[Webkit-unassigned] [Bug 142863] New: SyntaxChecker assertion is trapped with computed property name and getter

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 19 01:22:42 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=142863

            Bug ID: 142863
           Summary: SyntaxChecker assertion is trapped with computed
                    property name and getter
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: utatane.tea at gmail.com

The following input crashes with SyntaxChecker assersion.

(function () {
    var object = {
        [Symbol.unscopables]: {
            Cocoa: true,
            Cappuccino: true
        },

        get Cocoa() {
            throw new Error("bad trap");
        }
        Cappuccino: null
    };
}());

And dump is the following.

ASSERTION FAILED: property.name
../../../Source/JavaScriptCore/parser/SyntaxChecker.h(277) : const JSC::Identifier* JSC::SyntaxChecker::getName(const JSC::SyntaxChecker::Property&) const
1   0x7f69dc2b99a3 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7f69dc2b99a3]
2   0x7f69dc003530 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZNK3JSC13SyntaxChecker7getNameERKNS0_8PropertyE+0x40) [0x7f69dc003530]
3   0x7f69dc07cac6 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE24parseStrictObjectLiteralINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0x250) [0x7f69dc07cac6]
4   0x7f69dc07d567 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE18parseObjectLiteralINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0x3b9) [0x7f69dc07d567]
5   0x7f69dc079b37 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE22parsePrimaryExpressionINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0x323) [0x7f69dc079b37]
6   0x7f69dc07426e /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE21parseMemberExpressionINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0x140) [0x7f69dc07426e]
7   0x7f69dc07fe31 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE20parseUnaryExpressionINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0x369) [0x7f69dc07fe31]
8   0x7f69dc07c4c3 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE21parseBinaryExpressionINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0xad) [0x7f69dc07c4c3]
9   0x7f69dc079527 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE26parseConditionalExpressionINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0x41) [0x7f69dc079527]
10  0x7f69dc071be0 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE25parseAssignmentExpressionINS_13SyntaxCheckerEEENT_10ExpressionERS6_+0x1b8) [0x7f69dc071be0]
11  0x7f69dc068a91 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE23parseVarDeclarationListINS_13SyntaxCheckerEEENT_10ExpressionERS6_RiRNS6_21DeconstructionPatternERS7_RNS_14JSTextPositionESE_SE_NS3_25VarDeclarationListContextE+0x3a1) [0x7f69dc068a91]
12  0x7f69dc05856f /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE19parseVarDeclarationINS_13SyntaxCheckerEEENT_9StatementERS6_+0xd3) [0x7f69dc05856f]
13  0x7f69dc052b7f /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE14parseStatementINS_13SyntaxCheckerEEENT_9StatementERS6_RPKNS_10IdentifierEPj+0x12b) [0x7f69dc052b7f]
14  0x7f69dc04ae8a /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE19parseSourceElementsINS_13SyntaxCheckerEEENT_14SourceElementsERS6_NS_18SourceElementsModeE+0x6c) [0x7f69dc04ae8a]
15  0x7f69dc03dd56 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE17parseFunctionBodyINS_10ASTBuilderEEENT_12FunctionBodyERS6_NS_15ConstructorKindE+0x176) [0x7f69dc03dd56]
16  0x7f69dc028660 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE17parseFunctionInfoINS_10ASTBuilderEEEbRT_NS_20FunctionRequirementsENS_17FunctionParseModeEbNS_15ConstructorKindERNS_18ParserFunctionInfoIS6_EE+0xfd8) [0x7f69dc028660]
17  0x7f69dc049764 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE22parsePrimaryExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x1f0) [0x7f69dc049764]
18  0x7f69dc03bbd5 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE21parseMemberExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x13f) [0x7f69dc03bbd5]
19  0x7f69dc055e31 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE20parseUnaryExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x32f) [0x7f69dc055e31]
20  0x7f69dc0502d6 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE21parseBinaryExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0xba) [0x7f69dc0502d6]
21  0x7f69dc046b6f /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE26parseConditionalExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x41) [0x7f69dc046b6f]
22  0x7f69dc0380ea /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE25parseAssignmentExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x250) [0x7f69dc0380ea]
23  0x7f69dc02936b /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE15parseExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x9b) [0x7f69dc02936b]
24  0x7f69dc0498e9 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE22parsePrimaryExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x375) [0x7f69dc0498e9]
25  0x7f69dc03bbd5 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE21parseMemberExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x13f) [0x7f69dc03bbd5]
26  0x7f69dc055e31 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE20parseUnaryExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x32f) [0x7f69dc055e31]
27  0x7f69dc0502d6 /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE21parseBinaryExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0xba) [0x7f69dc0502d6]
28  0x7f69dc046b6f /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE26parseConditionalExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x41) [0x7f69dc046b6f]
29  0x7f69dc0380ea /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE25parseAssignmentExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x250) [0x7f69dc0380ea]
30  0x7f69dc02936b /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE15parseExpressionINS_10ASTBuilderEEENT_10ExpressionERS6_+0x9b) [0x7f69dc02936b]
31  0x7f69dc01d76f /home/yusuke/dev/WebKit/WebKitBuild/unscopable/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6ParserINS_5LexerIhEEE24parseExpressionStatementINS_10ASTBuilderEEENT_9StatementERS6_+0x5f) [0x7f69dc01d76f]
[1]    8376 segmentation fault (core dumped)  WebKitBuild/unscopable/Debug/bin/jsc tmp/t10.js

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150319/feaa4abf/attachment-0002.html>

More information about the webkit-unassigned mailing list