From 760fc4fb951091b8a3e4fce8dee080893ba6ba6e Mon Sep 17 00:00:00 2001
From: Robert Fancsik <frobert@inf.u-szeged.hu>
Date: Wed, 24 Apr 2019 14:36:19 +0200
Subject: [PATCH] Remove incorrect assertions from class construction
 instructions (#2827)

A class expression can be part of any kind of expression since the asserts for the stack position calculation were incorrect.
This patch fixes #2819.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu
---
 jerry-core/vm/vm.c                            |  5 -----
 .../es2015/regression-test-issue-2819.js      | 20 +++++++++++++++++++
 2 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 tests/jerry/es2015/regression-test-issue-2819.js

diff --git a/jerry-core/vm/vm.c b/jerry-core/vm/vm.c
index bb4c96f85..b955977bd 100644
--- a/jerry-core/vm/vm.c
+++ b/jerry-core/vm/vm.c
@@ -1340,8 +1340,6 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
           ecma_object_t *super_class_p;
           branch_offset += (int32_t) (byte_code_start_p - frame_ctx_p->byte_code_start_p);
 
-          JERRY_ASSERT (frame_ctx_p->registers_p + register_end + frame_ctx_p->context_depth == stack_top_p);
-
           if (ecma_is_value_null (super_value))
           {
             super_class_p = ecma_create_object (ecma_builtin_get (ECMA_BUILTIN_ID_OBJECT_PROTOTYPE),
@@ -1487,12 +1485,9 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
         }
         case VM_OC_CLASS_EXPR_CONTEXT_END:
         {
-          JERRY_ASSERT (frame_ctx_p->registers_p + register_end + frame_ctx_p->context_depth == stack_top_p - 1);
-
           JERRY_ASSERT (VM_GET_CONTEXT_TYPE (stack_top_p[-2]) == VM_CONTEXT_SUPER_CLASS);
           stack_top_p = vm_stack_context_abort (frame_ctx_p, stack_top_p - 1);
 
-          JERRY_ASSERT (frame_ctx_p->registers_p + register_end + frame_ctx_p->context_depth == stack_top_p);
           stack_top_p++;
           stack_top_p[-1] = *stack_top_p;
           continue;
diff --git a/tests/jerry/es2015/regression-test-issue-2819.js b/tests/jerry/es2015/regression-test-issue-2819.js
new file mode 100644
index 000000000..2aa5a2cb7
--- /dev/null
+++ b/tests/jerry/es2015/regression-test-issue-2819.js
@@ -0,0 +1,20 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+try {
+  for (this << class extends this {} in this) { }
+  assert (false);
+} catch (e) {
+  assert (e instanceof TypeError);
+}