-
Bug
-
Resolution: Fixed
-
P4
-
8
-
None
-
generic
-
generic
Nashorn spend last night together with jsfunfuzz, results are below.
- André
[[Runtime exceptions]] - run the followings commands in this order, notice java.lang.ClassCastException twice:
jjs> tryItOut = function(c){try{f = Function(c)}catch(e){return} try{rv=f()}catch(e){print(e)}}
function(c){try{f = Function(c)}catch(e){return} try{rv=f()}catch(e){print(e)}}
jjs> tryItOut("/*for..in*/for(var window.this in ((/a/gi)({} | [,])))return;");
jjs> tryItOut("M:switch(window) { default: M:if(x5 || null) {/*for..in*//* nogeckoex bug 349964 */ for each(var x3 in x4) gc() } }");
jjs> tryItOut("");
jjs> tryItOut("if((y = this)[(\n[[]])]) {{}; } else if ((eval(\";\", x5).constructor = x)) break ;{} else {x = window, __noSuchMethod__ = false;gc() }");
jjs> tryItOut("{var x = '' ; }");
jjs> tryItOut("if(new Boolean(this.__noSuchMethod__ = typeof '' )) {return '' ;[[1]] } else if (((new String(new (undefined)(), /x/ ))[true >= 0/*\n*/])) /*for..in*/L:for(var x in ((({}).hasOwnProperty)(true)));");
jjs> tryItOut("with({}) { [1,2,3,4].map } ");
jjs> tryItOut("gc()");
java.lang.ClassCastException: java.lang.String cannot be cast to jdk.nashorn.internal.runtime.ScriptFunction
jjs> tryItOut("L:with(x, x5; ^= /x/ ){if(x3-=false) { if ((this.zzz.zzz)) /a/gi} else 1e4; }");
jjs> tryItOut("if(new (window)( '' , x) < x.x) {1e-81;( /x/g ); } else if (new (new Function)(x3 = {}, ((-1)(this, undefined)))) {[1,,](functional); }");
java.lang.ClassCastException: java.lang.String cannot be cast to jdk.nashorn.internal.runtime.ScriptFunction
[[Compiler errors]]:
jjs> Function("switch([]) { case 7: }");
Compiling threw: java.lang.VerifyError: Bad type on operand stack
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @9: invokestatic
Reason:
Type 'jdk/nashorn/internal/objects/NativeArray' (current frame, stack[0]) is not assignable to '[I'
Current Frame:
bci: @9
flags: { }
locals: { 'java/lang/Object' }
stack: { 'jdk/nashorn/internal/objects/NativeArray', integer }
Bytecode:
0000000: 04b8 0031 b800 3712 38b8 003c ab00 0000
0000010: 0000 0014 0000 0001 0000 0007 0000 0014
0000020: b200 2bb0
Stackmap Table:
same_frame(@32)
java.lang.VerifyError: Bad type on operand stack
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @9: invokestatic
Reason:
Type 'jdk/nashorn/internal/objects/NativeArray' (current frame, stack[0]) is not assignable to '[I'
Current Frame:
bci: @9
flags: { }
locals: { 'java/lang/Object' }
stack: { 'jdk/nashorn/internal/objects/NativeArray', integer }
Bytecode:
0000000: 04b8 0031 b800 3712 38b8 003c ab00 0000
0000010: 0000 0014 0000 0001 0000 0007 0000 0014
0000020: b200 2bb0
Stackmap Table:
same_frame(@32)
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2367)
at java.lang.Class.getDeclaredField(Class.java:1902)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:417)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:413)
at java.security.AccessController.doPrivileged(Native Method)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:413)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at ...
jjs> Function("L: {break L;return; }");
Compiling threw: java.lang.VerifyError: StackMapTable error: bad offset
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$jsfunfuzz._L1(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; @0: aload_0
Reason:
Invalid stackmap specification.
Current Frame:
bci: @8
flags: { }
locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
stack: { }
Bytecode:
0000000: 2ab6 0018 4da7 0003
Stackmap Table:
append_frame(@8,Object[#53])
java.lang.VerifyError: StackMapTable error: bad offset
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; @0: aload_0
Reason:
Invalid stackmap specification.
Current Frame:
bci: @8
flags: { }
locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
stack: { }
Bytecode:
0000000: 2ab6 0018 4da7 0003
Stackmap Table:
append_frame(@8,Object[#53])
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2367)
at java.lang.Class.getDeclaredField(Class.java:1902)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:417)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:413)
at java.security.AccessController.doPrivileged(Native Method)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:413)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at ...
jjs> Function("return function (x) { return true } ( /x/ ) >> window;");
Compiling threw: java.lang.AssertionError: boolean is not an integer or long
java.lang.AssertionError: boolean is not an integer or long
at jdk.nashorn.internal.codegen.MethodEmitter.popInteger(MethodEmitter.java:269)
at jdk.nashorn.internal.codegen.MethodEmitter.sar(MethodEmitter.java:581)
at jdk.nashorn.internal.codegen.CodeGenerator$26.op(CodeGenerator.java:2799)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterSAR(CodeGenerator.java:2801)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:185)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at ...
jjs> Function("return y % function(q) { return q; }();");
Compiling threw: java.lang.AssertionError: object is not numeric
java.lang.AssertionError: object is not numeric
at jdk.nashorn.internal.codegen.MethodEmitter.popNumeric(MethodEmitter.java:257)
at jdk.nashorn.internal.codegen.MethodEmitter.get2n(MethodEmitter.java:1598)
at jdk.nashorn.internal.codegen.MethodEmitter.rem(MethodEmitter.java:1655)
at jdk.nashorn.internal.codegen.CodeGenerator$24.op(CodeGenerator.java:2760)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterMOD(CodeGenerator.java:2762)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:175)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at ...
jjs> Function("with(\nnull == (this % {}))( /x/g );");
Compiling threw: java.lang.AssertionError: expecting integer type or object for jump, but found double
java.lang.AssertionError: expecting integer type or object for jump, but found double
at jdk.nashorn.internal.codegen.MethodEmitter.jump(MethodEmitter.java:1352)
at jdk.nashorn.internal.codegen.MethodEmitter.ifnull(MethodEmitter.java:1386)
at jdk.nashorn.internal.codegen.CodeGenerator.nullCheck(CodeGenerator.java:1473)
at jdk.nashorn.internal.codegen.CodeGenerator.enterRuntimeNode(CodeGenerator.java:1608)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterRuntimeNode(NodeVisitor.java:537)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:352)
at ...
jjs> Function("/*infloop*/while(((function ()4.)([z1,,], [,,]) - true++))switch(1e+81.x) { default: break; \u0009 }");
Compiling threw: java.lang.AssertionError: expecting equivalent types on stack but got double and int
java.lang.AssertionError: expecting equivalent types on stack but got double and int
at jdk.nashorn.internal.codegen.MethodEmitter.get2n(MethodEmitter.java:1600)
at jdk.nashorn.internal.codegen.MethodEmitter.sub(MethodEmitter.java:1622)
at jdk.nashorn.internal.codegen.CodeGenerator$29.op(CodeGenerator.java:2836)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterSUB(CodeGenerator.java:2838)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:191)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at ...
jjs> Function("try { } catch(NaN if [15,16,17,18].filter(({}).hasOwnProperty, NaN) - ((function(q) { return q; })( \"\" , \"\" ))) { with({}) { throw NaN; } } ");
Compiling threw: java.lang.NullPointerException
java.lang.NullPointerException
at jdk.nashorn.internal.codegen.types.Type.getMethodDescriptor(Type.java:161)
at jdk.nashorn.internal.codegen.MethodEmitter.getDynamicSignature(MethodEmitter.java:1691)
at jdk.nashorn.internal.codegen.MethodEmitter.dynamicCall(MethodEmitter.java:1726)
at jdk.nashorn.internal.codegen.CodeGenerator$2.enterAccessNode(CodeGenerator.java:684)
at jdk.nashorn.internal.ir.AccessNode.accept(AccessNode.java:64)
at jdk.nashorn.internal.codegen.CodeGenerator.enterCallNode(CodeGenerator.java:582)
at jdk.nashorn.internal.ir.CallNode.accept(CallNode.java:199)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterCallNode(NodeVisitor.java:217)
at ...
jjs> Function("try { {} } catch(x) { with({}) throw x; } ");
Compiling threw: java.lang.ArrayIndexOutOfBoundsException
java.lang.ArrayIndexOutOfBoundsException: -1
at jdk.nashorn.internal.codegen.Label$Stack.pop(Label.java:102)
at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:234)
at jdk.nashorn.internal.codegen.MethodEmitter.athrow(MethodEmitter.java:1002)
at jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:1935)
at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:76)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator.enterWithNode(CodeGenerator.java:2150)
at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:68)
at ...
jjs> Function("L:if((function x ()3)() + arguments++) {return; } else if (new gc()) while(((x2.prop = functional)) && 0){ }");
Compiling threw: java.lang.AssertionError: expecting equivalent types on stack but got double and int
java.lang.AssertionError: expecting equivalent types on stack but got double and int
at jdk.nashorn.internal.codegen.MethodEmitter.get2(MethodEmitter.java:1576)
at jdk.nashorn.internal.codegen.MethodEmitter.add(MethodEmitter.java:1611)
at jdk.nashorn.internal.codegen.CodeGenerator.enterNumericAdd(CodeGenerator.java:2339)
at jdk.nashorn.internal.codegen.CodeGenerator.enterADD(CodeGenerator.java:2351)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:117)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at ...
jjs> Function("var x = x -= '' ");
Compiling threw: java.lang.VerifyError: get long/double overflows locals
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @0: dload_2
Reason:
Local index 2 is invalid
Bytecode:
0000000: 280e 675c 4949 b200 2bb0
java.lang.VerifyError: get long/double overflows locals
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @0: dload_2
Reason:
Local index 2 is invalid
Bytecode:
0000000: 280e 675c 4949 b200 2bb0
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2367)
at java.lang.Class.getDeclaredField(Class.java:1902)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:417)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:413)
at java.security.AccessController.doPrivileged(Native Method)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:413)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at ...
jjs> Function("return (null != [,,] <= this);");
Compiling threw: java.lang.AssertionError: object is not compatible with boolean
java.lang.AssertionError: object is not compatible with boolean
at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:236)
at jdk.nashorn.internal.codegen.MethodEmitter.fixParamStack(MethodEmitter.java:1109)
at jdk.nashorn.internal.codegen.MethodEmitter.invoke(MethodEmitter.java:1128)
at jdk.nashorn.internal.codegen.MethodEmitter.invokestatic(MethodEmitter.java:1182)
at jdk.nashorn.internal.codegen.CodeGenerator.nullCheck(CodeGenerator.java:1482)
at jdk.nashorn.internal.codegen.CodeGenerator.enterRuntimeNode(CodeGenerator.java:1608)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterRuntimeNode(NodeVisitor.java:537)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at ...
jjs> Function("/*infloop*/L:for(var x; ([+(function (window)[,,])(function(q) { return q; }, -0)].some(new Function)); [11,12,13,14].some) {/*infloop*/do {;return this; } while(x); }");
Compiling threw: java.lang.AssertionError: Storing object into array<elementType=double>
java.lang.AssertionError: Storing object into array<elementType=double>
at jdk.nashorn.internal.codegen.MethodEmitter.arraystore(MethodEmitter.java:937)
at jdk.nashorn.internal.codegen.CodeGenerator.storeElement(CodeGenerator.java:1188)
at jdk.nashorn.internal.codegen.CodeGenerator.loadArray(CodeGenerator.java:1169)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:1278)
at jdk.nashorn.internal.codegen.CodeGenerator.enterLiteralNode(CodeGenerator.java:1325)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterLiteralNode(NodeVisitor.java:457)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at ...
jjs> x= {}
[object Object]
jjs> Function("switch((Math.pow ? x = 1.2e3 : 3)) { default: return; }")
Exception in thread "main" java.lang.AssertionError: int is not compatible with object
at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:236)
at jdk.nashorn.internal.codegen.MethodEmitter.store(MethodEmitter.java:953)
at jdk.nashorn.internal.codegen.CodeGenerator.enterSwitchNode(CodeGenerator.java:1878)
at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:104)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
jjs> Function("try { function (x) /x/ } finally { (function(id) { return id }); } ");
Compiling threw: java.lang.ClassFormatError: Duplicate method name&signature in class file jdk/nashorn/internal/scripts/Script$jsfunfuzz
java.lang.ClassFormatError: Duplicate method name&signature in class file jdk/nashorn/internal/scripts/Script$\^function\_
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:751)
at jdk.nashorn.internal.runtime.ScriptLoader.installClass(ScriptLoader.java:62)
at jdk.nashorn.internal.runtime.Context$ContextCodeInstaller.install(Context.java:92)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:408)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at jdk.nashorn.internal.objects.Global.directEval(Global.java:703)
at jdk.nashorn.internal.objects.NativeFunction.function(NativeFunction.java:235)
at ...
jjs> Function("switch(0) { default: break; return; }");
Compiling threw: java.lang.VerifyError: Code generation bug in "_L1": array stack misaligned: java.lang.NullPointerException <function>
java.lang.NullPointerException
at jdk.internal.org.objectweb.asm.Frame.merge(Frame.java:1305)
at jdk.internal.org.objectweb.asm.MethodWriter.visitMaxs(MethodWriter.java:1382)
at jdk.nashorn.internal.codegen.MethodEmitter.end(MethodEmitter.java:201)
at jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1030)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterFunctionNode(CodeGenerator.java:402)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:284)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at ...
jjs> Function("x = 0.1, x\ntrue\n~this");
Compiling threw: java.lang.AssertionError: Only return value on stack allowed at return point - depth=2 stack = jdk.nashorn.internal.codegen.Label$Stack@4bd0d62f
java.lang.AssertionError: Only return value on stack allowed at return point - depth=2 stack = jdk.nashorn.internal.codegen.Label$Stack@79d04413
at jdk.nashorn.internal.codegen.MethodEmitter._return(MethodEmitter.java:1295)
at jdk.nashorn.internal.codegen.CodeGenerator.enterReturnNode(CodeGenerator.java:1438)
at jdk.nashorn.internal.ir.ReturnNode.accept(ReturnNode.java:90)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterFunctionNode(CodeGenerator.java:402)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:284)
at ...
jjs> Function("with((function (x)x2)() ^ this){return; }");
Compiling threw: java.lang.AssertionError: object is not an integer or long
java.lang.AssertionError: object is not an integer or long
at jdk.nashorn.internal.codegen.MethodEmitter.popInteger(MethodEmitter.java:269)
at jdk.nashorn.internal.codegen.MethodEmitter.get2i(MethodEmitter.java:1587)
at jdk.nashorn.internal.codegen.MethodEmitter.xor(MethodEmitter.java:542)
at jdk.nashorn.internal.codegen.CodeGenerator$22.op(CodeGenerator.java:2652)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterBIT_XOR(CodeGenerator.java:2654)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:151)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at ...
jjs> Function("/*infloop*/for(x = window++~.2.hasOwnProperty(\"x3\"); (!([[1]]).apply()); {}) {( /x/g );({}).hasOwnProperty }");
Compiling threw: java.lang.AssertionError: window++ ~ 0.2.hasOwnProperty("x3") has no type
java.lang.AssertionError: window++ ~ 0.2.hasOwnProperty("x3") has no type
at jdk.nashorn.internal.ir.Node.getType(Node.java:107)
at jdk.nashorn.internal.codegen.Attr.leaveAssignmentNode(Attr.java:1084)
at jdk.nashorn.internal.codegen.Attr.leaveASSIGN(Attr.java:1107)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.leaveBinaryNode(NodeOperatorVisitor.java:205)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:165)
at jdk.nashorn.internal.ir.ForNode.accept(ForNode.java:92)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at ...
jjs> Function("throw NaN\n~window;");
Compiling threw: java.lang.AssertionError: node NaN ~ window class jdk.nashorn.internal.ir.BinaryNode has no symbol! [object] function _L1()
java.lang.AssertionError: node NaN ~ window class jdk.nashorn.internal.ir.BinaryNode has no symbol! [object] function _L1()
at jdk.nashorn.internal.codegen.FinalizeTypes.convert(FinalizeTypes.java:787)
at jdk.nashorn.internal.codegen.FinalizeTypes.leaveThrowNode(FinalizeTypes.java:496)
at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:77)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:165)
at jdk.nashorn.internal.ir.ExecuteNode.accept(ExecuteNode.java:67)
at ...
jjs> Function("if(([(this >>> 4.)].map(gc))) x;");
Compiling threw: java.lang.AssertionError: array element type doesn't match array type
java.lang.AssertionError: array element type doesn't match array type
at jdk.nashorn.internal.codegen.CodeGenerator.storeElement(CodeGenerator.java:1184)
at jdk.nashorn.internal.codegen.CodeGenerator.loadArray(CodeGenerator.java:1169)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:1278)
at jdk.nashorn.internal.codegen.CodeGenerator.enterLiteralNode(CodeGenerator.java:1325)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterLiteralNode(NodeVisitor.java:457)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:352)
at ...
jjs> Function("switch(gc()) { case \ntrue: case 1: }");
Compiling threw: java.lang.ClassCastException: java.lang.Boolean cannot be cast to java.lang.Integer
java.lang.ClassCastException: java.lang.Boolean cannot be cast to java.lang.Integer
at jdk.nashorn.internal.codegen.CodeGenerator.enterSwitchNode(CodeGenerator.java:1811)
at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:104)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterFunctionNode(CodeGenerator.java:402)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:284)
at ...
jjs> Function("if(--) y;");
Compiling threw: java.lang.NullPointerException
java.lang.NullPointerException
at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:78)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.ExecuteNode.accept(ExecuteNode.java:67)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at ...
jjs> Function("if((null ^ [1]) !== (this.yoyo(false))) {var NaN, x;x\n~[,,z1] }");
Compiling threw: java.lang.AssertionError: stacks jdk.nashorn.internal.codegen.Label$Stack@4918f90f is not equivalent with jdk.nashorn.internal.codegen.Label$Stack@5f9b21a1 at join point
java.lang.AssertionError: stacks jdk.nashorn.internal.codegen.Label$Stack@3a5fcae7 is not equivalent with jdk.nashorn.internal.codegen.Label$Stack@8b6defe at join point
at jdk.nashorn.internal.codegen.MethodEmitter.mergeStackTo(MethodEmitter.java:1522)
at jdk.nashorn.internal.codegen.MethodEmitter.jump(MethodEmitter.java:1355)
at jdk.nashorn.internal.codegen.MethodEmitter._goto(MethodEmitter.java:1486)
at jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:1070)
at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:76)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at ...
jjs> Function("try { 4. } catch(x) { function x4 (y, x5)x } ");
Compiling threw: java.lang.NullPointerException
java.lang.NullPointerException
at jdk.nashorn.internal.codegen.MethodEmitter.convert(MethodEmitter.java:1557)
at jdk.nashorn.internal.codegen.CodeGenerator.enterVarNode(CodeGenerator.java:2076)
at jdk.nashorn.internal.ir.VarNode.accept(VarNode.java:125)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:2013)
at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at ...
jjs> Function("return (void ({ set each (x2)y }));");
Compiling threw: java.lang.AssertionError
java.lang.AssertionError
at jdk.nashorn.internal.codegen.Attr.enterFunctionBody(Attr.java:276)
at jdk.nashorn.internal.codegen.Attr.enterBlock(Attr.java:297)
at jdk.nashorn.internal.ir.Block.accept(Block.java:135)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.PropertyNode.accept(PropertyNode.java:90)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.ObjectNode.accept(ObjectNode.java:62)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:415)
at ...
- André
[[Runtime exceptions]] - run the followings commands in this order, notice java.lang.ClassCastException twice:
jjs> tryItOut = function(c){try{f = Function(c)}catch(e){return} try{rv=f()}catch(e){print(e)}}
function(c){try{f = Function(c)}catch(e){return} try{rv=f()}catch(e){print(e)}}
jjs> tryItOut("/*for..in*/for(var window.this in ((/a/gi)({} | [,])))return;");
jjs> tryItOut("M:switch(window) { default: M:if(x5 || null) {/*for..in*//* nogeckoex bug 349964 */ for each(var x3 in x4) gc() } }");
jjs> tryItOut("");
jjs> tryItOut("if((y = this)[(\n[[]])]) {{}; } else if ((eval(\";\", x5).constructor = x)) break ;{} else {x = window, __noSuchMethod__ = false;gc() }");
jjs> tryItOut("{var x = '' ; }");
jjs> tryItOut("if(new Boolean(this.__noSuchMethod__ = typeof '' )) {return '' ;[[1]] } else if (((new String(new (undefined)(), /x/ ))[true >= 0/*\n*/])) /*for..in*/L:for(var x in ((({}).hasOwnProperty)(true)));");
jjs> tryItOut("with({}) { [1,2,3,4].map } ");
jjs> tryItOut("gc()");
java.lang.ClassCastException: java.lang.String cannot be cast to jdk.nashorn.internal.runtime.ScriptFunction
jjs> tryItOut("L:with(x, x5; ^= /x/ ){if(x3-=false) { if ((this.zzz.zzz)) /a/gi} else 1e4; }");
jjs> tryItOut("if(new (window)( '' , x) < x.x) {1e-81;( /x/g ); } else if (new (new Function)(x3 = {}, ((-1)(this, undefined)))) {[1,,](functional); }");
java.lang.ClassCastException: java.lang.String cannot be cast to jdk.nashorn.internal.runtime.ScriptFunction
[[Compiler errors]]:
jjs> Function("switch([]) { case 7: }");
Compiling threw: java.lang.VerifyError: Bad type on operand stack
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @9: invokestatic
Reason:
Type 'jdk/nashorn/internal/objects/NativeArray' (current frame, stack[0]) is not assignable to '[I'
Current Frame:
bci: @9
flags: { }
locals: { 'java/lang/Object' }
stack: { 'jdk/nashorn/internal/objects/NativeArray', integer }
Bytecode:
0000000: 04b8 0031 b800 3712 38b8 003c ab00 0000
0000010: 0000 0014 0000 0001 0000 0007 0000 0014
0000020: b200 2bb0
Stackmap Table:
same_frame(@32)
java.lang.VerifyError: Bad type on operand stack
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @9: invokestatic
Reason:
Type 'jdk/nashorn/internal/objects/NativeArray' (current frame, stack[0]) is not assignable to '[I'
Current Frame:
bci: @9
flags: { }
locals: { 'java/lang/Object' }
stack: { 'jdk/nashorn/internal/objects/NativeArray', integer }
Bytecode:
0000000: 04b8 0031 b800 3712 38b8 003c ab00 0000
0000010: 0000 0014 0000 0001 0000 0007 0000 0014
0000020: b200 2bb0
Stackmap Table:
same_frame(@32)
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2367)
at java.lang.Class.getDeclaredField(Class.java:1902)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:417)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:413)
at java.security.AccessController.doPrivileged(Native Method)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:413)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at ...
jjs> Function("L: {break L;return; }");
Compiling threw: java.lang.VerifyError: StackMapTable error: bad offset
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$jsfunfuzz._L1(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; @0: aload_0
Reason:
Invalid stackmap specification.
Current Frame:
bci: @8
flags: { }
locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
stack: { }
Bytecode:
0000000: 2ab6 0018 4da7 0003
Stackmap Table:
append_frame(@8,Object[#53])
java.lang.VerifyError: StackMapTable error: bad offset
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; @0: aload_0
Reason:
Invalid stackmap specification.
Current Frame:
bci: @8
flags: { }
locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
stack: { }
Bytecode:
0000000: 2ab6 0018 4da7 0003
Stackmap Table:
append_frame(@8,Object[#53])
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2367)
at java.lang.Class.getDeclaredField(Class.java:1902)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:417)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:413)
at java.security.AccessController.doPrivileged(Native Method)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:413)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at ...
jjs> Function("return function (x) { return true } ( /x/ ) >> window;");
Compiling threw: java.lang.AssertionError: boolean is not an integer or long
java.lang.AssertionError: boolean is not an integer or long
at jdk.nashorn.internal.codegen.MethodEmitter.popInteger(MethodEmitter.java:269)
at jdk.nashorn.internal.codegen.MethodEmitter.sar(MethodEmitter.java:581)
at jdk.nashorn.internal.codegen.CodeGenerator$26.op(CodeGenerator.java:2799)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterSAR(CodeGenerator.java:2801)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:185)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at ...
jjs> Function("return y % function(q) { return q; }();");
Compiling threw: java.lang.AssertionError: object is not numeric
java.lang.AssertionError: object is not numeric
at jdk.nashorn.internal.codegen.MethodEmitter.popNumeric(MethodEmitter.java:257)
at jdk.nashorn.internal.codegen.MethodEmitter.get2n(MethodEmitter.java:1598)
at jdk.nashorn.internal.codegen.MethodEmitter.rem(MethodEmitter.java:1655)
at jdk.nashorn.internal.codegen.CodeGenerator$24.op(CodeGenerator.java:2760)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterMOD(CodeGenerator.java:2762)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:175)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at ...
jjs> Function("with(\nnull == (this % {}))( /x/g );");
Compiling threw: java.lang.AssertionError: expecting integer type or object for jump, but found double
java.lang.AssertionError: expecting integer type or object for jump, but found double
at jdk.nashorn.internal.codegen.MethodEmitter.jump(MethodEmitter.java:1352)
at jdk.nashorn.internal.codegen.MethodEmitter.ifnull(MethodEmitter.java:1386)
at jdk.nashorn.internal.codegen.CodeGenerator.nullCheck(CodeGenerator.java:1473)
at jdk.nashorn.internal.codegen.CodeGenerator.enterRuntimeNode(CodeGenerator.java:1608)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterRuntimeNode(NodeVisitor.java:537)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:352)
at ...
jjs> Function("/*infloop*/while(((function ()4.)([z1,,], [,,]) - true++))switch(1e+81.x) { default: break; \u0009 }");
Compiling threw: java.lang.AssertionError: expecting equivalent types on stack but got double and int
java.lang.AssertionError: expecting equivalent types on stack but got double and int
at jdk.nashorn.internal.codegen.MethodEmitter.get2n(MethodEmitter.java:1600)
at jdk.nashorn.internal.codegen.MethodEmitter.sub(MethodEmitter.java:1622)
at jdk.nashorn.internal.codegen.CodeGenerator$29.op(CodeGenerator.java:2836)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterSUB(CodeGenerator.java:2838)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:191)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at ...
jjs> Function("try { } catch(NaN if [15,16,17,18].filter(({}).hasOwnProperty, NaN) - ((function(q) { return q; })( \"\" , \"\" ))) { with({}) { throw NaN; } } ");
Compiling threw: java.lang.NullPointerException
java.lang.NullPointerException
at jdk.nashorn.internal.codegen.types.Type.getMethodDescriptor(Type.java:161)
at jdk.nashorn.internal.codegen.MethodEmitter.getDynamicSignature(MethodEmitter.java:1691)
at jdk.nashorn.internal.codegen.MethodEmitter.dynamicCall(MethodEmitter.java:1726)
at jdk.nashorn.internal.codegen.CodeGenerator$2.enterAccessNode(CodeGenerator.java:684)
at jdk.nashorn.internal.ir.AccessNode.accept(AccessNode.java:64)
at jdk.nashorn.internal.codegen.CodeGenerator.enterCallNode(CodeGenerator.java:582)
at jdk.nashorn.internal.ir.CallNode.accept(CallNode.java:199)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterCallNode(NodeVisitor.java:217)
at ...
jjs> Function("try { {} } catch(x) { with({}) throw x; } ");
Compiling threw: java.lang.ArrayIndexOutOfBoundsException
java.lang.ArrayIndexOutOfBoundsException: -1
at jdk.nashorn.internal.codegen.Label$Stack.pop(Label.java:102)
at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:234)
at jdk.nashorn.internal.codegen.MethodEmitter.athrow(MethodEmitter.java:1002)
at jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:1935)
at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:76)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator.enterWithNode(CodeGenerator.java:2150)
at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:68)
at ...
jjs> Function("L:if((function x ()3)() + arguments++) {return; } else if (new gc()) while(((x2.prop = functional)) && 0){ }");
Compiling threw: java.lang.AssertionError: expecting equivalent types on stack but got double and int
java.lang.AssertionError: expecting equivalent types on stack but got double and int
at jdk.nashorn.internal.codegen.MethodEmitter.get2(MethodEmitter.java:1576)
at jdk.nashorn.internal.codegen.MethodEmitter.add(MethodEmitter.java:1611)
at jdk.nashorn.internal.codegen.CodeGenerator.enterNumericAdd(CodeGenerator.java:2339)
at jdk.nashorn.internal.codegen.CodeGenerator.enterADD(CodeGenerator.java:2351)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:117)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at ...
jjs> Function("var x = x -= '' ");
Compiling threw: java.lang.VerifyError: get long/double overflows locals
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @0: dload_2
Reason:
Local index 2 is invalid
Bytecode:
0000000: 280e 675c 4949 b200 2bb0
java.lang.VerifyError: get long/double overflows locals
Exception Details:
Location:
jdk/nashorn/internal/scripts/Script$\^function\_._L1(Ljava/lang/Object;)Ljava/lang/Object; @0: dload_2
Reason:
Local index 2 is invalid
Bytecode:
0000000: 280e 675c 4949 b200 2bb0
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2367)
at java.lang.Class.getDeclaredField(Class.java:1902)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:417)
at jdk.nashorn.internal.codegen.Compiler$2.run(Compiler.java:413)
at java.security.AccessController.doPrivileged(Native Method)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:413)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at ...
jjs> Function("return (null != [,,] <= this);");
Compiling threw: java.lang.AssertionError: object is not compatible with boolean
java.lang.AssertionError: object is not compatible with boolean
at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:236)
at jdk.nashorn.internal.codegen.MethodEmitter.fixParamStack(MethodEmitter.java:1109)
at jdk.nashorn.internal.codegen.MethodEmitter.invoke(MethodEmitter.java:1128)
at jdk.nashorn.internal.codegen.MethodEmitter.invokestatic(MethodEmitter.java:1182)
at jdk.nashorn.internal.codegen.CodeGenerator.nullCheck(CodeGenerator.java:1482)
at jdk.nashorn.internal.codegen.CodeGenerator.enterRuntimeNode(CodeGenerator.java:1608)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterRuntimeNode(NodeVisitor.java:537)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:412)
at ...
jjs> Function("/*infloop*/L:for(var x; ([+(function (window)[,,])(function(q) { return q; }, -0)].some(new Function)); [11,12,13,14].some) {/*infloop*/do {;return this; } while(x); }");
Compiling threw: java.lang.AssertionError: Storing object into array<elementType=double>
java.lang.AssertionError: Storing object into array<elementType=double>
at jdk.nashorn.internal.codegen.MethodEmitter.arraystore(MethodEmitter.java:937)
at jdk.nashorn.internal.codegen.CodeGenerator.storeElement(CodeGenerator.java:1188)
at jdk.nashorn.internal.codegen.CodeGenerator.loadArray(CodeGenerator.java:1169)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:1278)
at jdk.nashorn.internal.codegen.CodeGenerator.enterLiteralNode(CodeGenerator.java:1325)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterLiteralNode(NodeVisitor.java:457)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at ...
jjs> x= {}
[object Object]
jjs> Function("switch((Math.pow ? x = 1.2e3 : 3)) { default: return; }")
Exception in thread "main" java.lang.AssertionError: int is not compatible with object
at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:236)
at jdk.nashorn.internal.codegen.MethodEmitter.store(MethodEmitter.java:953)
at jdk.nashorn.internal.codegen.CodeGenerator.enterSwitchNode(CodeGenerator.java:1878)
at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:104)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
jjs> Function("try { function (x) /x/ } finally { (function(id) { return id }); } ");
Compiling threw: java.lang.ClassFormatError: Duplicate method name&signature in class file jdk/nashorn/internal/scripts/Script$jsfunfuzz
java.lang.ClassFormatError: Duplicate method name&signature in class file jdk/nashorn/internal/scripts/Script$\^function\_
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:751)
at jdk.nashorn.internal.runtime.ScriptLoader.installClass(ScriptLoader.java:62)
at jdk.nashorn.internal.runtime.Context$ContextCodeInstaller.install(Context.java:92)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:408)
at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:447)
at jdk.nashorn.internal.runtime.Context.compile(Context.java:806)
at jdk.nashorn.internal.runtime.Context.eval(Context.java:367)
at jdk.nashorn.internal.objects.Global.directEval(Global.java:703)
at jdk.nashorn.internal.objects.NativeFunction.function(NativeFunction.java:235)
at ...
jjs> Function("switch(0) { default: break; return; }");
Compiling threw: java.lang.VerifyError: Code generation bug in "_L1": array stack misaligned: java.lang.NullPointerException <function>
java.lang.NullPointerException
at jdk.internal.org.objectweb.asm.Frame.merge(Frame.java:1305)
at jdk.internal.org.objectweb.asm.MethodWriter.visitMaxs(MethodWriter.java:1382)
at jdk.nashorn.internal.codegen.MethodEmitter.end(MethodEmitter.java:201)
at jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1030)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterFunctionNode(CodeGenerator.java:402)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:284)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at ...
jjs> Function("x = 0.1, x\ntrue\n~this");
Compiling threw: java.lang.AssertionError: Only return value on stack allowed at return point - depth=2 stack = jdk.nashorn.internal.codegen.Label$Stack@4bd0d62f
java.lang.AssertionError: Only return value on stack allowed at return point - depth=2 stack = jdk.nashorn.internal.codegen.Label$Stack@79d04413
at jdk.nashorn.internal.codegen.MethodEmitter._return(MethodEmitter.java:1295)
at jdk.nashorn.internal.codegen.CodeGenerator.enterReturnNode(CodeGenerator.java:1438)
at jdk.nashorn.internal.ir.ReturnNode.accept(ReturnNode.java:90)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterFunctionNode(CodeGenerator.java:402)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:284)
at ...
jjs> Function("with((function (x)x2)() ^ this){return; }");
Compiling threw: java.lang.AssertionError: object is not an integer or long
java.lang.AssertionError: object is not an integer or long
at jdk.nashorn.internal.codegen.MethodEmitter.popInteger(MethodEmitter.java:269)
at jdk.nashorn.internal.codegen.MethodEmitter.get2i(MethodEmitter.java:1587)
at jdk.nashorn.internal.codegen.MethodEmitter.xor(MethodEmitter.java:542)
at jdk.nashorn.internal.codegen.CodeGenerator$22.op(CodeGenerator.java:2652)
at jdk.nashorn.internal.codegen.CodeGenerator$BinaryArith.evaluate(CodeGenerator.java:2618)
at jdk.nashorn.internal.codegen.CodeGenerator.enterBIT_XOR(CodeGenerator.java:2654)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.enterBinaryNode(NodeOperatorVisitor.java:151)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:164)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:177)
at ...
jjs> Function("/*infloop*/for(x = window++~.2.hasOwnProperty(\"x3\"); (!([[1]]).apply()); {}) {( /x/g );({}).hasOwnProperty }");
Compiling threw: java.lang.AssertionError: window++ ~ 0.2.hasOwnProperty("x3") has no type
java.lang.AssertionError: window++ ~ 0.2.hasOwnProperty("x3") has no type
at jdk.nashorn.internal.ir.Node.getType(Node.java:107)
at jdk.nashorn.internal.codegen.Attr.leaveAssignmentNode(Attr.java:1084)
at jdk.nashorn.internal.codegen.Attr.leaveASSIGN(Attr.java:1107)
at jdk.nashorn.internal.ir.visitor.NodeOperatorVisitor.leaveBinaryNode(NodeOperatorVisitor.java:205)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:165)
at jdk.nashorn.internal.ir.ForNode.accept(ForNode.java:92)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at ...
jjs> Function("throw NaN\n~window;");
Compiling threw: java.lang.AssertionError: node NaN ~ window class jdk.nashorn.internal.ir.BinaryNode has no symbol! [object] function _L1()
java.lang.AssertionError: node NaN ~ window class jdk.nashorn.internal.ir.BinaryNode has no symbol! [object] function _L1()
at jdk.nashorn.internal.codegen.FinalizeTypes.convert(FinalizeTypes.java:787)
at jdk.nashorn.internal.codegen.FinalizeTypes.leaveThrowNode(FinalizeTypes.java:496)
at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:77)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:165)
at jdk.nashorn.internal.ir.ExecuteNode.accept(ExecuteNode.java:67)
at ...
jjs> Function("if(([(this >>> 4.)].map(gc))) x;");
Compiling threw: java.lang.AssertionError: array element type doesn't match array type
java.lang.AssertionError: array element type doesn't match array type
at jdk.nashorn.internal.codegen.CodeGenerator.storeElement(CodeGenerator.java:1184)
at jdk.nashorn.internal.codegen.CodeGenerator.loadArray(CodeGenerator.java:1169)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:1278)
at jdk.nashorn.internal.codegen.CodeGenerator.enterLiteralNode(CodeGenerator.java:1325)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:408)
at jdk.nashorn.internal.ir.visitor.NodeVisitor.enterLiteralNode(NodeVisitor.java:457)
at jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:801)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:371)
at jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:352)
at ...
jjs> Function("switch(gc()) { case \ntrue: case 1: }");
Compiling threw: java.lang.ClassCastException: java.lang.Boolean cannot be cast to java.lang.Integer
java.lang.ClassCastException: java.lang.Boolean cannot be cast to java.lang.Integer
at jdk.nashorn.internal.codegen.CodeGenerator.enterSwitchNode(CodeGenerator.java:1811)
at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:104)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator$1.enterFunctionNode(CodeGenerator.java:402)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:284)
at ...
jjs> Function("if(--) y;");
Compiling threw: java.lang.NullPointerException
java.lang.NullPointerException
at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:78)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.ExecuteNode.accept(ExecuteNode.java:67)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at ...
jjs> Function("if((null ^ [1]) !== (this.yoyo(false))) {var NaN, x;x\n~[,,z1] }");
Compiling threw: java.lang.AssertionError: stacks jdk.nashorn.internal.codegen.Label$Stack@4918f90f is not equivalent with jdk.nashorn.internal.codegen.Label$Stack@5f9b21a1 at join point
java.lang.AssertionError: stacks jdk.nashorn.internal.codegen.Label$Stack@3a5fcae7 is not equivalent with jdk.nashorn.internal.codegen.Label$Stack@8b6defe at join point
at jdk.nashorn.internal.codegen.MethodEmitter.mergeStackTo(MethodEmitter.java:1522)
at jdk.nashorn.internal.codegen.MethodEmitter.jump(MethodEmitter.java:1355)
at jdk.nashorn.internal.codegen.MethodEmitter._goto(MethodEmitter.java:1486)
at jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:1070)
at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:76)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at ...
jjs> Function("try { 4. } catch(x) { function x4 (y, x5)x } ");
Compiling threw: java.lang.NullPointerException
java.lang.NullPointerException
at jdk.nashorn.internal.codegen.MethodEmitter.convert(MethodEmitter.java:1557)
at jdk.nashorn.internal.codegen.CodeGenerator.enterVarNode(CodeGenerator.java:2076)
at jdk.nashorn.internal.ir.VarNode.accept(VarNode.java:125)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:2013)
at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.Block.accept(Block.java:136)
at ...
jjs> Function("return (void ({ set each (x2)y }));");
Compiling threw: java.lang.AssertionError
java.lang.AssertionError
at jdk.nashorn.internal.codegen.Attr.enterFunctionBody(Attr.java:276)
at jdk.nashorn.internal.codegen.Attr.enterBlock(Attr.java:297)
at jdk.nashorn.internal.ir.Block.accept(Block.java:135)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:285)
at jdk.nashorn.internal.ir.LexicalContextNode.accept(LexicalContextNode.java:69)
at jdk.nashorn.internal.ir.PropertyNode.accept(PropertyNode.java:90)
at jdk.nashorn.internal.ir.Node.accept(Node.java:346)
at jdk.nashorn.internal.ir.ObjectNode.accept(ObjectNode.java:62)
at jdk.nashorn.internal.ir.RuntimeNode.accept(RuntimeNode.java:415)
at ...