Assertion ecma_is_value_object (value) in ecma_get_object_from_value #2951
Description
JerryScript revision
Build platform
Linux-4.15.0-54-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
var x = 1 / 3
do {
m = new Map([ ])
} while (x === 3 / 9) $Output
ICE: Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c(ecma_get_object_from_value):774.
Error: ERR_FAILED_INTERNAL_ASSERTION
Backtrace
bt
#0 0xf7fd5059 in __kernel_vsyscall ()
#1 0xf7800832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2 0xf7801cc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3 0x5657a242 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#4 0x56612f28 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5 0x56612f69 in jerry_assert_fail (assertion=0x566b1c40 "ecma_is_value_object (value)", file=0x566b1660 "jerryscript/jerry-core/ecma/base/ecma-helpers-value.c", function=0x56674ae0 <__func__.3642.lto_priv.706> "ecma_get_object_from_value", line=774) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6 0x5665fc28 in ecma_get_object_from_value (value=3200171710) at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c:774
#7 0x5664887f in ecma_gc_mark_container_object (object_p=0xf5f05aa0) at jerryscript/jerry-core/ecma/base/ecma-gc.c:255
#8 0x56648de7 in ecma_gc_mark (object_p=0xf5f05aa0) at jerryscript/jerry-core/ecma/base/ecma-gc.c:361
#9 0x5664ab9f in ecma_gc_run (severity=JMEM_FREE_UNUSED_MEMORY_SEVERITY_LOW) at jerryscript/jerry-core/ecma/base/ecma-gc.c:956
#10 0x5664b123 in ecma_free_unused_memory (severity=JMEM_FREE_UNUSED_MEMORY_SEVERITY_LOW) at jerryscript/jerry-core/ecma/base/ecma-gc.c:1094
#11 0x56612458 in jmem_run_free_unused_memory_callbacks (severity=JMEM_FREE_UNUSED_MEMORY_SEVERITY_LOW) at jerryscript/jerry-core/jmem/jmem-allocator.c:267
#12 0x566126e2 in jmem_heap_gc_and_alloc_block (size=16, ret_null_on_error=false) at jerryscript/jerry-core/jmem/jmem-heap.c:324
#13 0x566127c5 in jmem_heap_alloc_block (size=16) at jerryscript/jerry-core/jmem/jmem-heap.c:373
#14 0x56612ba6 in jmem_pools_alloc (size=16) at jerryscript/jerry-core/jmem/jmem-poolman.c:104
#15 0x565f606b in ecma_alloc_object () at jerryscript/jerry-core/ecma/base/ecma-alloc.c:84
#16 0x56629a61 in ecma_op_container_create_internal_object () at jerryscript/jerry-core/ecma/operations/ecma-container-object.c:46
#17 0x56629bf7 in ecma_op_container_create (arguments_list_p=0xffffc7e4, arguments_list_len=1, lit_id=LIT_MAGIC_STRING_MAP_UL, proto_id=ECMA_BUILTIN_ID_MAP_PROTOTYPE) at jerryscript/jerry-core/ecma/operations/ecma-container-object.c:73
#18 0x565c3388 in ecma_builtin_map_dispatch_construct (arguments_list_p=0xffffc7e4, arguments_list_len=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-map.c:62
#19 0x5662107a in ecma_builtin_dispatch_construct (obj_p=0xf5f009d0, arguments_list_p=0xffffc7e4, arguments_list_len=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1075
#20 0x56632ad5 in ecma_op_function_construct (func_obj_p=0xf5f009d0, this_arg_value=72, arguments_list_p=0xffffc7e4, arguments_list_len=1) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1094
#21 0x565e4eed in opfunc_construct (frame_ctx_p=0xffffc860) at jerryscript/jerry-core/vm/vm.c:656
#22 0x565f56a4 in vm_execute (frame_ctx_p=0xffffc860, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3586
#23 0x565f5f87 in vm_run (bytecode_header_p=0xf5302a30, this_binding_value=4126149459, lex_env_p=0xf5d007b0, parse_opts=0, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3694
#24 0x565e3c15 in vm_run_global (bytecode_p=0xf5302a30) at jerryscript/jerry-core/vm/vm.c:273
#25 0x5663f51b in jerry_run (func_val=4126149123) at jerryscript/jerry-core/api/jerry.c:550
#26 0x5663bf9d in main (argc=3, argv=0xffffcc94) at jerryscript/jerry-main/main-unix.c:742
Found by Fuzzinator with grammarinator.