JDK-8066229 : Fuzzing bug: Can't find scope depth
  • Type: Sub-task
  • Component: core-libs
  • Sub-Component: jdk.nashorn
  • Affected Version: 8u60
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2014-12-01
  • Updated: 2016-05-26
  • Resolved: 2016-05-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b120Fixed
Related Reports
Cloners :  
JDK-8066230 - Fuzzing bug: Undefined object type assertion when computing TypeBounds
Cloners :  
JDK-8066228 - Fuzzing bug: AssertionError when entering function body
Description
jjs> function f() { x; throw null; (function (){ var x; }); } f()
Exception in thread "main" java.lang.AssertionError: Couldn't find scope depth for symbol x in [object] function {U%}f()
   at jdk.nashorn.internal.codegen.CodeGenerator.loadFastScopeProto(CodeGenerator.java:516)
   at jdk.nashorn.internal.codegen.CodeGenerator.access$100(CodeGenerator.java:183)
   at jdk.nashorn.internal.codegen.CodeGenerator$LoadFastScopeVar.getProto(CodeGenerator.java:483)
   at jdk.nashorn.internal.codegen.CodeGenerator$LoadScopeVar.loadStack(CodeGenerator.java:456)
   at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4407)
   at jdk.nashorn.internal.codegen.CodeGenerator$OptimisticOperation.emit(CodeGenerator.java:4392)
   at jdk.nashorn.internal.codegen.CodeGenerator.loadIdent(CodeGenerator.java:331)
   at jdk.nashorn.internal.codegen.CodeGenerator.access$400(CodeGenerator.java:183)
   at jdk.nashorn.internal.codegen.CodeGenerator$1.enterIdentNode(CodeGenerator.java:725)
   at jdk.nashorn.internal.ir.IdentNode.accept(IdentNode.java:138)
   ...
Comments
This was fixed by JDK-8134490. I'll add the code as a test case.
18-05-2016
Can't reproduce on JDK9-dev anymore. Error is now, as expected: jjs> function f() { x; throw null; (function (){ var x; }); } f() <shell>:1 ReferenceError: "x" is not defined
18-05-2016
Confirmed for the current 9-dev, for both with and without optimistic types. $ jjs jjs> function f() { x; throw null; (function (){ var x; }); } f() java.lang.ClassCastException: Cannot cast jdk.nashorn.internal.runtime.Undefined to jdk.nashorn.internal.runtime.ScriptFunction
28-08-2015
I'm getting a different error in JDK 9 tip: jjs> function f() { x; throw null; (function (){ var x; }); } f() java.lang.ClassCastException: Cannot cast jdk.nashorn.internal.runtime.Undefined to jdk.nashorn.internal.runtime.ScriptFunction java.lang.ClassCastException: Cannot cast jdk.nashorn.internal.runtime.Undefined to jdk.nashorn.internal.runtime.ScriptFunction at java.lang.invoke.MethodHandleImpl.newClassCastException(MethodHandleImpl.java:361) at java.lang.invoke.MethodHandleImpl.castReference(MethodHandleImpl.java:356) at jdk.nashorn.internal.scripts.Script$Recompilation$1$\^shell\_.:program(<shell>:1) at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:636) at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:228) at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393) at jdk.nashorn.internal.runtime.Context.eval(Context.java:712) at jdk.nashorn.internal.runtime.Context.eval(Context.java:642) at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:442) at jdk.nashorn.tools.Shell.run(Shell.java:161) at jdk.nashorn.tools.Shell.main(Shell.java:136) at jdk.nashorn.tools.Shell.main(Shell.java:112)
21-04-2015