## JavaScriptCore Version 1f2d2a92eeb831bedd01bbb5b694a0e29fa9af81 ## Build Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64) ./Tools/Scripts/build-jsc --jsc-only --debug --build-dir=asan --cmakeargs="-DCMAKE_C_COMPILER='/usr/bin/clang' -DCMAKE_CXX_COMPILER='/usr/bin/clang++' -DCMAKE_CXX_FLAGS='-g -O3 -fsanitize=address'" ## Testcase and Execution steps ``` var buffer = new Uint8Array([0,97,115,109,1,0,0,0,1,150,128,128,128,0,4,80,0,95,0,80,0,94,127,1,80,0,96,3,127,127,127,1,127,96,0,0,3,130,128,128,128,0,1,2,4,133,128,128,128,0,1,112,1,1,1,5,132,128,128,128,0,1,1,16,32,13,131,128,128,128,0,1,0,3,7,136,128,128,128,0,1,4,109,97,105,110,0,0,9,139,128,128,128,0,1,6,0,65,0,11,112,1,210,0,11,10,169,128,128,128,0,1,39,0,65,155,156,226,160,125,65,223,213,167,111,65,175,127,71,109,65,166,141,228,182,122,65,205,0,71,65,20,111,251,27,1,65,51,251,19,1,11]); var module = new WebAssembly.Module(buffer); ``` ./bin/jsc --useWebAssemblyGC=true testcase.js ## Output Aborted ## Backtrace #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140735915472448) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140735915472448) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140735915472448, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007fffed881476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007fffed8677f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007ffff0eebffb in std::__throw_bad_optional_access () at /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/optional:102 #6 0x00007ffff4f55558 in std::optional<unsigned int>::value() const & (this=<optimized out>) at /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/optional:952 #7 JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseExpression (this=this@entry=0x7fffa23f6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:1960 #8 0x00007ffff4eece8e in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parseBody (this=this@entry=0x7fffa23f6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:365 #9 0x00007ffff4ecd434 in JSC::Wasm::FunctionParser<JSC::Wasm::LLIntGenerator>::parse (this=this@entry=0x7fffa23f6c40) at /home/WebKit/Source/JavaScriptCore/wasm/WasmFunctionParser.h:336 #10 0x00007ffff4e85c3a in JSC::Wasm::parseAndCompileBytecode (functionStart=<optimized out>, functionLength=<optimized out>, signature=..., info=..., functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:580 #11 0x00007ffff4ebf4ac in JSC::Wasm::LLIntPlan::compileFunction (this=0x615000017f00, functionIndex=0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp:89 #12 0x00007ffff4e73891 in JSC::Wasm::EntryPlan::compileFunctions (this=0x615000017f00, effort=<optimized out>) at /home/WebKit/Source/JavaScriptCore/wasm/WasmEntryPlan.cpp:218 #13 0x00007ffff5101ad1 in JSC::Wasm::Worklist::Thread::work (this=0x6070000042a0) at /home/WebKit/Source/JavaScriptCore/wasm/WasmWorklist.cpp:111 #14 0x00007ffff55ddfa1 in WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/AutomaticThread.cpp:229 #15 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:53 #16 0x00007ffff56994c6 in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/WebKit/Source/WTF/wtf/Function.h:82 #17 WTF::Thread::entryPoint (newThreadContext=<optimized out>) at /home/WebKit/Source/WTF/wtf/Threading.cpp:250 #18 0x00007ffff58377a6 in WTF::wtfThreadEntryPoint (context=0x6180) at /home/WebKit/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:242 #19 0x00007fffed8d3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #20 0x00007fffed965a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81