Aborted in ReportFatalException (Func::TryCodegen)

[paintedveil5]

jsish reversion
c3ead3f
master

Build platform
Ubuntu 20.04 LTS (Linux 5.4.0-1018-aws x86_64)

Build steps

./build.sh
./ch poc.js

Test case
poc.js

try {
    (function TestFunc() {
        var a;
        (function outer() {
            (function inner() { outer() })();
            try {
                throw "Exception";
            }
            catch (ex) {
                with ({}) { outer(); }
            }
        })();
    })();
}
catch (ex) {
    if (ex.message == "Out of stack space") {
        WScript.Echo("PASSED");
    }
}

Backtrace

#0  0x00007fffecf92d27 in DebugBreak () at ../../lib/Common/CommonPal.h:161
#1  ReportFatalException (context=<optimized out>, exceptionCode=<optimized out>, 
    reasonCode=<optimized out>, scenario=<optimized out>)
    at ../../lib/Common/Exceptions/ReportError.cpp:20
#2  0x00007fffec78177b in IRBuilder::DoClosureRegCheck (this=0x7ff7eaa80de8, reg=6)
    at ../../lib/Backend/IRBuilder.cpp:7803
#3  0x00007fffec767596 in IRBuilder::BuildReg1<Js::LayoutSizePolicy<(Js::LayoutSize)0> > (
    this=<optimized out>, newOpcode=<optimized out>, offset=<optimized out>)
    at ../../lib/Backend/IRBuilder.cpp:1486
#4  IRBuilder::Build (this=<optimized out>)
    at ../../lib/Backend/../Runtime/ByteCode/LayoutTypes.h:47
#5  0x00007fffec53d034 in Func::TryCodegen (this=0x7ff7eaa816f8) at ../../lib/Backend/Func.cpp:422
#6  0x00007fffec53cb65 in Func::Codegen (alloc=0x7ff7eaa81b38, workItem=0x7ff7ea1c1030, 
    threadContextInfo=0x55555592b3b0, scriptContextInfo=0x555555953620, outputData=0x7ff7eaa81c60, 
    epInfo=0x7ff7ea229120, runtimeInfo=<optimized out>, 
    polymorphicInlineCacheInfo=<optimized out>, codeGenAllocators=<optimized out>, 
    codeGenProfiler=0x0, isBackgroundJIT=<optimized out>) at ../../lib/Backend/Func.cpp:325
#7  0x00007fffecbaae3e in NativeCodeGenerator::CodeGen (this=<optimized out>, 
    pageAllocator=<optimized out>, workItemData=<optimized out>, jitWriteData=..., 
    foreground=<optimized out>, epInfo=<optimized out>)
    at ../../lib/Backend/NativeCodeGenerator.cpp:890
#8  0x00007fffecbab4c9 in NativeCodeGenerator::CodeGen (this=<optimized out>, pageAllocator=
    0x555555954310, workItem=0x5555559650c0, foreground=<optimized out>)
    at ../../lib/Backend/NativeCodeGenerator.cpp:1007
#9  0x00007fffecbad02f in NativeCodeGenerator::Process (this=0x5555559177a0, job=<optimized out>, 
    threadData=0x5555559542f0) at ../../lib/Backend/NativeCodeGenerator.cpp:1907
#10 0x00007fffecf7059a in JsUtil::BackgroundJobProcessor::Process (this=<optimized out>, 
    job=0xffffffda, threadData=0x0) at ../../lib/Common/Common/Jobs.cpp:1037
#11 0x00007fffecf709c7 in JsUtil::BackgroundJobProcessor::Run (this=0x555555953d90, 
    threadData=0x5555559542f0) at ../../lib/Common/Common/Jobs.cpp:1135
#12 0x00007fffecf6e25f in JsUtil::BackgroundJobProcessor::StaticThreadProc (lpParam=0x5555559542f0)
    at ../../lib/Common/Common/Jobs.cpp:1319
#13 0x00007fffec05e125 in CorUnix::CPalThread::ThreadEntry (pvParam=0x555555954680)
    at ../../pal/src/thread/pal_thread.cpp:1554
---Type <return> to continue, or q <return> to quit---

[msaad7777]

I want to contribute to this project, can I have any issue assigned ?

[ppenzin]

@msaad7777 sorry for the late response - yes you can, I'd recommend looking for "good first issue" bugs if you are new.

[ppenzin]

@paintedveil5 thank you for the report! It looks like a stack slot assert.

[paintedveil5]

@ppenzin The exception is triggered by the "with ({}) { outer(); }" because when call outer() under with, the JIT runtime assigns the same register to the local closure register and the first operand register r0. The program crashes in funcion IRBuilder::DoClosureRegCheck on line 7829 of IRBuilder.cpp.