Closed
Bug 1547133
Opened 5 years ago
Closed 5 years ago
Assertion failure: varScope_, at js/src/frontend/ParseContext.h:511
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla68
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox67 | --- | disabled |
| firefox68 | --- | fixed |
People
(Reporter: decoder, Assigned: khyperia)
References
Details
(4 keywords, Whiteboard: [jsbugmon:])
Attachments
(1 file)
The following testcase crashes on mozilla-central revision 0ec836eceb96 (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --disable-profiling --enable-debug --enable-optimize, run with --fuzzing-safe --ion-offthread-compile=off --enable-experimental-fields):
class C47 {
static method(s = class { [y75] = 42; })
}
Backtrace:
received signal SIGSEGV, Segmentation fault.
#0 js::frontend::ParseContext::varScope (this=<optimized out>) at js/src/frontend/ParseContext.h:511
#1 js::frontend::ParseContext::tryDeclareVarHelper<(js::frontend::ParseContext::DryRunOption)0> (this=<optimized out>, name=..., kind=kind@entry=js::frontend::DeclarationKind::Var, beginPos=beginPos@entry=32, redeclaredKind=redeclaredKind@entry=0x7fffffffa5f6, prevPos=prevPos@entry=0x7fffffffa5a0) at js/src/frontend/ParseContext.cpp:417
#2 0x0000555555f6fb5a in js::frontend::ParseContext::tryDeclareVar (this=<optimized out>, name=..., name@entry=..., kind=kind@entry=js::frontend::DeclarationKind::Var, beginPos=beginPos@entry=32, redeclaredKind=redeclaredKind@entry=0x7fffffffa5f6, prevPos=prevPos@entry=0x7fffffffa5a0) at js/src/frontend/ParseContext.cpp:394
#3 0x0000555555ed4267 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::noteDeclaredName (this=this@entry=0x7fffffffc8d0, name=..., kind=kind@entry=js::frontend::DeclarationKind::Var, pos=...) at js/src/frontend/Parser.cpp:637
#4 0x0000555555f04ff7 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::classDefinition (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, classContext=classContext@entry=js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::ClassExpression, defaultHandling=defaultHandling@entry=js::frontend::NameRequired) at js/src/frontend/Parser.cpp:7073
#5 0x0000555555f0f0a2 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::primaryExpr (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, tt=<optimized out>, possibleError=possibleError@entry=0x7fffffffac20, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at js/src/frontend/Parser.cpp:10319
#6 0x0000555555f0f4bc in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::memberExpr (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, tt=<optimized out>, allowCallSyntax=allowCallSyntax@entry=true, possibleError=possibleError@entry=0x7fffffffac20, invoked=js::frontend::ParserBase::PredictUninvoked) at js/src/frontend/Parser.cpp:8912
#7 0x0000555555f10388 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::unaryExpr (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7fffffffac20, invoked=js::frontend::ParserBase::PredictUninvoked) at js/src/frontend/Parser.cpp:8703
#8 0x0000555555f10733 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::orExpr (this=this@entry=0x7fffffffc8d0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7fffffffac20, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at js/src/frontend/Parser.cpp:8118
#9 0x0000555555f10bfe in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::condExpr (this=this@entry=0x7fffffffc8d0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7fffffffac20, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at js/src/frontend/Parser.cpp:8196
#10 0x0000555555f08f2b in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::assignExpr (this=this@entry=0x7fffffffc8d0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at js/src/frontend/Parser.cpp:8345
#11 0x0000555555f0baf6 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::assignExprWithoutYieldOrAwait (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName) at js/src/frontend/Parser.cpp:8736
#12 0x0000555555f11320 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::functionArguments (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, kind=kind@entry=js::frontend::FunctionSyntaxKind::Method, funNode=<optimized out>) at js/src/frontend/Parser.cpp:2367
#13 0x0000555555f06dd4 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::functionFormalParametersAndBody (this=this@entry=0x7fffffffc8d0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, funNode=funNode@entry=0x7fffffffafa8, kind=kind@entry=js::frontend::FunctionSyntaxKind::Method, parameterListEnd=..., isStandaloneFunction=false) at js/src/frontend/Parser.cpp:2940
#14 0x0000555555f077f3 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::innerFunctionForFunctionBox (this=this@entry=0x7fffffffc8d0, funNode=<optimized out>, funNode@entry=0x7ffff4d020d0, outerpc=outerpc@entry=0x7fffffffbb60, funbox=funbox@entry=0x7ffff4d021a0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, kind=js::frontend::FunctionSyntaxKind::Method, newDirectives=0x7fffffffb538) at js/src/frontend/Parser.cpp:2770
#15 0x0000555555f07956 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::innerFunction (this=this@entry=0x7fffffffc8d0, funNode=0x7ffff4d020d0, outerpc=0x7fffffffbb60, fun=..., toStringStart=toStringStart@entry=21, inHandling=js::frontend::InAllowed, yieldHandling=js::frontend::YieldIsName, kind=js::frontend::FunctionSyntaxKind::Method, generatorKind=js::GeneratorKind::NotGenerator, asyncKind=js::FunctionAsyncKind::SyncFunction, tryAnnexB=false, inheritedDirectives=..., newDirectives=0x7fffffffb538) at js/src/frontend/Parser.cpp:2804
#16 0x0000555555f07a60 in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::trySyntaxParseInnerFunction (this=this@entry=0x7fffffffc8d0, funNode=funNode@entry=0x7fffffffb528, fun=..., toStringStart=toStringStart@entry=21, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, kind=js::frontend::FunctionSyntaxKind::Method, generatorKind=js::GeneratorKind::NotGenerator, asyncKind=js::FunctionAsyncKind::SyncFunction, tryAnnexB=false, inheritedDirectives=..., newDirectives=0x7fffffffb538) at js/src/frontend/Parser.cpp:2714
#17 0x0000555555f08044 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::trySyntaxParseInnerFunction (newDirectives=0x7fffffffb538, inheritedDirectives=..., tryAnnexB=<optimized out>, asyncKind=js::FunctionAsyncKind::SyncFunction, generatorKind=js::GeneratorKind::NotGenerator, kind=js::frontend::FunctionSyntaxKind::Method, yieldHandling=js::frontend::YieldIsName, inHandling=js::frontend::InAllowed, toStringStart=21, fun=..., funNode=0x7fffffffb528, this=0x7fffffffc8d0) at js/src/frontend/Parser.cpp:2750
#18 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::functionDefinition (this=this@entry=0x7fffffffc8d0, funNode=<optimized out>, toStringStart=toStringStart@entry=21, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, funName=..., funName@entry=..., kind=js::frontend::FunctionSyntaxKind::Method, generatorKind=js::GeneratorKind::NotGenerator, asyncKind=js::FunctionAsyncKind::SyncFunction, tryAnnexB=false) at js/src/frontend/Parser.cpp:2605
#19 0x0000555555f08d2b in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::methodDefinition (this=this@entry=0x7fffffffc8d0, toStringStart=21, propType=<optimized out>, funName=..., funName@entry=...) at js/src/frontend/Parser.cpp:10193
#20 0x0000555555f045d4 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::classMember (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, defaultHandling=defaultHandling@entry=js::frontend::NameRequired, classStmt=..., className=..., className@entry=..., classStartOffset=classStartOffset@entry=0, hasHeritage=js::frontend::HasHeritage::No, numFields=@0x7fffffffb8d0: 0, numFieldKeys=@0x7fffffffb8d8: 0, classMembers=@0x7fffffffb8c8: 0x7ffff4d02060, done=0x7fffffffb8e8) at js/src/frontend/Parser.cpp:6878
#21 0x0000555555f04d98 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::classDefinition (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, classContext=classContext@entry=js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::ClassStatement, defaultHandling=defaultHandling@entry=js::frontend::NameRequired) at js/src/frontend/Parser.cpp:7031
#22 0x0000555555f05737 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::statementListItem (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, canHaveDirectives=<optimized out>) at js/src/frontend/Parser.cpp:7934
#23 0x0000555555f05c88 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::statementList (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName) at js/src/frontend/Parser.cpp:3443
#24 0x0000555555f164ca in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::globalBody (this=0x7fffffffc8d0, globalsc=globalsc@entry=0x7fffffffcf18) at js/src/frontend/Parser.cpp:1437
#25 0x0000555555f46c74 in js::frontend::ScriptCompiler<char16_t>::compileScript (this=this@entry=0x7fffffffc3a0, info=..., environment=..., environment@entry=..., sc=sc@entry=0x7fffffffcf18) at js/src/frontend/BytecodeCompiler.cpp:548
#26 0x0000555555f39c84 in CreateGlobalScript<char16_t> (info=..., srcBuf=..., sourceObjectOut=sourceObjectOut@entry=0x0) at js/src/frontend/BytecodeCompiler.cpp:207
#27 0x0000555555f39e2a in js::frontend::CompileGlobalScript (info=..., srcBuf=..., sourceObjectOut=sourceObjectOut@entry=0x0) at js/src/frontend/BytecodeCompiler.cpp:219
#28 0x0000555555a102c6 in CompileSourceBuffer<char16_t> (cx=cx@entry=0x7ffff5f19000, options=..., srcBuf=...) at js/src/vm/CompilationAndEvaluation.cpp:69
#29 0x0000555555a1048b in CompileUtf8Inflating (cx=cx@entry=0x7ffff5f19000, options=..., srcBuf=...) at js/src/vm/CompilationAndEvaluation.cpp:91
[...]
#35 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at js/src/shell/js.cpp:11373
rax 0x555557c90360 93825033372512
rbx 0x555556b1b0c0 93825015066816
rcx 0x7ffff6c1c2dd 140737333281501
rdx 0x0 0
rsi 0x7ffff6eeb770 140737336227696
rdi 0x7ffff6eea540 140737336223040
rbp 0x7fffffffa510 140737488332048
rsp 0x7fffffffa3e0 140737488331744
r8 0x7ffff6eeb770 140737336227696
r9 0x7ffff7fe6cc0 140737354034368
r10 0x58 88
r11 0x7ffff6b927a0 140737332717472
r12 0x3 3
r13 0x7ffff5f45330 140737319818032
r14 0x3 3
r15 0x7fffffffa780 140737488332672
rip 0x555555f7a3e9 <js::frontend::ParseContext::tryDeclareVarHelper<(js::frontend::ParseContext::DryRunOption)0>(JS::Handle<js::PropertyName*>, js::frontend::DeclarationKind, unsigned int, mozilla::Maybe<js::frontend::DeclarationKind>*, unsigned int*)+1129>
=> 0x555555f7a3e9 <js::frontend::ParseContext::tryDeclareVarHelper<(js::frontend::ParseContext::DryRunOption)0>(JS::Handle<js::PropertyName*>, js::frontend::DeclarationKind, unsigned int, mozilla::Maybe<js::frontend::DeclarationKind>*, unsigned int*)+1129>: movl $0x0,0x0
0x555555f7a3f4 <js::frontend::ParseContext::tryDeclareVarHelper<(js::frontend::ParseContext::DryRunOption)0>(JS::Handle<js::PropertyName*>, js::frontend::DeclarationKind, unsigned int, mozilla::Maybe<js::frontend::DeclarationKind>*, unsigned int*)+1140>: ud2
|
Assignee | |
Comment 1•5 years ago
|
||
Also fixes bug 1547136.
|
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → khyperia
Status: NEW → ASSIGNED
|
||
Updated•5 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:bisect]
|
|
||
Comment 3•5 years ago
|
||
JSBugMon: Cannot process bug: Error: Failed to isolate test from comment
|
|
||
Updated•5 years ago
|
Whiteboard: [jsbugmon:bisect] → [jsbugmon:]
|
|
||
Comment 4•5 years ago
|
||
JSBugMon: Bisection requested, failed due to error: Error: Failed to isolate test from comment
Pushed by ahauck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f6385d9a01e9 Change .fieldKeys from var to let. r=jorendorff
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
|
||
Updated•5 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•