Fuzzing results 10/10/2013 (hg tip 03a68e7ca1d5)
A. Sundararajan
sundararajan.athijegannathan at oracle.com
Thu Oct 10 02:08:02 PDT 2013
Thanks for reporting.
I filed https://bugs.openjdk.java.net/browse/JDK-8026249
-Sundar
On Thursday 10 October 2013 09:06 AM, André Bargull wrote:
> Re-ran jsfunfuzz with the latest patches applied, results below.
>
> - André
>
>
>
>
> function f() { if(x3, y) x; }
>
> Exception in thread "main" java.lang.AssertionError: DISCARD(x3) has
> no type
> at jdk.nashorn.internal.ir.Expression.getType(Expression.java:96)
> at
> jdk.nashorn.internal.codegen.BranchOptimizer.branchOptimizer(BranchOptimizer.java:87)
> at
> jdk.nashorn.internal.codegen.BranchOptimizer.branchOptimizer(BranchOptimizer.java:163)
> at
> jdk.nashorn.internal.codegen.BranchOptimizer.execute(BranchOptimizer.java:56)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:1158)
> at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:76)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:291)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:143)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:361)
> ...
>
>
>
> function f(x) { return y, x }
>
> Exception in thread "main" java.lang.AssertionError: Illegal
> conversion object -> <unknown> false false
> at
> jdk.nashorn.internal.codegen.types.ObjectType.convert(ObjectType.java:158)
> at
> jdk.nashorn.internal.codegen.MethodEmitter.convert(MethodEmitter.java:1560)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$1.enterDefault(CodeGenerator.java:500)
> at
> jdk.nashorn.internal.ir.visitor.NodeVisitor.enterBinaryNode(NodeVisitor.java:178)
> at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:165)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:447)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:359)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterReturnNode(CodeGenerator.java:1556)
> at jdk.nashorn.internal.ir.ReturnNode.accept(ReturnNode.java:91)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:291)
> ...
>
>
>
> function f() { L: {{break L; } return; } }
> function f() { L: {if(x2) {break L; } throw x; } }
>
> Exception in thread "main" java.lang.VerifyError: StackMapTable error:
> bad offset
> Exception Details:
> Location:
> jdk/nashorn/internal/scripts/Script$\^shell\_.f(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object;
> @0: aload_0
> Reason:
> Invalid stackmap specification.
> Current Frame:
> bci: @12
> flags: { }
> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction',
> 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
> stack: { }
> Bytecode:
> 0000000: 2ab6 0018 4da7 0007 0000 00bf
> Stackmap Table:
> full_frame(@8,{},{Object[#53]})
> append_frame(@12,Object[#20],Object[#55],Object[#57])
>
>
>
> function f() { switch(x) { default: if(true) break; return; } }
> function f() { switch(x) { default: L: break; return; } }
>
> java.lang.NullPointerException
> at jdk.internal.org.objectweb.asm.Frame.merge(Frame.java:1321)
> at
> jdk.internal.org.objectweb.asm.MethodWriter.visitMaxs(MethodWriter.java:1499)
> at
> jdk.nashorn.internal.codegen.MethodEmitter.end(MethodEmitter.java:200)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1125)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:297)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:49)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$1.enterFunctionNode(CodeGenerator.java:478)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:296)
> ...
>
>
>
> function f() { Function.call.call(function x() { eval("x") });
> eval("x") } try { f() } catch(e) { e.printStackTrace() }
>
> java.lang.ClassCastException: Cannot cast
> jdk.nashorn.internal.scripts.JO1P0 to jdk.nashorn.internal.scripts.JO2P0
> at
> sun.invoke.util.ValueConversions.newClassCastException(ValueConversions.java:461)
> at
> sun.invoke.util.ValueConversions.castReference(ValueConversions.java:456)
> at
> jdk.nashorn.internal.scripts.Script$\^shell\_#1\^eval\_.runScript(<shell>#1<eval>:1)
> at
> jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:527)
> at
> jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:204)
> at
> jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:367)
> at jdk.nashorn.internal.runtime.Context.eval(Context.java:465)
> at jdk.nashorn.internal.objects.Global.directEval(Global.java:811)
> at jdk.nashorn.internal.scripts.Script$\^shell\_.f(<shell>:1)
> at jdk.nashorn.internal.scripts.Script$\^shell\_.runScript(<shell>:1)
> ...
>
>
>
> function f() { with({}) return eval("arguments", 3/0); } try { f() }
> catch(e) { e.printStackTrace() }
>
> java.lang.NullPointerException
> at
> java.lang.invoke.MethodHandles.guardWithTest(MethodHandles.java:2131)
> at
> jdk.nashorn.internal.lookup.MethodHandleFactory$StandardMethodHandleFunctionality.guardWithTest(MethodHandleFactory.java:287)
> at
> jdk.nashorn.internal.runtime.WithObject.fixScopeCallSite(WithObject.java:258)
> at
> jdk.nashorn.internal.runtime.WithObject.lookup(WithObject.java:126)
> at
> jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:75)
> at
> jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
> at
> jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
> at
> jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:138)
> at jdk.internal.dynalink.DynamicLinker.relink(DynamicLinker.java:232)
> at
> jdk.nashorn.internal.scripts.Script$\^shell\_#1\^eval\_.runScript(<shell>#1<eval>:1)
> ...
More information about the nashorn-dev
mailing list