Fuzzing jdk9/dev/nashorn and nashorn/jdk9/nashorn
A. Sundararajan
sundararajan.athijegannathan at oracle.com
Fri May 2 09:31:24 UTC 2014
Hi,
Sorry for the delay. I've filed an umbrella bug for this:
https://bugs.openjdk.java.net/browse/JDK-8042304
Thanks for reporting these issues!
-Sundar
On Monday 28 April 2014 07:00 PM, André Bargull wrote:
> Hi,
>
> here are the current jsfunfuzz results for jdk9/dev/nashorn at
> 794:e88f1df9b412 and nashorn/jdk9/nashorn at 794:77511a74bb48 using
> JDK 9 b09. Bugs which are only reproducible in one of the two
> repositories are marked as such. Except for the `Function("if(eval('',
> eval('', function() {}))) { }")` test case, all other bugs in
> jdk9/dev/nashorn look familiar, so most likely they were already
> reported some time ago (but I didn't verify it...).
>
> - André
>
> --------------
>
> Oh, first of all you may want to apply this change. ;-)
>
> diff --git a/src/jdk/nashorn/tools/Shell.java
> b/src/jdk/nashorn/tools/Shell.java
> --- a/src/jdk/nashorn/tools/Shell.java
> +++ b/src/jdk/nashorn/tools/Shell.java
> @@ -448,15 +448,15 @@ public class Shell {
> }
>
> if (res != ScriptRuntime.UNDEFINED) {
> err.println(JSType.toString(res));
> }
> }
> } finally {
> if (globalChanged) {
> - Context.setGlobal(global);
> + Context.setGlobal(oldGlobal);
> }
> }
>
> return SUCCESS;
> }
> }
>
> --------------
>
>
> jjs> Function("switch(0) { default: {break;} return }")
> Exception in thread "main" java.lang.VerifyError: Code generation bug
> in "L:1": likely stack misaligned: java.lang.NullPointerException
> <function>
> at
> jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1582)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:324)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$3.enterFunctionNode(CodeGenerator.java:620)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:323)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
> ...
>
>
> jjs> Function("L: { { break L; } return; }")
> Exception in thread "main" java.lang.VerifyError: StackMapTable error:
> bad offset
> Exception Details:
> Location:
> jdk/nashorn/internal/scripts/Script$\^function\_.L:1(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object;
> @0: aload_0
> Reason:
> Invalid stackmap specification.
> Current Frame:
> bci: @12
> flags: { }
> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction',
> 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
> stack: { }
> Bytecode:
> 0000000: 2ab6 0018 4da7 0007 0000 00bf
> Stackmap Table:
> full_frame(@8,{},{Object[#52]})
> append_frame(@12,Object[#20],Object[#54],Object[#56])
>
>
> jjs> Function("L: { while(0)break L; return; }")
> Exception in thread "main" java.lang.VerifyError: StackMapTable error:
> bad offset
> Exception Details:
> Location:
> jdk/nashorn/internal/scripts/Script$\^function\_.L:1(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object;
> @0: aload_0
> Reason:
> Invalid stackmap specification.
> Current Frame:
> bci: @19
> flags: { }
> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction',
> 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
> stack: { }
> Bytecode:
> 0000000: 2ab6 0018 4da7 0006 a700 0b03 9aff fcb2
> 0000010: 002b b0
> Stackmap Table:
> append_frame(@8,Object[#52])
> same_frame(@11)
> same_frame(@19)
>
>
> jjs> Function("L: {while(0)break L; return [](); }")
> Exception in thread "main" java.lang.VerifyError: Code generation bug
> in "L:1": likely stack misaligned:
> java.lang.ArrayIndexOutOfBoundsException: 0 <function>
> at
> jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1582)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:324)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$3.enterFunctionNode(CodeGenerator.java:620)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:323)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("do with({}) break ; while(0);")
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.codegen.CodeGenerator.popScopes(CodeGenerator.java:807)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.popScopesUntil(CodeGenerator.java:799)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterBreakNode(CodeGenerator.java:820)
> at jdk.nashorn.internal.ir.BreakNode.accept(BreakNode.java:63)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:155)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:378)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterWithNode(CodeGenerator.java:2820)
> at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:68)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("while(0)with({}) continue ;")
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.codegen.CodeGenerator.popScopes(CodeGenerator.java:807)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.popScopesUntil(CodeGenerator.java:799)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterContinueNode(CodeGenerator.java:1229)
> at jdk.nashorn.internal.ir.ContinueNode.accept(ContinueNode.java:59)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:155)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:378)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterWithNode(CodeGenerator.java:2820)
> at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:68)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("eval([]);")
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.analyze(LiteralNode.java:659)
> at jdk.nashorn.internal.codegen.Attr.leaveLiteralNode(Attr.java:841)
> at
> jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:872)
> at jdk.nashorn.internal.ir.CallNode.accept(CallNode.java:216)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.CallNode.accept(CallNode.java:40)
> at
> jdk.nashorn.internal.ir.ExpressionStatement.accept(ExpressionStatement.java:67)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:155)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("try{}finally{[]}")
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.analyze(LiteralNode.java:659)
> at jdk.nashorn.internal.codegen.Attr.leaveLiteralNode(Attr.java:841)
> at
> jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:872)
> at
> jdk.nashorn.internal.ir.ExpressionStatement.accept(ExpressionStatement.java:67)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:155)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:378)
> at
> jdk.nashorn.internal.ir.BlockStatement.accept(BlockStatement.java:85)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("try { } catch(x if 1) { try { } catch(x2) { } } ")
> Exception in thread "main" java.lang.AssertionError: stacks [] is not
> equivalent with [boolean] at join point skip_117
> at
> jdk.nashorn.internal.codegen.MethodEmitter.mergeStackTo(MethodEmitter.java:1696)
> at
> jdk.nashorn.internal.codegen.MethodEmitter.label(MethodEmitter.java:1719)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:2718)
> at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:155)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:378)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterBlockStatement(CodeGenerator.java:1257)
> at
> jdk.nashorn.internal.ir.BlockStatement.accept(BlockStatement.java:84)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("try { } catch(x if 1) { try { return; } catch(x2) { {
> } } } ")
> Exception in thread "main" java.lang.AssertionError: Only return value
> on stack allowed at return point - depth=2 stack = [boolean,
> object<type=Undefined>]
> at
> jdk.nashorn.internal.codegen.MethodEmitter._return(MethodEmitter.java:1429)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterReturnNode(CodeGenerator.java:2009)
> at jdk.nashorn.internal.ir.ReturnNode.accept(ReturnNode.java:91)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:155)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:378)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterTryNode(CodeGenerator.java:2632)
> at jdk.nashorn.internal.ir.TryNode.accept(TryNode.java:110)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:306)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> try{ Function("Error() * (false)[-0]--") } catch(e){
> e.printStackTrace() }
> java.lang.UnsupportedOperationException: getBytecodeStackType
> at
> jdk.nashorn.internal.codegen.types.Type$7.getBytecodeStackType(Type.java:973)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.appendType(CodeGenerator.java:4213)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.getLvarTypesDescriptor(CodeGenerator.java:4199)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.access$4400(CodeGenerator.java:176)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.addUnwarrantedOptimismHandlerLabel(CodeGenerator.java:4127)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4008)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:3952)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$15.storeNonDiscard(CodeGenerator.java:2908)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$Store.store(CodeGenerator.java:3840)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterDECINC(CodeGenerator.java:2925)
> ...
>
>
> jjs> Function("try { var x = 1, x = null; } finally { }")
> Exception in thread "main" java.lang.VerifyError: Stack map does not
> match the one at exception handler 14
> Exception Details:
> Location:
> jdk/nashorn/internal/scripts/Script$\^function\_.L:1(Ljava/lang/Object;)Ljava/lang/Object;
> @14: astore_2
> Reason:
> Type 'java/lang/Integer' (current frame, locals[1]) is not
> assignable to null (stack map, locals[1])
> Current Frame:
> bci: @8
> flags: { }
> locals: { 'java/lang/Object', 'java/lang/Integer', null }
> stack: { 'java/lang/Throwable' }
> Stackmap Frame:
> bci: @14
> flags: { }
> locals: { 'java/lang/Object', null, null }
> stack: { 'java/lang/Throwable' }
> Bytecode:
> 0000000: 014c 014d 04b8 0033 4c01 4ca7 0008 4d2c
> 0000010: 4e2d bfb2 002b b0
> Exception Handler Table:
> bci [4, 14] => handler: 14
> Stackmap Table:
> full_frame(@14,{Object[#61],Null,Null},{Object[#53]})
> same_frame(@19)
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("try { var x = {}, x = []; } catch(x3) { } ")
> Exception in thread "main" java.lang.VerifyError: Stack map does not
> match the one at exception handler 34
> Exception Details:
> Location:
> jdk/nashorn/internal/scripts/Script$\^function\_.L:1(Ljava/lang/Object;)Ljava/lang/Object;
> @34: astore_2
> Reason:
> Type 'jdk/nashorn/internal/scripts/JO4' (current frame, locals[1])
> is not assignable to 'jdk/nashorn/internal/objects/NativeArray' (stack
> map, locals[1])
> Current Frame:
> bci: @22
> flags: { }
> locals: { 'java/lang/Object', 'jdk/nashorn/internal/scripts/JO4',
> null }
> stack: { 'java/lang/Throwable' }
> Stackmap Frame:
> bci: @34
> flags: { }
> locals: { 'java/lang/Object',
> 'jdk/nashorn/internal/objects/NativeArray', null }
> stack: { 'java/lang/Throwable' }
> Bytecode:
> 0000000: 014c 014d bb00 2f59 03b8 001e b700 3259
> 0000010: b800 37b6 003d 4c04 b800 41b8 0045 4ca7
> 0000020: 0013 4d2c 59c1 0049 9900 09c0 0049 b400
> 0000030: 4d4e b200 2bb0
> Exception Handler Table:
> bci [4, 34] => handler: 34
> Stackmap Table:
> full_frame(@34,{Object[#84],Object[#86],Null},{Object[#71]})
> full_frame(@49,{Object[#84],Object[#86],Object[#71]},{Object[#84]})
> same_frame(@50)
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("[delete this]")
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.presetObjectArray(LiteralNode.java:737)
> at
> jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.getPresets(LiteralNode.java:843)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadArray(CodeGenerator.java:1664)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadLiteral(CodeGenerator.java:1847)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterLiteralNode(CodeGenerator.java:1897)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.access$900(CodeGenerator.java:176)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$3.enterLiteralNode(CodeGenerator.java:637)
> at
> jdk.nashorn.internal.ir.LiteralNode$ArrayLiteralNode.accept(LiteralNode.java:869)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:570)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:549)
> ...
>
>
> [jdk9/dev/nashorn]
> jjs> try { Function("if(eval('', eval('', function() {}))) { }") }
> catch (e) { e.printStackTrace() }
> java.lang.ArrayIndexOutOfBoundsException: -2
> at
> jdk.nashorn.internal.codegen.CodeGeneratorLexicalContext.nextFreeSlot(CodeGeneratorLexicalContext.java:195)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.initLocals(CodeGenerator.java:958)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterBlock(CodeGenerator.java:568)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:142)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:361)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:1154)
> at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:76)
> at jdk.nashorn.internal.ir.Node.accept(Node.java:291)
> at jdk.nashorn.internal.ir.Block.accept(Block.java:143)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> try { Function("if(eval('', eval('', function() {}))) { }")() }
> catch (e) { e.printStackTrace() }
> java.lang.AssertionError
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4012)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:3952)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:3940)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$4.evalCall(CodeGenerator.java:976)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$4.enterIdentNode(CodeGenerator.java:993)
> at jdk.nashorn.internal.ir.IdentNode.accept(IdentNode.java:111)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.enterCallNode(CodeGenerator.java:879)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.access$800(CodeGenerator.java:176)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$3.enterCallNode(CodeGenerator.java:632)
> at jdk.nashorn.internal.ir.CallNode.accept(CallNode.java:210)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("eval(\"[,,];\", [11,12,13,14].some)")()
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4012)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:3952)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$3.enterAccessNode(CodeGenerator.java:592)
> at jdk.nashorn.internal.ir.AccessNode.accept(AccessNode.java:64)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:570)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:549)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:505)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadArgs(CodeGenerator.java:852)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadArgs(CodeGenerator.java:831)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadArgs(CodeGenerator.java:827)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("eval(\"1.2e3\", ({})[ /x/ ])")()
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4012)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:3952)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$3.enterIndexNode(CodeGenerator.java:611)
> at jdk.nashorn.internal.ir.IndexNode.accept(IndexNode.java:59)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:570)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:549)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:505)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadArgs(CodeGenerator.java:852)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadArgs(CodeGenerator.java:831)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadArgs(CodeGenerator.java:827)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("eval(\"x4\", x3);")()
> <function>:2 ReferenceError: "x3" is not defined
> jjs> x3={}; x4={}
> [object Object]
> jjs> Function("eval(\"x4\", x3);")()
> Exception in thread "main" java.lang.AssertionError
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4012)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:3948)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:3944)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.loadIdent(CodeGenerator.java:328)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.access$500(CodeGenerator.java:176)
> at
> jdk.nashorn.internal.codegen.CodeGenerator$3.enterIdentNode(CodeGenerator.java:573)
> at jdk.nashorn.internal.ir.IdentNode.accept(IdentNode.java:111)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:570)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:549)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.load(CodeGenerator.java:505)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("with({5.0000000000000000000000: String()}){(false); }")()
> Exception in thread "main" java.lang.VerifyError: Code generation bug
> in "L:1": likely stack misaligned: java.lang.AssertionError: int is
> not a script object <function>
> at
> jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1582)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:324)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
> at
> jdk.nashorn.internal.codegen.CompilationPhase$9.transform(CompilationPhase.java:330)
> at
> jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:436)
> at
> jdk.nashorn.internal.codegen.Compiler.compileInternal(Compiler.java:278)
> at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:257)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileRestOfMethod(RecompilableScriptFunctionData.java:440)
> at
> jdk.nashorn.internal.runtime.CompiledFunction$OptimismInfo.compileRestOfMethod(CompiledFunction.java:661)
> at
> jdk.nashorn.internal.runtime.CompiledFunction.handleRewriteException(CompiledFunction.java:615)
> at
> jdk.nashorn.internal.runtime.CompiledFunction.handleRewriteException(CompiledFunction.java:564)
> at jdk.nashorn.internal.scripts.Script$\^shell\_.:program(<shell>:1)
> at
> jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:555)
> at
> jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:221)
> at
> jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:376)
> at jdk.nashorn.internal.runtime.Context.eval(Context.java:516)
> at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:441)
> at jdk.nashorn.tools.Shell.run(Shell.java:157)
> at jdk.nashorn.tools.Shell.main(Shell.java:132)
> at jdk.nashorn.tools.Shell.main(Shell.java:111)
> Caused by: java.lang.AssertionError: int is not a script object
> at
> jdk.nashorn.internal.codegen.CodeGenerator.generateContinuationHandler(CodeGenerator.java:4587)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1563)
> ... 21 more
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("try { var x = undefined, x = 5.0000000000000000000000;
> } catch(x) { x = undefined; } ")()
> Exception in thread "main" java.lang.VerifyError: Stack map does not
> match the one at exception handler 27
> Exception Details:
> Location:
> jdk/nashorn/internal/scripts/Script$Recompilation$1$\^function\_.L:1(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;)Ljava/lang/Object;
> @27: astore
> Reason:
> Type 'java/lang/Object' (current frame, locals[3]) is not
> assignable to 'java/lang/Double' (stack map, locals[3])
> Current Frame:
> bci: @16
> flags: { }
> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction',
> 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject',
> 'java/lang/Object', null }
> stack: { 'java/lang/Throwable' }
> Stackmap Frame:
> bci: @27
> flags: { }
> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction',
> 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject',
> 'java/lang/Double', null }
> stack: { 'java/lang/Throwable' }
> Bytecode:
> 0000000: 2ab6 0018 4d01 4e01 3a04 2cba 0024 0000
> 0000010: 4e14 0025 b800 2c4e a700 1e3a 0419 0459
> 0000020: c100 3099 0009 c000 30b4 0034 3a05 2cba
> 0000030: 0024 0000 3a05 b200 3db0
> Exception Handler Table:
> bci [10, 27] => handler: 27
> Stackmap Table:
> full_frame(@27,{Object[#20],Object[#68],Object[#70],Object[#40],Null},{Object[#46]})
>
> full_frame(@44,{Object[#20],Object[#68],Object[#70],Object[#40],Object[#46]},{Object[#68]})
>
> same_frame(@54)
>
>
> [nashorn/jdk9/nashorn]
> jjs> try { Function("(function (x){ x %= this}(false))")() } catch(e)
> { e.printStackTrace() }
> java.lang.invoke.WrongMethodTypeException: cannot convert
> MethodHandle(Object,double)Object to (Object,boolean)Object
> at
> java.lang.invoke.MethodHandle.asTypeUncached(MethodHandle.java:776)
> at java.lang.invoke.MethodHandle.asType(MethodHandle.java:770)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.addCode(RecompilableScriptFunctionData.java:601)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.getBest(RecompilableScriptFunctionData.java:610)
> at
> jdk.nashorn.internal.runtime.ScriptFunctionData.getBestInvoker(ScriptFunctionData.java:223)
> at
> jdk.nashorn.internal.runtime.ScriptFunction.findCallMethod(ScriptFunction.java:545)
> at
> jdk.nashorn.internal.runtime.ScriptObject.lookup(ScriptObject.java:1767)
> at
> jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:100)
> at
> jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:94)
> at
> jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> try { Function("eval.apply.apply(function(){ eval('') })")() }
> catch (e) { e.printStackTrace() }
> java.lang.IndexOutOfBoundsException: start=4 end=3
> at
> java.lang.invoke.MethodType.newIndexOutOfBoundsException(MethodType.java:189)
> at
> java.lang.invoke.MethodType.dropParameterTypes(MethodType.java:482)
> at jdk.internal.dynalink.support.Guards.getTestType(Guards.java:247)
> at jdk.internal.dynalink.support.Guards.asType(Guards.java:243)
> at
> jdk.internal.dynalink.linker.GuardedInvocation.asTypeSafeReturn(GuardedInvocation.java:342)
> at
> jdk.nashorn.internal.runtime.linker.Bootstrap.asTypeSafeReturn(Bootstrap.java:394)
> at
> jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:94)
> at
> jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
> at
> jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
> at
> jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:149)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> try{ Function("(false % !this) && 0")() } catch (e) {
> e.printStackTrace() }
> java.lang.ArithmeticException: / by zero
> at jdk.nashorn.internal.scripts.Script$\^function\_.L:1(<function>:2)
> at jdk.nashorn.internal.scripts.Script$\^shell\_.:program(<shell>:1)
> at
> jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:555)
> at
> jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:221)
> at
> jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:376)
> at jdk.nashorn.internal.runtime.Context.eval(Context.java:516)
> at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:441)
> at jdk.nashorn.tools.Shell.run(Shell.java:157)
> at jdk.nashorn.tools.Shell.main(Shell.java:132)
> at jdk.nashorn.tools.Shell.main(Shell.java:111)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("with({8: 'fafafa'.replace()}){ }")()
> Exception in thread "main" java.lang.VerifyError: Code generation bug
> in "L:1": likely stack misaligned: java.lang.AssertionError: int is
> not a script object <function>
> at
> jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1582)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:324)
> at
> jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
> at
> jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
> at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
> at
> jdk.nashorn.internal.codegen.CompilationPhase$9.transform(CompilationPhase.java:330)
> at
> jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:436)
> at
> jdk.nashorn.internal.codegen.Compiler.compileInternal(Compiler.java:278)
> at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:257)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileRestOfMethod(RecompilableScriptFunctionData.java:440)
> ...
> Caused by: java.lang.AssertionError: int is not a script object
> at
> jdk.nashorn.internal.codegen.CodeGenerator.generateContinuationHandler(CodeGenerator.java:4587)
> at
> jdk.nashorn.internal.codegen.CodeGenerator.leaveFunctionNode(CodeGenerator.java:1563)
> ... 21 more
>
>
> [nashorn/jdk9/nashorn]
> jjs> try { Function("new eval(function(){})") } catch (e) {
> e.printStackTrace() }
> jdk.nashorn.internal.lookup.MethodHandleFactory$LookupException:
> java.lang.NoSuchMethodException: no such method:
> jdk.nashorn.internal.scripts.Script$\^function\_.L:1$L:2-1(Object)Object/invokeStatic
> at
> jdk.nashorn.internal.lookup.MethodHandleFactory$StandardMethodHandleFunctionality.findStatic(MethodHandleFactory.java:497)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.lookupCodeMethod(RecompilableScriptFunctionData.java:534)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.lookupWithExplicitType(RecompilableScriptFunctionData.java:530)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.lookup(RecompilableScriptFunctionData.java:526)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.addCode(RecompilableScriptFunctionData.java:558)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.initializeCode(RecompilableScriptFunctionData.java:548)
> at
> jdk.nashorn.internal.codegen.CompileUnit$FunctionInitializer.initializeCode(CompileUnit.java:60)
> at
> jdk.nashorn.internal.codegen.CompileUnit.initializeFunctionsCode(CompileUnit.java:130)
> at jdk.nashorn.internal.codegen.Compiler.install(Compiler.java:394)
> at jdk.nashorn.internal.runtime.Context.compile(Context.java:970)
> ...
> Caused by: java.lang.NoSuchMethodException: no such method:
> jdk.nashorn.internal.scripts.Script$\^function\_.L:1$L:2-1(Object)Object/invokeStatic
> at
> java.lang.invoke.MemberName.makeAccessException(MemberName.java:876)
> at
> java.lang.invoke.MemberName$Factory.resolveOrFail(MemberName.java:993)
> at
> java.lang.invoke.MethodHandles$Lookup.resolveOrFail(MethodHandles.java:1377)
> at
> java.lang.invoke.MethodHandles$Lookup.findStatic(MethodHandles.java:774)
> at
> jdk.nashorn.internal.lookup.MethodHandleFactory$StandardMethodHandleFunctionality.findStatic(MethodHandleFactory.java:494)
> ... 21 more
> Caused by: java.lang.NoSuchMethodError:
> jdk.nashorn.internal.scripts.Script$\^function\_.L:1$L:2-1(Ljava/lang/Object;)Ljava/lang/Object;
> at java.lang.invoke.MethodHandleNatives.resolve(Native Method)
> at java.lang.invoke.MemberName$Factory.resolve(MemberName.java:965)
> at
> java.lang.invoke.MemberName$Factory.resolveOrFail(MemberName.java:990)
> ... 24 more
>
>
> [nashorn/jdk9/nashorn]
> jjs> try{ Function("(function (x) '' )(true)")() }catch(e){
> e.printStackTrace() }
> jdk.nashorn.internal.runtime.ParserException: <function>:2:15 Missing
> close quote
> (function (x) '' )(true)
> ^
> at jdk.nashorn.internal.parser.Lexer.error(Lexer.java:1697)
> at jdk.nashorn.internal.parser.Lexer.scanString(Lexer.java:995)
> at jdk.nashorn.internal.parser.Lexer.lexify(Lexer.java:1606)
> at
> jdk.nashorn.internal.parser.AbstractParser.getToken(AbstractParser.java:132)
> at
> jdk.nashorn.internal.parser.AbstractParser.nextToken(AbstractParser.java:211)
> at
> jdk.nashorn.internal.parser.AbstractParser.nextOrEOL(AbstractParser.java:170)
> at
> jdk.nashorn.internal.parser.AbstractParser.next(AbstractParser.java:157)
> at jdk.nashorn.internal.parser.Parser.parse(Parser.java:281)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.reparse(RecompilableScriptFunctionData.java:349)
> at
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compile(RecompilableScriptFunctionData.java:456)
> ...
>
>
> [nashorn/jdk9/nashorn]
> jjs> Function("Function.prototype.apply.apply([11,12,13,14].sort)")()
> <function>:2 TypeError: [Ljava.lang.Object;@96532d6 is not an Object
>
> => Error message contains internal type descriptor?
>
More information about the nashorn-dev
mailing list