Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASSERTION (lifetime->start < instr->GetNumber() && lifetime->end >= instr->GetNumber()) failed in LinearScan::SpillInlineeArgs(IR::Instr*)::$_3::operator #6033

Open
renatahodovan opened this issue Mar 13, 2019 · 1 comment
Open

ASSERTION (lifetime->start < instr->GetNumber() && lifetime->end >= instr->GetNumber()) failed in LinearScan::SpillInlineeArgs(IR::Instr*)::$_3::operator #6033

renatahodovan opened this issue Mar 13, 2019 · 1 comment
Labels
Bug Severity: 2

Comments

@renatahodovan
Copy link

ChakraCore version:
Checked revision: 62d3d1163
Build command: ./build.sh --debug
OS:
Linux-4.15.0-43-generic-x86_64-with-Ubuntu-18.04-bionic
Test case:
var all = [ ]
function AsmModuleDouble ( ) { 
    function LtFloat ( ) {} 
    function GeFloat ( ) { 
        if (Promise == 91) 
            while (1) $ = 0
    } 
    return { $ : LtFloat , Ge : GeFloat }
}

var asmModuleDouble = AsmModuleDouble();
for ( var i ; ; ) { 
    for ( var j ; ; ) { 
        print( 0 + i + 0 + all [ i ] + 0 + j + 0 + all [ j ] + 0 + (asmModuleDouble.Ge() ) );
    }
}
Backtrace:
0x00007ffff2bf24ff in LinearScan::SpillInlineeArgs(IR::Instr*)::$_3::operator()(unsigned int, Lifetime*) const (
    this=0x7ff7f16926b0, i=0, lifetime=0x7ff7f0646db0) at ChakraCore/lib/Backend/LinearScan.cpp:3408
3408            Assert(lifetime->start < instr->GetNumber() && lifetime->end >= instr->GetNumber());
(gdb) bt
#0  0x00007ffff2bf24ff in LinearScan::SpillInlineeArgs(IR::Instr*)::$_3::operator()(unsigned int, Lifetime*) const (
    this=0x7ff7f16926b0, i=0, lifetime=0x7ff7f0646db0) at ChakraCore/lib/Backend/LinearScan.cpp:3408
#1  0x00007ffff2bf23f9 in JsUtil::List<Lifetime*, Memory::JitArenaAllocator, false, Js::CopyRemovePolicy, DefaultComparer>::MapFrom<LinearScan::SpillInlineeArgs(IR::Instr*)::$_3>(int, LinearScan::SpillInlineeArgs(IR::Instr*)::$_3) const (this=0x7ff7f05d14b0, 
    start=0, map=...) at ChakraCore/lib/Common/DataStructures/List.h:564
#2  0x00007ffff2bee52f in JsUtil::List<Lifetime*, Memory::JitArenaAllocator, false, Js::CopyRemovePolicy, DefaultComparer>::Map<LinearScan::SpillInlineeArgs(IR::Instr*)::$_3>(LinearScan::SpillInlineeArgs(IR::Instr*)::$_3) const (this=0x7ff7f05d14b0, map=...)
    at ChakraCore/lib/Common/DataStructures/List.h:542
#3  0x00007ffff2beac4a in LinearScan::SpillInlineeArgs (this=0x7ff7f1693198, instr=0x7ff7f0687af0)
    at ChakraCore/lib/Backend/LinearScan.cpp:3407
#4  0x00007ffff2be18ab in LinearScan::KillImplicitRegs (this=0x7ff7f1693198, instr=0x7ff7f0687af0)
    at ChakraCore/lib/Backend/LinearScan.cpp:3363
#5  0x00007ffff2bda49a in LinearScan::RegAlloc (this=0x7ff7f1693198)
    at ChakraCore/lib/Backend/LinearScan.cpp:275
#6  0x00007ffff2963f63 in Func::TryCodegen (this=0x7ff7f1693ee0) at ChakraCore/lib/Backend/Func.cpp:493
#7  0x00007ffff2963425 in Func::Codegen (alloc=0x7ff7f16944e0, workItem=0x7ff7f0671030, threadContextInfo=0x5555561837b8, 
    scriptContextInfo=0x5555561b2da8, outputData=0x7ff7f16949e0, epInfo=0x7ffff7ef3280, runtimeInfo=0x0, 
    polymorphicInlineCacheInfo=0x7ffff7e0cde0, codeGenAllocators=0x5555561b7608, codeGenProfiler=0x0, isBackgroundJIT=true)
    at ChakraCore/lib/Backend/Func.cpp:323
#8  0x00007ffff2ce0309 in NativeCodeGenerator::CodeGen (this=0x5555561b47f8, pageAllocator=0x55555586e5e8, 
    workItemData=0x5555561cef60, jitWriteData=..., foreground=false, epInfo=0x7ffff7ef3280)
    at ChakraCore/lib/Backend/NativeCodeGenerator.cpp:894
#9  0x00007ffff2ce2030 in NativeCodeGenerator::CodeGen (this=0x5555561b47f8, pageAllocator=0x55555586e5e8, workItem=
    0x5555561cef38, foreground=false) at ChakraCore/lib/Backend/NativeCodeGenerator.cpp:1011
#10 0x00007ffff2ce4fa9 in NativeCodeGenerator::Process (this=0x5555561b47f8, job=0x5555561cef40, threadData=0x55555586e5c8)
    at ChakraCore/lib/Backend/NativeCodeGenerator.cpp:1895
#11 0x00007ffff2d82be1 in JsUtil::BackgroundJobProcessor::Process (this=0x5555561b4968, job=0x5555561cef40, 
    threadData=0x55555586e5c8) at ChakraCore/lib/Common/Common/Jobs.cpp:1037
#12 0x00007ffff2d831fe in JsUtil::BackgroundJobProcessor::Run (this=0x5555561b4968, threadData=0x55555586e5c8)
    at ChakraCore/lib/Common/Common/Jobs.cpp:1135
#13 0x00007ffff2d8052e in JsUtil::BackgroundJobProcessor::StaticThreadProc (lpParam=0x55555586e5c8)
    at ChakraCore/lib/Common/Common/Jobs.cpp:1319
#14 0x00007ffff279b811 in CorUnix::CPalThread::ThreadEntry (pvParam=0x5555561b50e0)
    at ChakraCore/pal/src/thread/pal_thread.cpp:1605
#15 0x00007ffff73656db in start_thread (arg=0x7ff7f1695700) at pthread_create.c:463
#16 0x00007ffff654b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Found by Fuzzinator with grammarinator.

@YuanWangC
Copy link

YuanWangC commented Nov 29, 2019
edited
Loading

Nice work! I want to submit an crash issue but I'm not familiar with chakra. So I wonder if you have some advice of getting the backtrace?What is the compile command?@renatahodovan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Severity: 2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@renatahodovan @MikeHolman @YuanWangC