BugLinuxgood first issue
描述
Hello, running following code in ch 1.11.19 debug version. An Assertion will be throw.
'use strict';
function func(b, c) {
b[0] = c;
}
function main() {
let b = new Uint32Array(100);
for (let i = 0; i < 1000; i++) {
i += 1;
i += 0;
func(b, {});
}
}
main();
Output:
ASSERTION 19136: (...\chakracore-1.11.19\lib\backend\globopt.cpp, line 2325) !instr->GetDst() || instr->m_opcode == Js::OpCode::IncrLoopBodyCount || !loop->memOpInfo || (instr->m_opcode == Js::OpCode::Ld_I4 && prevInstr && (prevInstr->m_opcode == Js::OpCode::Add_I4 || prevInstr->m_opcode == Js::OpCode::Sub_I4) && instr->GetSrc1()->IsRegOpnd() && instr->GetDst()->IsRegOpnd() && prevInstr->GetDst()->IsRegOpnd() && instr->GetDst()->GetStackSym() == prevInstr->GetSrc1()->GetStackSym() && instr->GetSrc1()->GetStackSym() == prevInstr->GetDst()->GetStackSym()) || !loop->memOpInfo->inductionVariableChangeInfoMap->ContainsKey(GetVarSymID(instr->GetDst()->GetStackSym()))
Failure: (!instr->GetDst() || instr->m_opcode == Js::OpCode::IncrLoopBodyCount || !loop->memOpInfo || (instr->m_opcode == Js::OpCode::Ld_I4 && prevInstr && (prevInstr->m_opcode == Js::OpCode::Add_I4 || prevInstr->m_opcode == Js::OpCode::Sub_I4) && instr->GetSrc1()->IsRegOpnd() && instr->GetDst()->IsRegOpnd() && prevInstr->GetDst()->IsRegOpnd() && instr->GetDst()->GetStackSym() == prevInstr->GetSrc1()->GetStackSym() && instr->GetSrc1()->GetStackSym() == prevInstr->GetDst()->GetStackSym()) || !loop->memOpInfo->inductionVariableChangeInfoMap->ContainsKey(GetVarSymID(instr->GetDst()->GetStackSym())))
FATAL ERROR: ch.exe failed due to exception code c0000420
I think this is likely just a wrong assertion since the assumption strict too much, may miss some cases. https://github.com/microsoft/ChakraCore/blob/33db8efd9f02cd528a7305391d7d10765a2e85f3/lib/Backend/GlobOpt.cpp#L2360-2374
ISec Lab 2020.7.1