_ONE", file=0x566fe300 "jerryscript/jerry-core/ecma/base/ecma-gc.c", function=0x566b4120 <__func__.6158.lto_priv.905> "ecma_deref_object", line=147) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6 0x566aa71f in ecma_deref_object (object_p=0xf5f0f970) at jerryscript/jerry-core/ecma/base/ecma-gc.c:147
#7 0x566833c8 in ecma_free_value (value=4126210419) at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c:1044
#8 0x566b0484 in ecma_collection_free (collection_p=0xf5d079f0) at jerryscript/jerry-core/ecma/base/ecma-helpers-collection.c:111
#9 0x5660b10b in parser_raise_error (context_p=0xffffbe40, error=PARSER_ERR_SEMICOLON_EXPECTED) at jerryscript/jerry-core/parser/js/js-parser.c:2570
#10 0x56572870 in parser_parse_statements (context_p=0xffffbe40) at jerryscript/jerry-core/parser/js/js-parser-statm.c:3152
#11 0x5660a577 in parser_parse_function (context_p=0xffffbe40, status_flags=14) at jerryscript/jerry-core/parser/js/js-parser.c:2390
#12 0x56595aaa in lexer_construct_function_object (context_p=0xffffbe40, extra_status_flags=14) at jerryscript/jerry-core/parser/js/js-lexer.c:2490
#13 0x5659e147 in parser_parse_function_expression (context_p=0xffffbe40, status_flags=14) at jerryscript/jerry-core/parser/js/js-parser-expr.c:1102
#14 0x565a0547 in parser_parse_unary_expression (context_p=0xffffbe40, grouping_level_p=0xffffb960) at jerryscript/jerry-core/parser/js/js-parser-expr.c:1508
#15 0x565a7712 in parser_parse_expression (context_p=0xffffbe40, options=2) at jerryscript/jerry-core/parser/js/js-parser-expr.c:2969
#16 0x565a70e0 in parser_parse_block_expression (context_p=0xffffbe40, options=0) at jerryscript/jerry-core/parser/js/js-parser-expr.c:2908
#17 0x56572055 in parser_parse_statements (context_p=0xffffbe40) at jerryscript/jerry-core/parser/js/js-parser-statm.c:3053
#18 0x56607bca in parser_parse_source (arg_list_p=0x0, arg_list_size=0, source_p=0xf294510c "(function () {var a0 = 5; var a1 = 5; var a2 = 5; var a3 = 5; var a4 = 5; var a5 = 5; var a6 = 5; var a7 = 5; var a8 = 5; var a9 = 5; var a10 = 5; var a11 = 5; var a12 = 5; var a13 = 5; var a14 = 5; v"..., source_size=5522, parse_opts=66, error_location_p=0xffffc050) at jerryscript/jerry-core/parser/js/js-parser.c:2091
#19 0x5660b20d in parser_parse_script (arg_list_p=0x0, arg_list_size=0, source_p=0xf294510c "(function () {var a0 = 5; var a1 = 5; var a2 = 5; var a3 = 5; var a4 = 5; var a5 = 5; var a6 = 5; var a7 = 5; var a8 = 5; var a9 = 5; var a10 = 5; var a11 = 5; var a12 = 5; var a13 = 5; var a14 = 5; v"..., source_size=5522, parse_opts=66, bytecode_data_p=0xffffc110) at jerryscript/jerry-core/parser/js/js-parser.c:2614
#20 0x5666934c in ecma_op_eval_chars_buffer (code_p=0xf294510c "(function () {var a0 = 5; var a1 = 5; var a2 = 5; var a3 = 5; var a4 = 5; var a5 = 5; var a6 = 5; var a7 = 5; var a8 = 5; var a9 = 5; var a10 = 5; var a11 = 5; var a12 = 5; var a13 = 5; var a14 = 5; v"..., code_buffer_size=5522, parse_opts=66) at jerryscript/jerry-core/ecma/operations/ecma-eval.c:104
#21 0x5666906e in ecma_op_eval (code_p=0xf2945100, parse_opts=2) at jerryscript/jerry-core/ecma/operations/ecma-eval.c:58
#22 0x565bb782 in ecma_builtin_global_object_eval (x=4069806337) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-global.c:111
#23 0x565bef47 in ecma_builtin_global_dispatch_routine (builtin_routine_id=80, this_arg=72, arguments_list_p=0xffffc440, arguments_number=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-global.c:1164
#24 0x56698d99 in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_GLOBAL, builtin_routine_id=80, this_arg_value=72, arguments_list_p=0xffffc440, arguments_list_len=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1020
#25 0x56698ffa in ecma_builtin_dispatch_call (obj_p=0xf5f03640, this_arg_value=72, arguments_list_p=0xffffc6e4, arguments_list_len=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1045
#26 0x5666b54f in ecma_op_function_call (func_obj_p=0xf5f03640, this_arg_value=72, arguments_list_p=0xffffc6e4, arguments_list_len=1) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:762
#27 0x56631eac in opfunc_call.lto_priv.465 (frame_ctx_p=0xffffc6b0) at jerryscript/jerry-core/vm/vm.c:699
#28 0x565e562a in vm_execute (frame_ctx_p=0xffffc6b0) at jerryscript/jerry-core/vm/vm.c:4117
#29 0x565e5c55 in vm_run (bytecode_header_p=0xf4f03ec0, this_binding_value=4126149459, lex_env_p=0xf5d007b0, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:4240
#30 0x566307d1 in vm_run_global (bytecode_p=0xf4f03ec0) at jerryscript/jerry-core/vm/vm.c:286
#31 0x566a096d in jerry_run (func_val=4126148547) at jerryscript/jerry-core/api/jerry.c:595
#32 0x5669d09a in main (argc=2, argv=0xffffcb04) at jerryscript/jerry-main/main-unix.c:740
JerryScript revision
e21e4a1
Build platform
Linux-4.15.0-72-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
Test case
Output
Backtrace
Found by Fuzzinator with grammarinator.