Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion 'new_typedarray_info.offset == 0' failed at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c(ecma_builtin_typedarray_prototype_slice):1631. #4888

Open
eternalsakura opened this issue Dec 9, 2021 · 0 comments · May be fixed by #4898
Open

Assertion 'new_typedarray_info.offset == 0' failed at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c(ecma_builtin_typedarray_prototype_slice):1631. #4888

eternalsakura opened this issue Dec 9, 2021 · 0 comments · May be fixed by #4898
Assignees
@rerobika
Labels
bug Undesired behaviour

Comments

@eternalsakura
Copy link

JerryScript commit hash

55acdf2

Build platform

Ubuntu 20.04 LTS

Build steps

./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --line-info=ON \
--stack-limit=10

poc

var ab = new Int8Array(20).map((v, i) => i).buffer;
var ta = new Int8Array(ab, 0, 10);
var seen_length = -1;
ta.constructor = {
    [Symbol.species]: function (len) {
        seen_length = len;
        return new Int8Array(ab, 1, len);
    }
};
print(-1, seen_length);
print([
    0,
    1,
    2,
    3,
    4,
    5,
    6,
    7,
    8,
    9
], ta);
var tb = ta.slice();
print(10, seen_length);
print([
    0,
    0,
    0,
    0,
    0,
    0,
    0,
    0,
    0,
    0
], ta);
print([
    0,
    0,
    0,
    0,
    0,
    0,
    0,
    0,
    0,
    0
], tb);

assert log

ICE: Assertion 'new_typedarray_info.offset == 0' failed at /home/sakura/jerryscript/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c(ecma_builtin_typedarray_prototype_slice):1631.
@rerobika rerobika assigned rerobika and galpeter and unassigned rerobika and galpeter Dec 9, 2021
@rerobika rerobika added the bug Undesired behaviour label Dec 9, 2021
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Dec 9, 2021
Fix Typedarray.slice fastpath when the content type is matching
a9c2a27 
This patch fixes jerryscript-project#4888.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
@rerobika rerobika linked a pull request Dec 9, 2021 that will close this issue
Open
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Dec 9, 2021
Fix Typedarray.slice fastpath when the content type is matching
0c78251 
This patch fixes jerryscript-project#4888.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rerobika rerobika

Labels
bug Undesired behaviour
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Typedarray.slice fastpath when the content type is matching rerobika/jerryscript
3 participants
@galpeter @rerobika @eternalsakura