Thanks a lot André! I’ve filed these as the inline comments describe. I’ve put them on 8u60 by default.
/M > On 28 Nov 2014, at 17:16, André Bargull <[email protected]> wrote: > > It's been a while since the last jsfunfuzz round. :-) > > - André > > > Environment: > jdk9-dev-nashorn > parent: 1109:0c9f3369f3d3 tip > > jdk8u-dev-nashorn > parent: 1096:fc37699ddc0e tip > > java version "1.8.0_25" > Java(TM) SE Runtime Environment (build 1.8.0_25-b17) > Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode) > > Stacktraces are from jdk9-dev-nashorn, but unless otherwise noted the bugs > are also reproducible under jdk8u-dev-nashorn. > > --- > > Note: Spec compliance and other issues. > > > jjs> try{ Object.prototype.toLocaleString.call(0) } catch (e) { > e.printStackTrace() } > java.lang.ClassCastException: java.lang.Integer cannot be cast to > jdk.nashorn.internal.runtime.ScriptObject > at > jdk.nashorn.internal.objects.NativeObject.toLocaleString(NativeObject.java:501) > at jdk.nashorn.internal.scripts.Script$3$\^shell\_.:program(<shell>:1) > at > jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636) > at > jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:229) > at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:387) > at jdk.nashorn.internal.runtime.Context.eval(Context.java:715) > at jdk.nashorn.internal.runtime.Context.eval(Context.java:645) > at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:450) > at jdk.nashorn.tools.Shell.run(Shell.java:158) > at jdk.nashorn.tools.Shell.main(Shell.java:133) > ... > > Expected: Returns "0" > Actual: ClassCastException > https://bugs.openjdk.java.net/browse/JDK-8066214 > > jjs> Object.defineProperty([], "length", {value: {valueOf: function(){ > print("(╯°□°)╯︵ ┻━┻"); return 0; }}}) > > Expected: Two tables flipped ;-) > Actual: print() only called once > Note: ES5 15.4.5.1, steps 3.c and 3.d require two ToNumber conversions. > > https://bugs.openjdk.java.net/browse/JDK-8066215 > jjs> function defLen(arr, len, f) { > var c = false; > Object.defineProperty(arr, "length", {value: { > valueOf: function(){ (!c && (c = true)) && f && f(); return len; } > }}); > } > jjs> var a = new Array(0); > jjs> defLen(a, 1, function() {defLen(a, 5); a[2] = "test"; Object.seal(a); }); > > Expected: Throws TypeError, `a.length` is 3 > Actual: No TypeError, `a.length` is 1 > Note: There is a ES5 spec bug you need to workaround, fixed in ES6 draft > (https://bugs.ecmascript.org/show_bug.cgi?id=1200). > > https://bugs.openjdk.java.net/browse/JDK-8066216 > jjs> new ArrayBuffer(); > > Expected: Throws TypeError (ES6 rev28) or create zero-length buffer (see > SpiderMonkey, V8, JSC) > Actual: Throws java.lang.RuntimeException > > > jjs> Function("this = null")() > > Expected: Error string does not contain {U%} > Actual: Error string is: 'ReferenceError: "{U%}this" can not be used as the > left-hand side of assignment’ > https://bugs.openjdk.java.net/browse/JDK-8066217 > > And jdk.nashorn.internal.runtime.Source#byteToCharArray: Detection for > UTF-32LE does not work because it has the same prefix as UTF-16LE. > > --- > > Note: The following two bugs need some warm-up, I've tried to reduce the STR > as much as possible. > > function tryItOut(c) { > var f = tryCompiling(c); > if (f !== null && c.indexOf('infloop') === -1) { > tryRunning(f); > } > } > > function tryCompiling(c) { > try { return Function(c); } catch(e) { return null; } > } > > function tryRunning(f) { > try { > return f(); > } catch (e) { > if (e instanceof java.lang.Throwable) e.printStackTrace(); > } > } > > tryItOut("return;"); > tryItOut("var x = [];"); > tryItOut("var y = [];"); > tryItOut("var z = [];"); > tryItOut("return;"); > tryItOut("Math.min"); > tryItOut("Math.log"); > tryItOut("Math.cos"); > tryItOut("Math.max"); > tryItOut("Math.sin"); > tryItOut("Math.random"); > tryItOut(""); > tryItOut("return 1e81;"); > tryItOut("{}"); > tryItOut("((new Function(\"([,,]);\")).apply)(3.14);"); > tryItOut("Math.tan"); > tryItOut("Math.pow"); > tryItOut("([,,]);"); > > java.lang.ClassCastException: jdk.nashorn.internal.runtime.Undefined cannot > be cast to java.lang.Number > at > sun.invoke.util.ValueConversions.primitiveConversion(ValueConversions.java:199) > at sun.invoke.util.ValueConversions.unboxDouble(ValueConversions.java:119) > at > jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:656) > at > jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:229) > at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:387) > at > jdk.nashorn.internal.scripts.Script$Recompilation$10$213A$a.tryRunning(/tmp/a.js:14) > at > jdk.nashorn.internal.scripts.Script$Recompilation$7$a.tryItOut(/tmp/a.js:4) > at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:636) > at > jdk.nashorn.internal.scripts.Script$Recompilation$1$a.:program(/tmp/a.js:37) > at > jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636) > ... > > — https://bugs.openjdk.java.net/browse/JDK-8066219 > > function tryItOut(c) { > var f = tryCompiling(c); > if (f !== null && c.indexOf('infloop') === -1) { > tryRunning(f); > } > } > > function tryCompiling(c) { > try { return Function(c); } catch(e) { return null; } > } > > function tryRunning(f) { > try { > return f(); > } catch (e) { > if (e instanceof java.lang.Throwable) e.printStackTrace(); > } > } > > tryItOut("x = 1e-81;"); > tryItOut("y = x;"); > tryItOut("for(x in (((new Function).call)(true))){}"); > tryItOut("(x.constructor = new (new Function)(y));"); > > java.lang.IllegalArgumentException: target and combiner types must match: > (Object,Object)Object != (boolean)Object > at > java.lang.invoke.MethodHandleStatics.newIllegalArgumentException(MethodHandleStatics.java:109) > at java.lang.invoke.MethodHandles.misMatchedTypes(MethodHandles.java:2775) > at java.lang.invoke.MethodHandles.foldArguments(MethodHandles.java:2714) > at > jdk.nashorn.internal.lookup.MethodHandleFactory$StandardMethodHandleFunctionality.foldArguments(MethodHandleFactory.java:430) > at > jdk.nashorn.internal.runtime.CompiledFunction.createConstructorFromInvoker(CompiledFunction.java:265) > at > jdk.nashorn.internal.runtime.CompiledFunction.getConstructor(CompiledFunction.java:224) > at > jdk.nashorn.internal.runtime.CompiledFunction.access$300(CompiledFunction.java:61) > at > jdk.nashorn.internal.runtime.CompiledFunction$3.get(CompiledFunction.java:680) > at > jdk.nashorn.internal.runtime.CompiledFunction$3.get(CompiledFunction.java:677) > at > jdk.nashorn.internal.runtime.CompiledFunction.getValidOptimisticInvocation(CompiledFunction.java:606) > ... > > --- > > > jjs> function f() { x3 = function x1(x3) { function (){} }; } f() > Exception in thread "main" java.lang.AssertionError: x3 (slot=-1 ) 1090 > at > jdk.nashorn.internal.codegen.AssignSymbols.finalizeParameters(AssignSymbols.java:569) > at > jdk.nashorn.internal.codegen.AssignSymbols.leaveFunctionNode(AssignSymbols.java:849) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at > jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59) > at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:347) > at > jdk.nashorn.internal.ir.ExpressionStatement.accept(ExpressionStatement.java:64) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > … https://bugs.openjdk.java.net/browse/JDK-8066221 > > > jjs> Function("L: if(true) {x} if([].sort(function x (x){})) { if > (eval(\"this\", 0)) {/a/gireturn;return; } else {/*infloop*/for\t(y; (0); 1 ? > /x/ : 1) (this);({a:0});{} }}") > <shell>:1 SyntaxError: <function>:1:81 Unsupported RegExp flag: r > jjs> Function("L: if(true) {x} if([].sort(function x (x){})) { if > (eval(\"this\", 0)) {/a/gireturn;return; } else {/*infloop*/for\t(y; (0); 1 ? > /x/ : 1) (this);({a:0});{} }}") > Exception in thread "main" java.lang.AssertionError > at > jdk.nashorn.internal.codegen.AssignSymbols.enterFunctionBody(AssignSymbols.java:494) > at > jdk.nashorn.internal.codegen.AssignSymbols.enterBlock(AssignSymbols.java:453) > at jdk.nashorn.internal.ir.Block.accept(Block.java:177) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at > jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > … > https://bugs.openjdk.java.net/browse/JDK-8066222 > > jjs> try{ x={}; (function(){ try { throw null; } catch(x) { with({}) return; > } finally { eval("'a'.replace('a', Function.apply)"); }})() > }catch(e){e.printStackTrace()} > java.lang.ClassCastException: jdk.nashorn.internal.scripts.JO1P0 cannot be > cast to jdk.nashorn.internal.runtime.WithObject > at > jdk.nashorn.internal.runtime.WithObject.withExpressionGuard(WithObject.java:363) > at > jdk.nashorn.internal.scripts.Script$Recompilation$15$\^shell\_#1\!84\^eval\_.:program(<shell>#1:84<eval>:1) > at > jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636) > at > jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:229) > at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:387) > at jdk.nashorn.internal.runtime.Context.eval(Context.java:711) > at jdk.nashorn.internal.objects.Global.directEval(Global.java:941) > at > jdk.nashorn.internal.scripts.Script$Recompilation$13$12$\^shell\_.L:1(<shell>:1) > at > jdk.nashorn.internal.scripts.Script$Recompilation$11$\^shell\_.:program(<shell>:1) > at > jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636) > … > https://bugs.openjdk.java.net/browse/JDK-8066223 <https://bugs.openjdk.java.net/browse/JDK-8066223> > > jjs> try{ (function(){ if(false ? (-1) : '' ) {throw false;} else if (x = > this) {var x = x; } })() } catch(e) { e.printStackTrace() } > java.lang.NullPointerException > at > jdk.nashorn.internal.codegen.MethodEmitter.pushType(MethodEmitter.java:258) > at > jdk.nashorn.internal.codegen.MethodEmitter.loadUndefined(MethodEmitter.java:779) > at > jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2517) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492) > at > jdk.nashorn.internal.codegen.CodeGenerator.leaveBlock(CodeGenerator.java:1126) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:2025) > at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:86) > … > https://bugs.openjdk.java.net/browse/JDK-8066224 > > jjs> try { function f(){switch(0) { case 8: for (var x in {}) {x} case 8: }} > f() } catch(e) { e.printStackTrace() } > java.lang.NullPointerException > at > jdk.nashorn.internal.codegen.MethodEmitter.markDeadSlots(MethodEmitter.java:1154) > at > jdk.nashorn.internal.codegen.MethodEmitter.markDeadLocalVariable(MethodEmitter.java:1149) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2494) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterSwitchNode(CodeGenerator.java:2932) > at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:106) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at > jdk.nashorn.internal.ir.LexicalContextStatement.accept(LexicalContextStatement.java:55) > at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:38) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > ... > > > jjs> try{ (function(){ if(x, false) { return; var x; } else if (x = 0) { } > else { x } })() }catch(e){e.printStackTrace()} > java.lang.NullPointerException > at > jdk.nashorn.internal.codegen.MethodEmitter.markDeadSlots(MethodEmitter.java:1154) > at > jdk.nashorn.internal.codegen.MethodEmitter.markDeadLocalVariable(MethodEmitter.java:1149) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2494) > at > jdk.nashorn.internal.codegen.CodeGenerator.leaveBlock(CodeGenerator.java:1126) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:2025) > at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:86) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > ... > > > jjs> function f() { function(){}; function(){} } f() > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.ir.Symbol.getFirstSlot(Symbol.java:545) > at > jdk.nashorn.internal.codegen.MethodEmitter.markDeadLocalVariable(MethodEmitter.java:1149) > at > jdk.nashorn.internal.codegen.MethodEmitter.store(MethodEmitter.java:1202) > at > jdk.nashorn.internal.codegen.CodeGenerator.storeIdentWithCatchConversion(CodeGenerator.java:3201) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterVarNode(CodeGenerator.java:3161) > at jdk.nashorn.internal.ir.VarNode.accept(VarNode.java:171) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425 > https://bugs.openjdk.java.net/browse/JDK-8066225 > <https://bugs.openjdk.java.net/browse/JDK-8066225> (and the ones above) > > > jjs> try { false.constructor = 0 } catch(e) { e.printStackTrace() } > java.lang.invoke.WrongMethodTypeException: Parameter counts differ: > (Object)Object vs. (Object,int)Object > at > jdk.internal.dynalink.support.TypeConverterFactory.asType(TypeConverterFactory.java:236) > at > jdk.internal.dynalink.support.LinkerServicesImpl.asType(LinkerServicesImpl.java:126) > at > jdk.internal.dynalink.linker.LinkerServices$Implementation.asTypeLosslessReturn(LinkerServices.java:197) > at > jdk.internal.dynalink.support.LinkerServicesImpl.asTypeLosslessReturn(LinkerServicesImpl.java:131) > at > jdk.internal.dynalink.linker.GuardedInvocation.asTypeSafeReturn(GuardedInvocation.java:340) > at > jdk.nashorn.internal.runtime.linker.Bootstrap.asTypeSafeReturn(Bootstrap.java:429) > at > jdk.nashorn.internal.runtime.linker.NashornPrimitiveLinker.getGuardedInvocation(NashornPrimitiveLinker.java:70) > at > jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176) > at > jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124) > at > jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:149) > … > https://bugs.openjdk.java.net/browse/JDK-8066226 > > jjs> function f() { var x; (x -= x = 0); } f() > Exception in thread "main" java.lang.AssertionError: Attempted load of > uninitialized slot 1 (as type int) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:993) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:955) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:937) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadIdent(CodeGenerator.java:318) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$400(CodeGenerator.java:183) > at > jdk.nashorn.internal.codegen.CodeGenerator$1.enterIdentNode(CodeGenerator.java:725) > at jdk.nashorn.internal.ir.IdentNode.accept(IdentNode.java:138) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadExpression(CodeGenerator.java:722) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:590) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183) > … > https://bugs.openjdk.java.net/browse/JDK-8066227 > > jjs> (function x(x){}) > Exception in thread "main" java.lang.AssertionError > at > jdk.nashorn.internal.codegen.AssignSymbols.enterFunctionBody(AssignSymbols.java:494) > at > jdk.nashorn.internal.codegen.AssignSymbols.enterBlock(AssignSymbols.java:453) > at jdk.nashorn.internal.ir.Block.accept(Block.java:177) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at > jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59) > at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:347) > … > https://bugs.openjdk.java.net/browse/JDK-8066228 > > jjs> function f() { x; throw null; (function (){ var x; }); } f() > Exception in thread "main" java.lang.AssertionError: Couldn't find scope > depth for symbol x in [object] function {U%}f() > at > jdk.nashorn.internal.codegen.CodeGenerator.loadFastScopeProto(CodeGenerator.java:516) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$100(CodeGenerator.java:183) > at > jdk.nashorn.internal.codegen.CodeGenerator$LoadFastScopeVar.getProto(CodeGenerator.java:483) > at > jdk.nashorn.internal.codegen.CodeGenerator$LoadScopeVar.loadStack(CodeGenerator.java:456) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4392) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadIdent(CodeGenerator.java:331) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$400(CodeGenerator.java:183) > at > jdk.nashorn.internal.codegen.CodeGenerator$1.enterIdentNode(CodeGenerator.java:725) > at jdk.nashorn.internal.ir.IdentNode.accept(IdentNode.java:138) > … > https://bugs.openjdk.java.net/browse/JDK-8066229 > > jjs> function f() { void null + 0; } f() > Exception in thread "main" java.lang.AssertionError: object<type=Undefined> > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183) > at > jdk.nashorn.internal.codegen.CodeGenerator$14.loadStack(CodeGenerator.java:3575) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4392) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadADD(CodeGenerator.java:3582) > at > jdk.nashorn.internal.codegen.CodeGenerator$1.enterADD(CodeGenerator.java:872) > … > > > jjs> function f() { var x; x += void x; } f() > Exception in thread "main" java.lang.AssertionError: object<type=Undefined> > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183) > at > jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment$1.loadStack(CodeGenerator.java:3700) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407) > at > jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment.evaluate(CodeGenerator.java:3706) > at > jdk.nashorn.internal.codegen.CodeGenerator$Store.store(CodeGenerator.java:4286) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadASSIGN_ADD(CodeGenerator.java:3735) > … > > > jjs> function f(){ var a = true + x, x; } f() > Exception in thread "main" java.lang.AssertionError: object<type=Undefined> > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183) > at > jdk.nashorn.internal.codegen.CodeGenerator$14.loadStack(CodeGenerator.java:3575) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4392) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadADD(CodeGenerator.java:3582) > at > jdk.nashorn.internal.codegen.CodeGenerator$1.enterADD(CodeGenerator.java:872) > … > https://bugs.openjdk.java.net/browse/JDK-8066230 > <https://bugs.openjdk.java.net/browse/JDK-8066230> (for the 3 above) > > jjs> function f(){ try { Object; } catch(x if x >>>=0) { throw x2; } finally > { } } f() > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:563) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953) > at > jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981) > at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > ... > > > jjs> function f(){ try { return; } catch(x) { return x ^= 0; } finally { > throw 0; } } f() > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:555) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953) > at > jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981) > at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > ... > > > jjs> function f(){ try { return; } catch(x) { return x ^= Object; } finally { > throw Object; } } f() > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:558) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953) > at > jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981) > at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > ... > > > jjs> function f() { try { undefined } catch(x1) { try { undefined } catch(x2) > { x1 = 0; } } } f() > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:558) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953) > at > jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492) > at > jdk.nashorn.internal.codegen.CodeGenerator.leaveBlock(CodeGenerator.java:1126) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:3088) > at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110) > … > https://bugs.openjdk.java.net/browse/JDK-8066231 <https://bugs.openjdk.java.net/browse/JDK-8066231> (the 4 above) > > jjs> function f() { try{ undefined } catch(e if 1) {} } f() > Exception in thread "main" java.lang.AssertionError > at > jdk.nashorn.internal.codegen.Label$Stack.defineBlockLocalVariable(Label.java:379) > at > jdk.nashorn.internal.codegen.MethodEmitter.defineBlockLocalVariable(MethodEmitter.java:1274) > at > jdk.nashorn.internal.codegen.CodeGeneratorLexicalContext.assignSlots(CodeGeneratorLexicalContext.java:242) > at > jdk.nashorn.internal.codegen.CodeGeneratorLexicalContext.onEnterBlock(CodeGeneratorLexicalContext.java:210) > at > jdk.nashorn.internal.codegen.CodeGenerator.initLocals(CodeGenerator.java:1671) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterBlock(CodeGenerator.java:1113) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:3045) > at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > … > https://bugs.openjdk.java.net/browse/JDK-8066232 > > jjs> function f() { try { undefined } catch(x1 if Object) { } catch(x2) { > (function(){x2}) } } f() > Exception in thread "main" java.lang.AssertionError > at > jdk.nashorn.internal.codegen.CodeGenerator.enterBlock(CodeGenerator.java:1115) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:3045) > at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterBlockStatement(CodeGenerator.java:1583) > at jdk.nashorn.internal.ir.BlockStatement.accept(BlockStatement.java:86) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > … > https://bugs.openjdk.java.net/browse/JDK-8066233 > > jjs> function f() { try { undefined } catch(x4) { var x4; } finally { eval() > } } f() > Exception in thread "main" java.lang.AssertionError > at > jdk.nashorn.internal.codegen.CodeGenerator.initLocals(CodeGenerator.java:1716) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterBlock(CodeGenerator.java:1113) > at jdk.nashorn.internal.ir.Block.accept(Block.java:177) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at > jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47) > at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59) > at > jdk.nashorn.internal.codegen.CompilationPhase.transformFunction(CompilationPhase.java:732) > … https://bugs.openjdk.java.net/browse/JDK-8066234 > > > jjs> Function("L:with(Object in Object)break L;\n{}")() > Exception in thread "main" java.lang.ClassFormatError: Invalid pc in > LineNumberTable in class file > jdk/nashorn/internal/scripts/Script$Recompilation$6$1$\^function\_ > at java.lang.ClassLoader.defineClass1(Native Method) > at java.lang.ClassLoader.defineClass(ClassLoader.java:760) > at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) > at > jdk.nashorn.internal.runtime.ScriptLoader.installClass(ScriptLoader.java:74) > at > jdk.nashorn.internal.runtime.Context$ContextCodeInstaller.install(Context.java:183) > at > jdk.nashorn.internal.codegen.CompilationPhase$14.transform(CompilationPhase.java:556) > at > jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:728) > at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:620) > at > jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileTypeSpecialization(RecompilableScriptFunctionData.java:513) > at > jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.getBest(RecompilableScriptFunctionData.java:730) > ... > > https://bugs.openjdk.java.net/browse/JDK-8066235 > jjs> function f() { L: {this = x;break L}} f() > Exception in thread "main" java.lang.VerifyError: StackMapTable error: bad > offset > Exception Details: > Location: > jdk/nashorn/internal/scripts/Script$Recompilation$4$1$\^shell\_.f(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; > @0: aload_0 > Reason: > Invalid stackmap specification. > Current Frame: > bci: @21 > flags: { } > locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', > 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' } > stack: { } > Bytecode: > 0x0000000: 2ab6 0014 4d2b 2cba 0020 0000 1222 b800 > 0x0000010: 2857 a700 03 > Stackmap Table: > append_frame(@21,Object[#48]) > > > jjs> function f(){ L:with(this--)break L; } f() > Exception in thread "main" java.lang.VerifyError: StackMapTable error: bad > offset > Exception Details: > Location: > jdk/nashorn/internal/scripts/Script$Recompilation$4$\^shell\_.f(Ljava/lang/Object;)Ljava/lang/Object; > @0: aload_0 > Reason: > Invalid stackmap specification. > Current Frame: > bci: @13 > flags: { } > locals: { 'java/lang/Object' } > stack: { } > Bytecode: > 0x0000000: 2a01 1210 b800 16b8 001c a700 03 > Stackmap Table: > same_frame(@13) > > > jjs> function f(){ L:with(Object in Object) break L; } f() > Exception in thread "main" java.lang.VerifyError: StackMapTable error: bad > offset > Exception Details: > Location: > jdk/nashorn/internal/scripts/Script$Recompilation$4$\^shell\_.f(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; > @0: aload_0 > Reason: > Invalid stackmap specification. > Current Frame: > bci: @42 > flags: { } > locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', > 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' } > stack: { } > Bytecode: > 0x0000000: 2ab6 0014 4d2c 2cba 0020 0000 2cba 0020 > 0x0000010: 0000 b800 26b8 002c b800 304d 2cb6 0035 > 0x0000020: 4da7 0009 2cb6 0035 4dbf > Exception Handler Table: > bci [28, 36] => handler: 36 > Stackmap Table: > full_frame(@36,{Object[#16],Object[#61],Object[#50]},{Object[#63]}) > same_frame(@42) > > https://bugs.openjdk.java.net/browse/JDK-8066236 <https://bugs.openjdk.java.net/browse/JDK-8066236> (all 4 above) > ---- > > Note: Only reproducible with jdk9-dev-nashorn. > > > jjs> try { function f() { eval("get, a") } f() } catch (e) { > e.printStackTrace() } > jdk.nashorn.internal.runtime.ParserException: <shell>#1:21<eval>:1:3 Expected > ident but found , > get, a > ^ > at > jdk.nashorn.internal.parser.AbstractParser.error(AbstractParser.java:292) > at > jdk.nashorn.internal.parser.AbstractParser.error(AbstractParser.java:277) > at > jdk.nashorn.internal.parser.AbstractParser.expectDontAdvance(AbstractParser.java:348) > at > jdk.nashorn.internal.parser.AbstractParser.expect(AbstractParser.java:335) > at > jdk.nashorn.internal.parser.AbstractParser.getIdentifierName(AbstractParser.java:486) > at jdk.nashorn.internal.parser.Parser.propertyName(Parser.java:2228) > at > jdk.nashorn.internal.parser.Parser.propertyGetterFunction(Parser.java:2294) > at jdk.nashorn.internal.parser.Parser.statement(Parser.java:966) > at jdk.nashorn.internal.parser.Parser.sourceElements(Parser.java:787) > at jdk.nashorn.internal.parser.Parser.program(Parser.java:712) > … > https://bugs.openjdk.java.net/browse/JDK-8066237 <https://bugs.openjdk.java.net/browse/JDK-8066237> > > jjs> function f(){ L: ({ set prop(){0 = null} }); } > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.parser.ParserContext.pop(ParserContext.java:91) > at jdk.nashorn.internal.parser.Parser.functionExpression(Parser.java:2677) > at jdk.nashorn.internal.parser.Parser.statement(Parser.java:887) > at jdk.nashorn.internal.parser.Parser.sourceElements(Parser.java:787) > at jdk.nashorn.internal.parser.Parser.program(Parser.java:712) > at jdk.nashorn.internal.parser.Parser.parse(Parser.java:281) > at jdk.nashorn.internal.parser.Parser.parse(Parser.java:247) > at jdk.nashorn.internal.runtime.Context.compile(Context.java:1207) > at jdk.nashorn.internal.runtime.Context.eval(Context.java:671) > at jdk.nashorn.internal.runtime.Context.eval(Context.java:641) > … > > > jjs> function f() { do ; while({ get x()1-- }); } > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.parser.ParserContext.pop(ParserContext.java:91) > at jdk.nashorn.internal.parser.Parser.functionExpression(Parser.java:2677) > at jdk.nashorn.internal.parser.Parser.statement(Parser.java:887) > at jdk.nashorn.internal.parser.Parser.sourceElements(Parser.java:787) > at jdk.nashorn.internal.parser.Parser.program(Parser.java:712) > at jdk.nashorn.internal.parser.Parser.parse(Parser.java:281) > at jdk.nashorn.internal.parser.Parser.parse(Parser.java:247) > at jdk.nashorn.internal.runtime.Context.compile(Context.java:1207) > at jdk.nashorn.internal.runtime.Context.eval(Context.java:671) > at jdk.nashorn.internal.runtime.Context.eval(Context.java:641) > … > https://bugs.openjdk.java.net/browse/JDK-8066238 <https://bugs.openjdk.java.net/browse/JDK-8066238> (for both above) > > jjs> function f() { (x+=void x); } f() > Exception in thread "main" java.lang.AssertionError: object<type=Undefined> > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650) > at > jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575) > at > jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183) > at > jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment$1.loadStack(CodeGenerator.java:3700) > at > jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407) > at > jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment.evaluate(CodeGenerator.java:3706) > at > jdk.nashorn.internal.codegen.CodeGenerator$Store.store(CodeGenerator.java:4286) > at > jdk.nashorn.internal.codegen.CodeGenerator.loadASSIGN_ADD(CodeGenerator.java:3735) > … > Folding this into https://bugs.openjdk.java.net/browse/JDK-8066230 <https://bugs.openjdk.java.net/browse/JDK-8066230> > > jjs> function f() { try { Object } catch(x) { (x=y); return; } finally { > throw Object; } } f() > Exception in thread "main" java.lang.AssertionError > at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:558) > at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953) > at > jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519) > at > jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492) > at > jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981) > at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80) > at jdk.nashorn.internal.ir.Node.accept(Node.java:265) > at jdk.nashorn.internal.ir.Block.accept(Block.java:178) > at > jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57) > at jdk.nashorn.internal.ir.Block.accept(Block.java:425) > ... > Folding this into https://bugs.openjdk.java.net/browse/JDK-8066231 <https://bugs.openjdk.java.net/browse/JDK-8066231>
