273964 2024-05-09 12:06:03 -0700 ASSERTION FAILED: !hasError() in JSC::Parser<JSC::Lexer<unsigned char> >::parseClassFieldInitializerSourceElements<JSC::ASTBuilder>l 2024-07-10 12:35:44 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build PC Linux RESOLVED DUPLICATE 276438 InRadar P2 Normal --- 1 qbtly201 webkit-unassigned dan.hecht mark.lam nth10sd webkit-bug-importer ysuzuki oldest_to_newest 2034363 0 qbtly201 2024-05-09 12:06:03 -0700 ###### Webkit 189e31a68cec1731ca0e74da669bc3b17011a9a1 ###### Build platform Ubuntu 22.04.3 ###### Build steps ./Tools/Scripts/build-jsc --jsc-only --debug --build-dir=0508 --cmakeargs="-DENABLE_STATIC_JSC=ON" ###### Test case ```sh async function* a() { class C { static [await Promise.resolve(2)] = 2[await Promise.resolve(1)] = 1; } } a().next().then(({value}) => {}); ``` ###### Execution steps ./jsc poc.js ###### Output ASSERTION FAILED: !hasError() /jsc/Source/JavaScriptCore/parser/Parser.cpp(3367) : typename TreeBuilder::SourceElements JSC::Parser<JSC::Lexer<unsigned char>>::parseClassFieldInitializerSourceElements(TreeBuilder &, const FixedVector<UnlinkedFunctionExecutable::ClassElementDefinition> &) [LexerType = JSC::Lexer<unsigned char>, TreeBuilder = JSC::ASTBuilder] Thread 1 "jsc" received signal SIGABRT, Aborted. __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313263808) at ./nptl/pthread_kill.c:44 44 ./nptl/pthread_kill.c: No such file or directory. (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737313263808) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140737313263808) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140737313263808, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007ffff5948476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007ffff592e7f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00005555561355da in WTFCrashWithInfo () at /jsc/0508/JSCOnly/Debug/WTF/Headers/wtf/Assertions.h:862 #6 0x0000555557a0ea5c in JSC::Parser<JSC::Lexer<unsigned char> >::parseClassFieldInitializerSourceElements<JSC::ASTBuilder> ( this=this@entry=0x7fffffffb3e8, context=..., classElementDefinitions=...) at /jsc/Source/JavaScriptCore/parser/Parser.cpp:3367 #7 0x0000555557a07399 in JSC::Parser<JSC::Lexer<unsigned char> >::parseInner (this=0x7fffffffb3e8, calleeName=..., parsingContext=JSC::ParsingContext::Normal, functionConstructorParametersEndPosition=std::optional<int> [no contained value], classElementDefinitions=0x6, parentScopePrivateNames=<optimized out>) at /jsc/Source/JavaScriptCore/parser/Parser.cpp:292 #8 0x000055555651aba2 in JSC::Parser<JSC::Lexer<unsigned char> >::parse<JSC::FunctionNode> (this=0x3b402b, this@entry=0x7fffffffb3e8, error=..., calleeName=..., parsingContext=(unknown: 0xf599c9fc), parsingContext@entry=JSC::ParsingContext::Normal, functionConstructorParametersEndPosition=std::optional<int> = {...}, functionConstructorParametersEndPosition@entry=std::optional<int> [no contained value], parentScopePrivateNames=<optimized out>, classElementDefinitions=<optimized out>) at /jsc/Source/JavaScriptCore/parser/Parser.h:2190 #9 0x0000555556519d5d in JSC::parse<JSC::FunctionNode> (vm=..., source=..., name=..., implementationVisibility=<optimized out>, builtinMode=<optimized out>, strictMode=<optimized out>, scriptMode=<optimized out>, parseMode=<optimized out>, functionMode=<optimized out>, superBinding=<optimized out>, error=..., constructorKind=<optimized out>, derivedContextType=<optimized out>, evalContextType=<optimized out>, parentScopePrivateNames=<optimized out>, classElementDefinitions=<optimized out>, isInsideOrdinaryFunction=<optimized out>) at /jsc/Source/JavaScriptCore/parser/Parser.h:2286 #10 0x00005555565166a4 in JSC::generateUnlinkedFunctionCodeBlock (vm=..., executable=0x7fffaa4a59c0, source=..., kind=<optimized out>, codeGenerationMode=..., error=..., parseMode=<optimized out>, functionKind=<optimized out>) at /jsc/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:59 --Type <RET> for more, q to quit, c to continue without paging-- #11 JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor (this=0x7fffaa4a59c0, vm=..., source=..., specializationKind=<optimized out>, codeGenerationMode=..., error=..., parseMode=<optimized out>) at /jsc/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:244 #12 0x000055555830dd7f in JSC::ScriptExecutable::newCodeBlockFor (this=this@entry=0x7fffaa4aa280, kind=<optimized out>, function=function@entry=0x7fffaa47a7e0, scope=scope@entry=0x7fffaa4e8130) at /jsc/Source/JavaScriptCore/runtime/ScriptExecutable.cpp:310 #13 0x00005555583105ea in JSC::ScriptExecutable::prepareForExecutionImpl (this=0x7fffaa4aa280, vm=..., function=0x7fffaa47a7e0, scope=0x7fffaa4e8130, kind=JSC::CodeForCall, resultCodeBlock=@0x7fffffffd9d0: 0x0) at /jsc/Source/JavaScriptCore/runtime/ScriptExecutable.cpp:400 #14 0x0000555556a9a1c8 in JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable> (this=0x7fffaa4aa280, vm=..., function=0x7fffaa47a7e0, scope=0x7fffaa4e8130, kind=JSC::CodeForCall, resultCodeBlock=@0x7fffffffd9d0: 0x0) at /jsc/Source/JavaScriptCore/bytecode/CodeBlock.h:1021 #15 0x00005555578d3abc in JSC::linkFor (vm=..., owner=owner@entry=0x7fffaa4d4c40, calleeFrame=calleeFrame@entry=0x7fffffffd9c0, callLinkInfo=callLinkInfo@entry=0x7fffec05eb78) at /jsc/Source/JavaScriptCore/bytecode/RepatchInlines.h:191 #16 0x00005555578d31e4 in operationDefaultCall (calleeFrame=0x7fffffffd9c0, callLinkInfo=0x7fffec05eb78) at /jsc/Source/JavaScriptCore/jit/JITOperations.cpp:2425 #17 0x00007fffab0fc017 in ?? () #18 0x00007fffffffda50 in ?? () #19 0x0000555558b803f1 in llint_op_call_ignore_result () #20 0x0000000000000000 in ?? () 2034373 1 webkit-bug-importer 2024-05-09 12:47:17 -0700 <rdar://problem/127832822> 2034390 2 mark.lam 2024-05-09 13:42:50 -0700 rdar://119044881 2045585 3 dan.hecht 2024-07-10 12:35:44 -0700 *** This bug has been marked as a duplicate of bug 276438 ***