Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8042304 Fuzzing jdk9/dev/nashorn
  3. JDK-8047166

Function("do with({}) break ; while(0);")() crashes with AssertionError from CompilationPhase.java:437

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 8u40
    • Component/s: core-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b04
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

         jjs -J-Djava.ext.dirs=$jdk9_dev/nashorn/dist

        jjs> Function("do with({}) break ; while(0);")()

        Exception in thread "main" java.lang.AssertionError: Failed generating bytecode for <function>:2
        at jdk.nashorn.internal.codegen.CompilationPhase$11.transform(CompilationPhase.java:437)
        at jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:674)
        at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:506)
        at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileTypeSpecialization(RecompilableScriptFunctionData.java:420)
        at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.getBest(RecompilableScriptFunctionData.java:560)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.getBestInvoker(ScriptFunctionData.java:229)
        at jdk.nashorn.internal.runtime.ScriptFunction.findCallMethod(ScriptFunction.java:546)
        at jdk.nashorn.internal.runtime.ScriptObject.lookup(ScriptObject.java:1791)
        at jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:100)
        at jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:94)
        at jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
        at jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
        at jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:149)
        at jdk.internal.dynalink.DynamicLinker.relink(DynamicLinker.java:233)
        at jdk.nashorn.internal.scripts.Script$1$\^shell\_.:program(<shell>:1)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:567)
        at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:221)
        at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:374)
        at jdk.nashorn.internal.runtime.Context.eval(Context.java:620)
        at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:448)
        at jdk.nashorn.tools.Shell.run(Shell.java:158)
        at jdk.nashorn.tools.Shell.main(Shell.java:133)
        at jdk.nashorn.tools.Shell.main(Shell.java:112)
        Caused by: java.lang.ArrayIndexOutOfBoundsException: -1
        at jdk.nashorn.internal.codegen.Label$Stack.pop(Label.java:297)
        at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:285)
        at jdk.nashorn.internal.codegen.MethodEmitter.popType(MethodEmitter.java:273)
        at jdk.nashorn.internal.codegen.MethodEmitter.invoke(MethodEmitter.java:1455)
        at jdk.nashorn.internal.codegen.MethodEmitter.invokevirtual(MethodEmitter.java:1492)
        at jdk.nashorn.internal.codegen.CompilerConstants$3.invoke(CompilerConstants.java:447)
        at jdk.nashorn.internal.codegen.MethodEmitter.invoke(MethodEmitter.java:1448)
        at jdk.nashorn.internal.codegen.CodeGenerator.popScopes(CodeGenerator.java:1174)
        at jdk.nashorn.internal.codegen.CodeGenerator.popScopesUntil(CodeGenerator.java:1163)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterBreakNode(CodeGenerator.java:1188)
        at jdk.nashorn.internal.ir.BreakNode.accept(BreakNode.java:55)
        at jdk.nashorn.internal.ir.Node.accept(Node.java:268)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:152)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:386)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterWithNode(CodeGenerator.java:3408)
        at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:68)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.LexicalContextStatement.accept(LexicalContextStatement.java:53)
        at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:34)
        at jdk.nashorn.internal.ir.Node.accept(Node.java:268)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:152)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:386)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterDoWhile(CodeGenerator.java:3343)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterWhileNode(CodeGenerator.java:3258)
        at jdk.nashorn.internal.ir.WhileNode.accept(WhileNode.java:80)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.LexicalContextStatement.accept(LexicalContextStatement.java:53)
        at jdk.nashorn.internal.ir.LoopNode.accept(LoopNode.java:36)
        at jdk.nashorn.internal.ir.Node.accept(Node.java:268)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:152)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:386)
        at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:351)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
        at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
        at jdk.nashorn.internal.codegen.CompilationPhase$11.transform(CompilationPhase.java:424)
        ... 22 more

        When assertions on turned on, I got the following trace:

        jjs -J-Djava.ext.dirs=$jdk9_dev/nashorn/dist -J-esa -J-ea

        jjs> Function("do with({}) break ; while(0);")()

        Exception in thread "main" java.lang.AssertionError: Failed generating bytecode for <function>:2
        at jdk.nashorn.internal.codegen.CompilationPhase$11.transform(CompilationPhase.java:437)
        at jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:674)
        at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:506)
        at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileTypeSpecialization(RecompilableScriptFunctionData.java:420)
        at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.getBest(RecompilableScriptFunctionData.java:560)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.getBestInvoker(ScriptFunctionData.java:229)
        at jdk.nashorn.internal.runtime.ScriptFunction.findCallMethod(ScriptFunction.java:546)
        at jdk.nashorn.internal.runtime.ScriptObject.lookup(ScriptObject.java:1791)
        at jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:100)
        at jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:94)
        at jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
        at jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
        at jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:149)
        at jdk.internal.dynalink.DynamicLinker.relink(DynamicLinker.java:233)
        at jdk.nashorn.internal.scripts.Script$1$\^shell\_.:program(<shell>:1)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:567)
        at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:221)
        at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:374)
        at jdk.nashorn.internal.runtime.Context.eval(Context.java:620)
        at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:448)
        at jdk.nashorn.tools.Shell.run(Shell.java:158)
        at jdk.nashorn.tools.Shell.main(Shell.java:133)
        at jdk.nashorn.tools.Shell.main(Shell.java:112)
        Caused by: java.lang.AssertionError
        at jdk.nashorn.internal.codegen.CodeGenerator.popScopes(CodeGenerator.java:1171)
        at jdk.nashorn.internal.codegen.CodeGenerator.popScopesUntil(CodeGenerator.java:1163)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterBreakNode(CodeGenerator.java:1188)
        at jdk.nashorn.internal.ir.BreakNode.accept(BreakNode.java:55)
        at jdk.nashorn.internal.ir.Node.accept(Node.java:268)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:152)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:386)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterWithNode(CodeGenerator.java:3408)
        at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:68)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.LexicalContextStatement.accept(LexicalContextStatement.java:53)
        at jdk.nashorn.internal.ir.WithNode.accept(WithNode.java:34)
        at jdk.nashorn.internal.ir.Node.accept(Node.java:268)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:152)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:386)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterDoWhile(CodeGenerator.java:3343)
        at jdk.nashorn.internal.codegen.CodeGenerator.enterWhileNode(CodeGenerator.java:3258)
        at jdk.nashorn.internal.ir.WhileNode.accept(WhileNode.java:80)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.LexicalContextStatement.accept(LexicalContextStatement.java:53)
        at jdk.nashorn.internal.ir.LoopNode.accept(LoopNode.java:36)
        at jdk.nashorn.internal.ir.Node.accept(Node.java:268)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:152)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.Block.accept(Block.java:386)
        at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:351)
        at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
        at jdk.nashorn.internal.ir.LexicalContextExpression.accept(LexicalContextExpression.java:46)
        at jdk.nashorn.internal.ir.FunctionNode.accept(FunctionNode.java:52)
        at jdk.nashorn.internal.codegen.CompilationPhase$11.transform(CompilationPhase.java:424)
        ... 22 more

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                attila Attila Szegedi
                Reporter:
                sundar Sundararajan Athijegannathan
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: