VerifyError: Bad type on operand stack

Marcus Lagergren marcus.lagergren at oracle.com
Sun Sep 15 23:47:59 PDT 2013


Looks like return obj is treated like an arguments vector, which is not right. 

We do a virtual call to getArgument, which is a ScriptObject method with "obj" as a receiver, which is not guaranteed to work. See bci 48:

public static java.lang.Object func(jdk.nashorn.internal.runtime.ScriptFunction, java.lang.Object, java.lang.Object...);
    Code:
       0: aload_2       
       1: aload_0       
       2: iconst_1      
       3: invokestatic  #47                 // Method jdk/nashorn/internal/objects/Global.allocateArguments:([Ljava/lang/Object;Ljava/lang/Object;I)Ljdk/nashorn/internal/runtime/ScriptObject;
       6: astore_3      
       7: getstatic     #51                 // Field jdk/nashorn/internal/runtime/ScriptRuntime.UNDEFINED:Ljdk/nashorn/internal/runtime/Undefined;
      10: astore        5
      12: aload_3       
      13: iconst_0      
      14: invokevirtual #57                 // Method jdk/nashorn/internal/runtime/ScriptObject.getArgument:(I)Ljava/lang/Object;
      17: astore_3      
      18: aload_3       
      19: invokestatic  #61                 // Method jdk/nashorn/internal/runtime/ScriptRuntime.toPropertyIterator:(Ljava/lang/Object;)Ljava/util/Iterator;
      22: astore        6
      24: goto          36
      27: aload         6
      29: invokeinterface #67,  1           // InterfaceMethod java/util/Iterator.next:()Ljava/lang/Object;
      34: astore        5
      36: aload         6
      38: invokeinterface #71,  1           // InterfaceMethod java/util/Iterator.hasNext:()Z
      43: ifne          27
      46: aload_3       
      47: iconst_0      
      48: invokevirtual #57                 // Method jdk/nashorn/internal/runtime/ScriptObject.getArgument:(I)Ljava/lang/Object;
      51: areturn       

On Sep 14, 2013, at 10:04 AM, A. Sundararajan <sundararajan.athijegannathan at oracle.com> wrote:

> Hi,
> 
> Thanks for the simplified test case. Even simpler test is as follows:
> 
> function func(obj) {
>    var arguments = obj;
>    for (var i in arguments) {
>    }
>    return obj;
> }
> 
> 
> I suspect the issue has to do with handling of 'arguments' shadowing by local var of "magic" arguments. Renaming arguments fixes it. And looks like the loop over arguments is needed as well. I'll file a bug.
> 
> Thanks again,
> -Sundar
> 
> On Saturday 14 September 2013 09:12 AM, Tal Liron wrote:
>> Hm, I think the mailing list doesn't support attachments. Here is a link to the file that causes the VerifyError:
>> 
>> http://sincerity.googlecode.com/git/components/plugins/javascript-nashorn/libraries/scripturian/plugins/javascript-nashorn.js 
>> 
>> On 09/13/2013 03:38 PM, Tal Liron wrote:
>>> Hi Attila, I am attaching the file. I didn't attach it originally, because I thought it would be impossible for you to test: it is normally run from within an embedded environment based on Scripturian/Sincerity. However, I am happy say that i tried anyway and the exact same exception is reproducible even with jjs. Note that "jjs --compile-only" completes without error.
>>> 
>>> -Tal
>> 
> 



More information about the nashorn-dev mailing list