Mercurial > jdk8-mips64-public > nashorn / file revision

test/script/basic/NASHORN-760.js@d5a9705a27b1

test/script/basic/NASHORN-760.js

Wed, 03 Jun 2015 18:08:57 +0200

author
hannesw
date
Wed, 03 Jun 2015 18:08:57 +0200
changeset 1396
d5a9705a27b1
parent 962
ac62e33a99b0
child 1205
4112748288bb
permissions
-rw-r--r--

8066237: Fuzzing bug: Parser error on optimistic recompilation
Reviewed-by: lagergren, attila

     1 /*

     2  * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20  * or visit www.oracle.com if you need additional information or have any

    21  * questions.

    22  */

    23 

    24 /**

    25  * NASHORN-111 :  ClassCastException from JSON.stringify

    26  *

    27  * @test

    28  * @run

    29  */

    30 // problem 1

    31 // the conversions in TernaryNode are not necessary, but they should not cause problems. They did

    32 // this was because the result of Global.allocate(Object[])Object which returns a NativeObject.

    33 // was tracked as an object type on our stack. The type system did not recognize this as an array.

    34 // Then the explicit conversions became "convert NativeArray->Object[]" which is a checkccast Object[]

    35 // which naturally failed.

    36 

    37 // I pushed the appropriate arraytype on the stack for Global.allocate.

    38 

    39 // I also removed the conversions in CodeGen, all conversions should be done in Lower, as

    40 // NASHORN-706 states.

    41 

    42 var silent = false;

    43 var stdio = silent ? ['pipe', 'pipe', 'pipe', 'ipc'] : [0, 1, 2, 'ipc'];

    44 

    45 // This made the test pass, but it's still not correct to pick widest types for array

    46 // and primitives. Widest(Object[], int) gave us Object[] which makes no sense. This is used

    47 // by lower to type the conversions, so function b below also failed until I made a change

    48 // ty type widest to actually return the widest common denominator, if both aren't arrays

    49 

    50 function b() {

    51     var silent2 = false;

    52     var stdio2 = silent2 ? [1,2,3] : 17;

    53 }

    54

Mercurial Repository: jdk8-mips64-public/nashorn

mercurial