Assertion 'dividend_end_p[0] == divisor_high && dividend_end_p[-1] < divisor_high' failed at /jerryscript/jerry-core/ecma/operations/ecma-big-uint.c(ecma_big_uint_div_mod)

[EJueon]

JerryScript revision

Commit: 05dbbd1
Version: v3.0.0

Build platform

Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)

Build steps

python ./tools/build.py --clean --debug --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --error-messages=on --system-allocator=on --logging=on --line-info=on --stack-limit=20

Test case

// poc.js
var x = BigInt ( 8 ** 16 + 1 ) ;  
x ** BigInt ( 4 ) / x; 

Execution steps & Output

$ ./jerryscript/build/bin/jerry poc.js
ICE: Assertion 'dividend_end_p[0] == divisor_high && dividend_end_p[-1] < divisor_high' failed at /jerryscript/jerry-core/ecma/operations/ecma-big-uint.c(ecma_big_uint_div_mod):1119.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted

Backtrace

(gdb) #0  0xf7efdd99 in __kernel_vsyscall ()                                                                                                                                                                                                                                                                         
#1  0xf7bd2276 in raise () from /lib32/libc.so.6                                                                                                                                                                                                                                                                     
#2  0xf7bba3f7 in abort () from /lib32/libc.so.6                                                                                                                                                                                                                                                                     
#3  0x083ecca3 in jerry_port_fatal (code=JERRY_FATAL_FAILED_ASSERTION)                                                                                                                                                                                                                                               
    at /jerryscript/jerry-port/common/jerry-port-process.c:29                                                                                                                                                                                                                           
#4  0x08260d02 in jerry_fatal (code=JERRY_FATAL_FAILED_ASSERTION)                                                                                                                                                                                                                                                    
    at /jerryscript/jerry-core/jrt/jrt-fatals.c:63                                                                                                                                                                                                                                      
#5  0x08260d64 in jerry_assert_fail (                                                                                                                                                                                                                                                                                
    assertion=0x846e200 <str> "dividend_end_p[0] == divisor_high && dividend_end_p[-1] < divisor_high",                                                                                                                                                                                                              
    file=0x846d800 <str> "/jerryscript/jerry-core/ecma/operations/ecma-big-uint.c",                                                                                                                                                                                                     
    function=0x846e080 <__func__.ecma_big_uint_div_mod> "ecma_big_uint_div_mod", line=1119)                                                                                                                                                                                                                          
    at /jerryscript/jerry-core/jrt/jrt-fatals.c:83                                                                                                                                                                                                                                      
#6  0x08380b54 in ecma_big_uint_div_mod (dividend_value_p=0xf4203c40,                                                                                                                                                                                                                                                
    divisor_value_p=0xf5600630, is_mod=<optimized out>) 
    at /jerryscript/jerry-core/ecma/operations/ecma-big-uint.c:1119                                                                                                                                                                                                                     
#7  0x081dfc96 in ecma_bigint_div_mod (left_value=4095753286, 
    right_value=4116710966, is_mod=<optimized out>)
    at /jerryscript/jerry-core/ecma/operations/ecma-bigint.c:1337                                                                                                                                                                                                                       
#8  0x082be8b9 in do_number_arithmetic (op=<optimized out>, 
    left_value=<optimized out>, right_value=<optimized out>)
    at /jerryscript/jerry-core/vm/opcodes-ecma-arithmetics.c:148                                                                                                                                                                                                                        
#9  0x082dd6f0 in vm_loop (frame_ctx_p=0xffdc12c0)
    at /jerryscript/jerry-core/vm/vm.c:3563
#10 0x082d6b83 in vm_execute (frame_ctx_p=0xffdc12c0)
    at /jerryscript/jerry-core/vm/vm.c:5211
#11 0x082d4f62 in vm_run (shared_p=0xffdc13d0, this_binding_value=4118822019,                                                                                                                                                                                                                                        
    lex_env_p=0xf56007b0)                                                    
    at /jerryscript/jerry-core/vm/vm.c:5312
#12 0x082d4c39 in vm_run_global (bytecode_p=<optimized out>, 
    function_object_p=<optimized out>)
    at /jerryscript/jerry-core/vm/vm.c:286
#13 0x0812a4e5 in jerry_run (script=4114614595)
    at /jerryscript/jerry-core/api/jerryscript.c:548                                                                                                                                                                                                                                    
#14 0x083eac3f in jerryx_source_exec_script (
    path_p=0xffdc21e7 "poc.js")                                                                                                                                                                                                                              
    at /jerryscript/jerry-ext/util/sources.c:68
#15 0x0812162d in main (argc=<optimized out>, argv=<optimized out>)
    at /jerryscript/jerry-main/main-desktop.c:156                                                                                                                                                                                                                                       
(gdb) quit                                                                   

credits: @EJueon, @Ye0nny of the seclab-yonsei.