Fuzzer bugs
Marcus Lagergren
marcus.lagergren at oracle.com
Mon Dec 1 09:00:25 UTC 2014
And here’s an umbrella CR to add some structure:
https://bugs.openjdk.java.net/browse/JDK-8066239 <https://bugs.openjdk.java.net/browse/JDK-8066239>
Regards
Marcus
> On 01 Dec 2014, at 09:50, Marcus Lagergren <marcus.lagergren at oracle.com> wrote:
>
> Here is a search query for the bugs:
>
> https://bugs.openjdk.java.net/issues/?filter=20408&jql=Summary%20~%22Fuzzing%20bug%22%20and%20subcomponent%20%3D%20%22jdk.nashorn%22 <https://bugs.openjdk.java.net/issues/?filter=20408&jql=Summary%20~%22Fuzzing%20bug%22%20and%20subcomponent%20=%20%22jdk.nashorn%22>
>
> Again, thanks a lot for helping us, André! We will be the most JavaScript compliant runtime in the world soon, if not already ;)
>
> /M
>
>> On 01 Dec 2014, at 09:46, Marcus Lagergren <marcus.lagergren at oracle.com <mailto:marcus.lagergren at oracle.com>> wrote:
>>
>>
>> Thanks a lot André! I’ve filed these as the inline comments describe. I’ve put them on 8u60 by default.
>>
>> /M
>>
>>> On 28 Nov 2014, at 17:16, André Bargull <andrebargull at googlemail.com <mailto:andrebargull at googlemail.com>> wrote:
>>>
>>> It's been a while since the last jsfunfuzz round. :-)
>>>
>>> - André
>>>
>>>
>>> Environment:
>>> jdk9-dev-nashorn
>>> parent: 1109:0c9f3369f3d3 tip
>>>
>>> jdk8u-dev-nashorn
>>> parent: 1096:fc37699ddc0e tip
>>>
>>> java version "1.8.0_25"
>>> Java(TM) SE Runtime Environment (build 1.8.0_25-b17)
>>> Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
>>>
>>> Stacktraces are from jdk9-dev-nashorn, but unless otherwise noted the bugs are also reproducible under jdk8u-dev-nashorn.
>>>
>>> ---
>>>
>>> Note: Spec compliance and other issues.
>>>
>>>
>>> jjs> try{ Object.prototype.toLocaleString.call(0) } catch (e) { e.printStackTrace() }
>>> java.lang.ClassCastException: java.lang.Integer cannot be cast to jdk.nashorn.internal.runtime.ScriptObject
>>> at jdk.nashorn.internal.objects.NativeObject.toLocaleString(NativeObject.java:501)
>>> at jdk.nashorn.internal.scripts.Script$3$\^shell\_.:program(<shell>:1)
>>> at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636)
>>> at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:229)
>>> at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:387)
>>> at jdk.nashorn.internal.runtime.Context.eval(Context.java:715)
>>> at jdk.nashorn.internal.runtime.Context.eval(Context.java:645)
>>> at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:450)
>>> at jdk.nashorn.tools.Shell.run(Shell.java:158)
>>> at jdk.nashorn.tools.Shell.main(Shell.java:133)
>>> ...
>>>
>>> Expected: Returns "0"
>>> Actual: ClassCastException
>>>
>>
>> https://bugs.openjdk.java.net/browse/JDK-8066214 <https://bugs.openjdk.java.net/browse/JDK-8066214>
>>>
>>> jjs> Object.defineProperty([], "length", {value: {valueOf: function(){ print("(╯°□°)╯︵ ┻━┻"); return 0; }}})
>>>
>>> Expected: Two tables flipped ;-)
>>> Actual: print() only called once
>>> Note: ES5 15.4.5.1, steps 3.c and 3.d require two ToNumber conversions.
>>>
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066215 <https://bugs.openjdk.java.net/browse/JDK-8066215>
>>> jjs> function defLen(arr, len, f) {
>>> var c = false;
>>> Object.defineProperty(arr, "length", {value: {
>>> valueOf: function(){ (!c && (c = true)) && f && f(); return len; }
>>> }});
>>> }
>>> jjs> var a = new Array(0);
>>> jjs> defLen(a, 1, function() {defLen(a, 5); a[2] = "test"; Object.seal(a); });
>>>
>>> Expected: Throws TypeError, `a.length` is 3
>>> Actual: No TypeError, `a.length` is 1
>>> Note: There is a ES5 spec bug you need to workaround, fixed in ES6 draft (https://bugs.ecmascript.org/show_bug.cgi?id=1200 <https://bugs.ecmascript.org/show_bug.cgi?id=1200>).
>>>
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066216 <https://bugs.openjdk.java.net/browse/JDK-8066216>
>>> jjs> new ArrayBuffer();
>>>
>>> Expected: Throws TypeError (ES6 rev28) or create zero-length buffer (see SpiderMonkey, V8, JSC)
>>> Actual: Throws java.lang.RuntimeException
>>>
>>>
>>> jjs> Function("this = null")()
>>>
>>> Expected: Error string does not contain {U%}
>>> Actual: Error string is: 'ReferenceError: "{U%}this" can not be used as the left-hand side of assignment’
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066217 <https://bugs.openjdk.java.net/browse/JDK-8066217>
>>
>>>
>>> And jdk.nashorn.internal.runtime.Source#byteToCharArray: Detection for UTF-32LE does not work because it has the same prefix as UTF-16LE.
>>>
>>> ---
>>>
>>> Note: The following two bugs need some warm-up, I've tried to reduce the STR as much as possible.
>>>
>>> function tryItOut(c) {
>>> var f = tryCompiling(c);
>>> if (f !== null && c.indexOf('infloop') === -1) {
>>> tryRunning(f);
>>> }
>>> }
>>>
>>> function tryCompiling(c) {
>>> try { return Function(c); } catch(e) { return null; }
>>> }
>>>
>>> function tryRunning(f) {
>>> try {
>>> return f();
>>> } catch (e) {
>>> if (e instanceof java.lang.Throwable) e.printStackTrace();
>>> }
>>> }
>>>
>>> tryItOut("return;");
>>> tryItOut("var x = [];");
>>> tryItOut("var y = [];");
>>> tryItOut("var z = [];");
>>> tryItOut("return;");
>>> tryItOut("Math.min");
>>> tryItOut("Math.log");
>>> tryItOut("Math.cos");
>>> tryItOut("Math.max");
>>> tryItOut("Math.sin");
>>> tryItOut("Math.random");
>>> tryItOut("");
>>> tryItOut("return 1e81;");
>>> tryItOut("{}");
>>> tryItOut("((new Function(\"([,,]);\")).apply)(3.14);");
>>> tryItOut("Math.tan");
>>> tryItOut("Math.pow");
>>> tryItOut("([,,]);");
>>>
>>> java.lang.ClassCastException: jdk.nashorn.internal.runtime.Undefined cannot be cast to java.lang.Number
>>> at sun.invoke.util.ValueConversions.primitiveConversion(ValueConversions.java:199)
>>> at sun.invoke.util.ValueConversions.unboxDouble(ValueConversions.java:119)
>>> at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:656)
>>> at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:229)
>>> at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:387)
>>> at jdk.nashorn.internal.scripts.Script$Recompilation$10$213A$a.tryRunning(/tmp/a.js:14)
>>> at jdk.nashorn.internal.scripts.Script$Recompilation$7$a.tryItOut(/tmp/a.js:4)
>>> at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:636)
>>> at jdk.nashorn.internal.scripts.Script$Recompilation$1$a.:program(/tmp/a.js:37)
>>> at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636)
>>> ...
>>>
>>> —
>> https://bugs.openjdk.java.net/browse/JDK-8066219 <https://bugs.openjdk.java.net/browse/JDK-8066219>
>>>
>>> function tryItOut(c) {
>>> var f = tryCompiling(c);
>>> if (f !== null && c.indexOf('infloop') === -1) {
>>> tryRunning(f);
>>> }
>>> }
>>>
>>> function tryCompiling(c) {
>>> try { return Function(c); } catch(e) { return null; }
>>> }
>>>
>>> function tryRunning(f) {
>>> try {
>>> return f();
>>> } catch (e) {
>>> if (e instanceof java.lang.Throwable) e.printStackTrace();
>>> }
>>> }
>>>
>>> tryItOut("x = 1e-81;");
>>> tryItOut("y = x;");
>>> tryItOut("for(x in (((new Function).call)(true))){}");
>>> tryItOut("(x.constructor = new (new Function)(y));");
>>>
>>> java.lang.IllegalArgumentException: target and combiner types must match: (Object,Object)Object != (boolean)Object
>>> at java.lang.invoke.MethodHandleStatics.newIllegalArgumentException(MethodHandleStatics.java:109)
>>> at java.lang.invoke.MethodHandles.misMatchedTypes(MethodHandles.java:2775)
>>> at java.lang.invoke.MethodHandles.foldArguments(MethodHandles.java:2714)
>>> at jdk.nashorn.internal.lookup.MethodHandleFactory$StandardMethodHandleFunctionality.foldArguments(MethodHandleFactory.java:430)
>>> at jdk.nashorn.internal.runtime.CompiledFunction.createConstructorFromInvoker(CompiledFunction.java:265)
>>> at jdk.nashorn.internal.runtime.CompiledFunction.getConstructor(CompiledFunction.java:224)
>>> at jdk.nashorn.internal.runtime.CompiledFunction.access$300(CompiledFunction.java:61)
>>> at jdk.nashorn.internal.runtime.CompiledFunction$3.get(CompiledFunction.java:680)
>>> at jdk.nashorn.internal.runtime.CompiledFunction$3.get(CompiledFunction.java:677)
>>> at jdk.nashorn.internal.runtime.CompiledFunction.getValidOptimisticInvocation(CompiledFunction.java:606)
>>> ...
>>>
>>> ---
>>>
>>>
>>> jjs> function f() { x3 = function x1(x3) { function (){} }; } f()
>>> Exception in thread "main" java.lang.AssertionError: x3 (slot=-1 ) 1090
>>> at jdk.nashorn.internal.codegen.AssignSymbols.finalizeParameters(AssignSymbols.java:569)
>>> at jdk.nashorn.internal.codegen.AssignSymbols.leaveFunctionNode(AssignSymbols.java:849)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59)
>>> at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:347)
>>> at jdk.nashorn.internal.ir.ExpressionStatement.accept(ExpressionStatement.java:64)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> …
>>
>> https://bugs.openjdk.java.net/browse/JDK-8066221 <https://bugs.openjdk.java.net/browse/JDK-8066221>
>>>
>>>
>>> jjs> Function("L: if(true) {x} if([].sort(function x (x){})) { if (eval(\"this\", 0)) {/a/gireturn;return; } else {/*infloop*/for\t(y; (0); 1 ? /x/ : 1) (this);({a:0});{} }}")
>>> <shell>:1 SyntaxError: <function>:1:81 Unsupported RegExp flag: r
>>> jjs> Function("L: if(true) {x} if([].sort(function x (x){})) { if (eval(\"this\", 0)) {/a/gireturn;return; } else {/*infloop*/for\t(y; (0); 1 ? /x/ : 1) (this);({a:0});{} }}")
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.codegen.AssignSymbols.enterFunctionBody(AssignSymbols.java:494)
>>> at jdk.nashorn.internal.codegen.AssignSymbols.enterBlock(AssignSymbols.java:453)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:177)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066222 <https://bugs.openjdk.java.net/browse/JDK-8066222>
>>
>>>
>>> jjs> try{ x={}; (function(){ try { throw null; } catch(x) { with({}) return; } finally { eval("'a'.replace('a', Function.apply)"); }})() }catch(e){e.printStackTrace()}
>>> java.lang.ClassCastException: jdk.nashorn.internal.scripts.JO1P0 cannot be cast to jdk.nashorn.internal.runtime.WithObject
>>> at jdk.nashorn.internal.runtime.WithObject.withExpressionGuard(WithObject.java:363)
>>> at jdk.nashorn.internal.scripts.Script$Recompilation$15$\^shell\_#1\!84\^eval\_.:program(<shell>#1:84<eval>:1)
>>> at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636)
>>> at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:229)
>>> at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:387)
>>> at jdk.nashorn.internal.runtime.Context.eval(Context.java:711)
>>> at jdk.nashorn.internal.objects.Global.directEval(Global.java:941)
>>> at jdk.nashorn.internal.scripts.Script$Recompilation$13$12$\^shell\_.L:1(<shell>:1)
>>> at jdk.nashorn.internal.scripts.Script$Recompilation$11$\^shell\_.:program(<shell>:1)
>>> at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066223 <https://bugs.openjdk.java.net/browse/JDK-8066223>
>>
>>>
>>> jjs> try{ (function(){ if(false ? (-1) : '' ) {throw false;} else if (x = this) {var x = x; } })() } catch(e) { e.printStackTrace() }
>>> java.lang.NullPointerException
>>> at jdk.nashorn.internal.codegen.MethodEmitter.pushType(MethodEmitter.java:258)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.loadUndefined(MethodEmitter.java:779)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2517)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.leaveBlock(CodeGenerator.java:1126)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:2025)
>>> at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:86)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066224 <https://bugs.openjdk.java.net/browse/JDK-8066224>
>>
>>>
>>> jjs> try { function f(){switch(0) { case 8: for (var x in {}) {x} case 8: }} f() } catch(e) { e.printStackTrace() }
>>> java.lang.NullPointerException
>>> at jdk.nashorn.internal.codegen.MethodEmitter.markDeadSlots(MethodEmitter.java:1154)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.markDeadLocalVariable(MethodEmitter.java:1149)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2494)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterSwitchNode(CodeGenerator.java:2932)
>>> at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:106)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.LexicalContextStatement.accept(LexicalContextStatement.java:55)
>>> at jdk.nashorn.internal.ir.SwitchNode.accept(SwitchNode.java:38)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> ...
>>>
>>>
>>> jjs> try{ (function(){ if(x, false) { return; var x; } else if (x = 0) { } else { x } })() }catch(e){e.printStackTrace()}
>>> java.lang.NullPointerException
>>> at jdk.nashorn.internal.codegen.MethodEmitter.markDeadSlots(MethodEmitter.java:1154)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.markDeadLocalVariable(MethodEmitter.java:1149)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2494)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.leaveBlock(CodeGenerator.java:1126)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:2025)
>>> at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:86)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> ...
>>>
>>>
>>
>>> jjs> function f() { function(){}; function(){} } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.ir.Symbol.getFirstSlot(Symbol.java:545)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.markDeadLocalVariable(MethodEmitter.java:1149)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.store(MethodEmitter.java:1202)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.storeIdentWithCatchConversion(CodeGenerator.java:3201)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterVarNode(CodeGenerator.java:3161)
>>> at jdk.nashorn.internal.ir.VarNode.accept(VarNode.java:171)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425
>>
>>
>>> https://bugs.openjdk.java.net/browse/JDK-8066225 <https://bugs.openjdk.java.net/browse/JDK-8066225> (and the ones above)
>>>
>>>
>>> jjs> try { false.constructor = 0 } catch(e) { e.printStackTrace() }
>>> java.lang.invoke.WrongMethodTypeException: Parameter counts differ: (Object)Object vs. (Object,int)Object
>>> at jdk.internal.dynalink.support.TypeConverterFactory.asType(TypeConverterFactory.java:236)
>>> at jdk.internal.dynalink.support.LinkerServicesImpl.asType(LinkerServicesImpl.java:126)
>>> at jdk.internal.dynalink.linker.LinkerServices$Implementation.asTypeLosslessReturn(LinkerServices.java:197)
>>> at jdk.internal.dynalink.support.LinkerServicesImpl.asTypeLosslessReturn(LinkerServicesImpl.java:131)
>>> at jdk.internal.dynalink.linker.GuardedInvocation.asTypeSafeReturn(GuardedInvocation.java:340)
>>> at jdk.nashorn.internal.runtime.linker.Bootstrap.asTypeSafeReturn(Bootstrap.java:429)
>>> at jdk.nashorn.internal.runtime.linker.NashornPrimitiveLinker.getGuardedInvocation(NashornPrimitiveLinker.java:70)
>>> at jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
>>> at jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
>>> at jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:149)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066226 <https://bugs.openjdk.java.net/browse/JDK-8066226>
>>
>>>
>>> jjs> function f() { var x; (x -= x = 0); } f()
>>> Exception in thread "main" java.lang.AssertionError: Attempted load of uninitialized slot 1 (as type int)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:993)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:955)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:937)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadIdent(CodeGenerator.java:318)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$400(CodeGenerator.java:183)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$1.enterIdentNode(CodeGenerator.java:725)
>>> at jdk.nashorn.internal.ir.IdentNode.accept(IdentNode.java:138)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadExpression(CodeGenerator.java:722)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:590)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066227 <https://bugs.openjdk.java.net/browse/JDK-8066227>
>>>
>>> jjs> (function x(x){})
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.codegen.AssignSymbols.enterFunctionBody(AssignSymbols.java:494)
>>> at jdk.nashorn.internal.codegen.AssignSymbols.enterBlock(AssignSymbols.java:453)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:177)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59)
>>> at jdk.nashorn.internal.ir.BinaryNode.accept(BinaryNode.java:347)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066228 <https://bugs.openjdk.java.net/browse/JDK-8066228>
>>>
>>> jjs> function f() { x; throw null; (function (){ var x; }); } f()
>>> Exception in thread "main" java.lang.AssertionError: Couldn't find scope depth for symbol x in [object] function {U%}f()
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadFastScopeProto(CodeGenerator.java:516)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$100(CodeGenerator.java:183)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$LoadFastScopeVar.getProto(CodeGenerator.java:483)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$LoadScopeVar.loadStack(CodeGenerator.java:456)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4392)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadIdent(CodeGenerator.java:331)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$400(CodeGenerator.java:183)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$1.enterIdentNode(CodeGenerator.java:725)
>>> at jdk.nashorn.internal.ir.IdentNode.accept(IdentNode.java:138)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066229 <https://bugs.openjdk.java.net/browse/JDK-8066229>
>>
>>>
>>> jjs> function f() { void null + 0; } f()
>>> Exception in thread "main" java.lang.AssertionError: object<type=Undefined>
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$14.loadStack(CodeGenerator.java:3575)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4392)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadADD(CodeGenerator.java:3582)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$1.enterADD(CodeGenerator.java:872)
>>> …
>>
>>>
>>>
>>> jjs> function f() { var x; x += void x; } f()
>>> Exception in thread "main" java.lang.AssertionError: object<type=Undefined>
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment$1.loadStack(CodeGenerator.java:3700)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment.evaluate(CodeGenerator.java:3706)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$Store.store(CodeGenerator.java:4286)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadASSIGN_ADD(CodeGenerator.java:3735)
>>> …
>>>
>>
>>>
>>> jjs> function f(){ var a = true + x, x; } f()
>>> Exception in thread "main" java.lang.AssertionError: object<type=Undefined>
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$14.loadStack(CodeGenerator.java:3575)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4392)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadADD(CodeGenerator.java:3582)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$1.enterADD(CodeGenerator.java:872)
>>> …
>>> https://bugs.openjdk.java.net/browse/JDK-8066230 <https://bugs.openjdk.java.net/browse/JDK-8066230> (for the 3 above)
>>
>>>
>>> jjs> function f(){ try { Object; } catch(x if x >>>=0) { throw x2; } finally { } } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:563)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981)
>>> at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> ...
>>>
>>>
>>> jjs> function f(){ try { return; } catch(x) { return x ^= 0; } finally { throw 0; } } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:555)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981)
>>> at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> ...
>>>
>>>
>>> jjs> function f(){ try { return; } catch(x) { return x ^= Object; } finally { throw Object; } } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:558)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981)
>>> at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> ...
>>>
>>>
>>> jjs> function f() { try { undefined } catch(x1) { try { undefined } catch(x2) { x1 = 0; } } } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:558)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.leaveBlock(CodeGenerator.java:1126)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:3088)
>>> at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066231 <https://bugs.openjdk.java.net/browse/JDK-8066231> (the 4 above)
>>
>>>
>>> jjs> function f() { try{ undefined } catch(e if 1) {} } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.codegen.Label$Stack.defineBlockLocalVariable(Label.java:379)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.defineBlockLocalVariable(MethodEmitter.java:1274)
>>> at jdk.nashorn.internal.codegen.CodeGeneratorLexicalContext.assignSlots(CodeGeneratorLexicalContext.java:242)
>>> at jdk.nashorn.internal.codegen.CodeGeneratorLexicalContext.onEnterBlock(CodeGeneratorLexicalContext.java:210)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.initLocals(CodeGenerator.java:1671)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterBlock(CodeGenerator.java:1113)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:3045)
>>> at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066232 <https://bugs.openjdk.java.net/browse/JDK-8066232>
>>
>>
>>>
>>> jjs> function f() { try { undefined } catch(x1 if Object) { } catch(x2) { (function(){x2}) } } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterBlock(CodeGenerator.java:1115)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:3045)
>>> at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterBlockStatement(CodeGenerator.java:1583)
>>> at jdk.nashorn.internal.ir.BlockStatement.accept(BlockStatement.java:86)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066233 <https://bugs.openjdk.java.net/browse/JDK-8066233>
>>>
>>> jjs> function f() { try { undefined } catch(x4) { var x4; } finally { eval() } } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.codegen.CodeGenerator.initLocals(CodeGenerator.java:1716)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterBlock(CodeGenerator.java:1113)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:177)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:384)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:47)
>>> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:59)
>>> at jdk.nashorn.internal.codegen.CompilationPhase.transformFunction(CompilationPhase.java:732)
>>> …
>>
>> https://bugs.openjdk.java.net/browse/JDK-8066234 <https://bugs.openjdk.java.net/browse/JDK-8066234>
>>>
>>>
>>> jjs> Function("L:with(Object in Object)break L;\n{}")()
>>> Exception in thread "main" java.lang.ClassFormatError: Invalid pc in LineNumberTable in class file jdk/nashorn/internal/scripts/Script$Recompilation$6$1$\^function\_
>>> at java.lang.ClassLoader.defineClass1(Native Method)
>>> at java.lang.ClassLoader.defineClass(ClassLoader.java:760)
>>> at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
>>> at jdk.nashorn.internal.runtime.ScriptLoader.installClass(ScriptLoader.java:74)
>>> at jdk.nashorn.internal.runtime.Context$ContextCodeInstaller.install(Context.java:183)
>>> at jdk.nashorn.internal.codegen.CompilationPhase$14.transform(CompilationPhase.java:556)
>>> at jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:728)
>>> at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:620)
>>> at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileTypeSpecialization(RecompilableScriptFunctionData.java:513)
>>> at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.getBest(RecompilableScriptFunctionData.java:730)
>>> ...
>>>
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066235 <https://bugs.openjdk.java.net/browse/JDK-8066235>
>>> jjs> function f() { L: {this = x;break L}} f()
>>> Exception in thread "main" java.lang.VerifyError: StackMapTable error: bad offset
>>> Exception Details:
>>> Location:
>>> jdk/nashorn/internal/scripts/Script$Recompilation$4$1$\^shell\_.f(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; @0: aload_0
>>> Reason:
>>> Invalid stackmap specification.
>>> Current Frame:
>>> bci: @21
>>> flags: { }
>>> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
>>> stack: { }
>>> Bytecode:
>>> 0x0000000: 2ab6 0014 4d2b 2cba 0020 0000 1222 b800
>>> 0x0000010: 2857 a700 03
>>> Stackmap Table:
>>> append_frame(@21,Object[#48])
>>>
>>>
>>> jjs> function f(){ L:with(this--)break L; } f()
>>> Exception in thread "main" java.lang.VerifyError: StackMapTable error: bad offset
>>> Exception Details:
>>> Location:
>>> jdk/nashorn/internal/scripts/Script$Recompilation$4$\^shell\_.f(Ljava/lang/Object;)Ljava/lang/Object; @0: aload_0
>>> Reason:
>>> Invalid stackmap specification.
>>> Current Frame:
>>> bci: @13
>>> flags: { }
>>> locals: { 'java/lang/Object' }
>>> stack: { }
>>> Bytecode:
>>> 0x0000000: 2a01 1210 b800 16b8 001c a700 03
>>> Stackmap Table:
>>> same_frame(@13)
>>>
>>>
>>> jjs> function f(){ L:with(Object in Object) break L; } f()
>>> Exception in thread "main" java.lang.VerifyError: StackMapTable error: bad offset
>>> Exception Details:
>>> Location:
>>> jdk/nashorn/internal/scripts/Script$Recompilation$4$\^shell\_.f(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object; @0: aload_0
>>> Reason:
>>> Invalid stackmap specification.
>>> Current Frame:
>>> bci: @42
>>> flags: { }
>>> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
>>> stack: { }
>>> Bytecode:
>>> 0x0000000: 2ab6 0014 4d2c 2cba 0020 0000 2cba 0020
>>> 0x0000010: 0000 b800 26b8 002c b800 304d 2cb6 0035
>>> 0x0000020: 4da7 0009 2cb6 0035 4dbf
>>> Exception Handler Table:
>>> bci [28, 36] => handler: 36
>>> Stackmap Table:
>>> full_frame(@36,{Object[#16],Object[#61],Object[#50]},{Object[#63]})
>>> same_frame(@42)
>>>
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066236 <https://bugs.openjdk.java.net/browse/JDK-8066236> (all 4 above)
>>
>>> ----
>>>
>>> Note: Only reproducible with jdk9-dev-nashorn.
>>>
>>>
>>> jjs> try { function f() { eval("get, a") } f() } catch (e) { e.printStackTrace() }
>>> jdk.nashorn.internal.runtime.ParserException: <shell>#1:21<eval>:1:3 Expected ident but found ,
>>> get, a
>>> ^
>>> at jdk.nashorn.internal.parser.AbstractParser.error(AbstractParser.java:292)
>>> at jdk.nashorn.internal.parser.AbstractParser.error(AbstractParser.java:277)
>>> at jdk.nashorn.internal.parser.AbstractParser.expectDontAdvance(AbstractParser.java:348)
>>> at jdk.nashorn.internal.parser.AbstractParser.expect(AbstractParser.java:335)
>>> at jdk.nashorn.internal.parser.AbstractParser.getIdentifierName(AbstractParser.java:486)
>>> at jdk.nashorn.internal.parser.Parser.propertyName(Parser.java:2228)
>>> at jdk.nashorn.internal.parser.Parser.propertyGetterFunction(Parser.java:2294)
>>> at jdk.nashorn.internal.parser.Parser.statement(Parser.java:966)
>>> at jdk.nashorn.internal.parser.Parser.sourceElements(Parser.java:787)
>>> at jdk.nashorn.internal.parser.Parser.program(Parser.java:712)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066237 <https://bugs.openjdk.java.net/browse/JDK-8066237>
>>
>>>
>>> jjs> function f(){ L: ({ set prop(){0 = null} }); }
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.parser.ParserContext.pop(ParserContext.java:91)
>>> at jdk.nashorn.internal.parser.Parser.functionExpression(Parser.java:2677)
>>> at jdk.nashorn.internal.parser.Parser.statement(Parser.java:887)
>>> at jdk.nashorn.internal.parser.Parser.sourceElements(Parser.java:787)
>>> at jdk.nashorn.internal.parser.Parser.program(Parser.java:712)
>>> at jdk.nashorn.internal.parser.Parser.parse(Parser.java:281)
>>> at jdk.nashorn.internal.parser.Parser.parse(Parser.java:247)
>>> at jdk.nashorn.internal.runtime.Context.compile(Context.java:1207)
>>> at jdk.nashorn.internal.runtime.Context.eval(Context.java:671)
>>> at jdk.nashorn.internal.runtime.Context.eval(Context.java:641)
>>> …
>>
>>>
>>>
>>> jjs> function f() { do ; while({ get x()1-- }); }
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.parser.ParserContext.pop(ParserContext.java:91)
>>> at jdk.nashorn.internal.parser.Parser.functionExpression(Parser.java:2677)
>>> at jdk.nashorn.internal.parser.Parser.statement(Parser.java:887)
>>> at jdk.nashorn.internal.parser.Parser.sourceElements(Parser.java:787)
>>> at jdk.nashorn.internal.parser.Parser.program(Parser.java:712)
>>> at jdk.nashorn.internal.parser.Parser.parse(Parser.java:281)
>>> at jdk.nashorn.internal.parser.Parser.parse(Parser.java:247)
>>> at jdk.nashorn.internal.runtime.Context.compile(Context.java:1207)
>>> at jdk.nashorn.internal.runtime.Context.eval(Context.java:671)
>>> at jdk.nashorn.internal.runtime.Context.eval(Context.java:641)
>>> …
>>>
>> https://bugs.openjdk.java.net/browse/JDK-8066238 <https://bugs.openjdk.java.net/browse/JDK-8066238> (for both above)
>>
>>>
>>> jjs> function f() { (x+=void x); } f()
>>> Exception in thread "main" java.lang.AssertionError: object<type=Undefined>
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.<init>(CodeGenerator.java:627)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.maybeNew(CodeGenerator.java:650)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$TypeBounds.notNarrowerThan(CodeGenerator.java:635)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadBinaryOperands(CodeGenerator.java:575)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.access$6800(CodeGenerator.java:183)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment$1.loadStack(CodeGenerator.java:3700)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$BinaryOptimisticSelfAssignment.evaluate(CodeGenerator.java:3706)
>>> at jdk.nashorn.internal.codegen.CodeGenerator$Store.store(CodeGenerator.java:4286)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.loadASSIGN_ADD(CodeGenerator.java:3735)
>>> …
>>>
>> Folding this into https://bugs.openjdk.java.net/browse/JDK-8066230 <https://bugs.openjdk.java.net/browse/JDK-8066230>
>>
>>
>>>
>>> jjs> function f() { try { Object } catch(x) { (x=y); return; } finally { throw Object; } } f()
>>> Exception in thread "main" java.lang.AssertionError
>>> at jdk.nashorn.internal.ir.Symbol.getSlot(Symbol.java:558)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.load(MethodEmitter.java:953)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2519)
>>> at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492)
>>> at jdk.nashorn.internal.codegen.CodeGenerator.enterThrowNode(CodeGenerator.java:2981)
>>> at jdk.nashorn.internal.ir.ThrowNode.accept(ThrowNode.java:80)
>>> at jdk.nashorn.internal.ir.Node.accept(Node.java:265)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
>>> at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
>>> at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
>>> ...
>>>
>>
>> Folding this into https://bugs.openjdk.java.net/browse/JDK-8066231 <https://bugs.openjdk.java.net/browse/JDK-8066231>
More information about the nashorn-dev
mailing list