Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ufuzz failure #4466

Closed
alexlamsl opened this issue Dec 27, 2020 · 20 comments · Fixed by #4467
Closed

ufuzz failure #4466

alexlamsl opened this issue Dec 27, 2020 · 20 comments · Fixed by #4467

Comments

@alexlamsl
Copy link
Collaborator

// original code
//

var _calls_ = 10, a = 100, b = 10, c = 0;



L13599: {


c = c + 1;
if (((--b) + (typeof f1 == "function" && --_calls_ >= 0 && f1((-1), "undefined"))))var a;
if (((--b) + (({
'': (a++ + (typeof a == "function" && --_calls_ >= 0 && a(-0, "undefined"))),
in: ([(+function (){




{var expr6 = (typeof f0 == "function" && --_calls_ >= 0 && f0()); L13600:  for (const key6 in expr6) {c = 1 + c; var a_2 = expr6[key6]; { return (c = 1 + c, (a_2 && (a_2.null=(((({})*this)===(23..toString()*"bar"))==((([,0].length === 2)|([,0].length === 2))<<((-2)*(-4)))))))}}}
{var brake8 = 5; L13601: do {(c = 1 + c, ((a=(("function" + (-5))/("number">>"number")))<((0>>([,0].length === 2))/(delete (Infinity)))));} while ((a++ + ((typeof a_2 != "string"))) && --brake8 > 0);}
{var brake10 = 5; while ((({
"-2": (c = 1 + c, (c = c + 1, ((1||(-3))>>(1*(-5))))),
a,
1.5: (c = 1 + c, ((([]^3)&&(true>>25. )) - (a=((-0<=3)^("function"!=[]))))),
})) && --brake10 > 0)try {(c = 1 + c, ((((-4)==23..toString())&(25. %(-4)))&(("number" + (-2))===(a && (a.Infinity=("object"&true)))))); } finally { 


; }}
;

}()), (({ '': a } = ((c = c + 1) + (a)) || {}))]),
a,
a: (NaN in ({
length: ((--b) + ((((22*(-2)) - (5<<([,0].length === 2)))<((a^=(-0<null))==("c"||""))))),
})),
}).NaN)))L13602: for (var brake14 = 5; ( (((--b) + (({
0: ((c = c + 1) + (typeof f1 == "function" && --_calls_ >= 0 && f1((a++ + ( ((a++ + (1 === 1 ? a : b)) || a || 3).toString() )), (a && a.foo)))),
a: ((c = c + 1) + ((typeof a == "unknown"))),
...(({
3: (a++ + ((typeof ((--b) + ((c = 1 + c, (((0x26.toString()&&"foo") - (3<<false))<((undefined + this)<((-4)%25. )))) ? (c = 1 + c, (((23..toString()=="object") - (undefined^true))&&(([,0][1]!=2)>>>([,0][1]&&({}))))) : (c = 1 + c, ((("c",0x26.toString()) + ("a"> /[a2][^e]+$/ ))>((2/[,0][1])&(24 .toString()===false))))))))),
"-2": (a++ + (({
undefined: (c = 1 + c, ((([,0][1]^false)<<(Infinity!="function")) + ((a=(3&(-4)))^(([,0].length === 2)!=23..toString())))),
"	": (c = 1 + c, (((5||([,0].length === 2))&("foo"|"number")),(("c"||(-2))<=(4^22)))),
[(c = 1 + c, ((([] + "foo")===(3<<undefined))==((true>="c") + (23..toString()===(-2)))))]: (c = 1 + c, (((([,0].length === 2),false)^(c = c + 1, 3))!=(("" - 1)^("object"<"undefined")))),
in: (c = 1 + c, ((("bar" - (-3)) - (([,0].length === 2)<0))<=(~((1%"c"))))),
Infinity: (c = 1 + c, (((4,(-1))>(NaN||"bar"))^((4>=2)/(5>>>"undefined")))),
})[(a)])),
})[((--b) + (new function Infinity_1(Math, async, a_2){




if ((c = 1 + c, ((([,0][1],([,0].length === 2))!=([]===(-5)))%(("c"^-0)&&(({})^1)))))(c = 1 + c, (((5/"c")%("b"<<"b"))&(c = c + 1, (Math && (Math.NaN=([]^"undefined"))))));
;

}()))]),
"	": ((--b) + ((typeof parseInt === "function"))),
})[((c = c + 1) + ([((a++ + ((((3&5) + ("bar" + "b"))>=((Infinity==="undefined") + ([]*"b")))))), (b/* ignore */--)]))])) || 2).toString()[(0 === 1 ? a : b)] ) && brake14 > 0; --brake14){


if (( /[abc4]/g.exec((((c = c + 1) + ((typeof b === "undefined"))) || b || 5).toString()) ))continue L13602; else break L13602;
} else try {try {{var expr24 = ((--b) + ("number"));  for (var key24 in expr24) {c = 1 + c; var c_1 = expr24[key24]; {var expr25 = ((c = c + 1) + (--/* ignore */b));  for (const key25 in expr25) {c = 1 + c; var b = expr25[key25]; c = c + 1;}}}} } catch (NaN) { 


{var brake27 = 5; L13603: while (((--b) + (+function a(){





}())) && --brake27 > 0)continue L13603;}
try {{var brake30 = 5; while (((c = c + 1) + (NaN && NaN.null)) && --brake30 > 0)if (((c = c + 1) + (a && typeof a.c == "function" && --_calls_ >= 0 && a.c(4)))){var brake32 = 5; L13604: do {(c = 1 + c, (a && (a[((c = c + 1) + ( (([]) || 0).toString()[(--/* ignore */b)] ))]=((( /[a2][^e]+$/ ===1)!=("c"&(-4)))!==((~((-5))),(undefined*null))))));} while ((a++ + ( /[abc4]/.test(((c = 1 + c, (((25. <0x26.toString())<=(c_1 && ({ 0: c_1[(c = 1 + c, (delete ((([,0][1]||"foo")>>(4||"a")))))] } = { 0: ([,0][1]/0) })))<<((23..toString()>=4)^([]>>>true)))) || b || 5).toString()) )) && --brake32 > 0);} else {var expr34 = (({
1.5: (c = 1 + c, ((!((({})<<24 .toString())))<(((-2)&&NaN) + (c_1 && (c_1.b=(23..toString()>>"foo")))))),
...(c = 1 + c, (((c_1 && (c_1.in=((-4)&3)))<<(false|25. ))^((4&[])%(({})=== /[a2][^e]+$/ )))),
c: (c = 1 + c, ((((-5)<<false) + ((-5)==NaN))>>(("function",true),(5|false)))),
})[(c = 1 + c, (((c_1=("b"/5))|(25. &this))!=((0x26.toString()|[,0][1])<=(undefined==(-2)))))]);  for ([ c_1 ] in expr34) {{ throw (c = 1 + c, ((NaN=(([,0][1]!=undefined)==((-3)>(-5))))===((undefined + "")|(null>>"a"))))}}}} } catch (b) { 


if (( (((typeof (c = 1 + c, (a&=((b=((c_1+=("c",false)) - (Infinity!=true)))>>((({})*true)/("undefined" + false))))))) || a || 3).toString() ))c = c + 1; else c = c + 1;
if ((c_1=(a))){var a = function f0(NaN){




;
}
();} else {var brake41 = 5; do {for (var brake42 = 5; (c = 1 + c, (a && (a[(a++ + (2))]=((("">>>3),(0x26.toString()==NaN))^(((-2)||0)<=(25. =="number")))))) && brake42 > 0; --brake42)(c = 1 + c, ((c = c + 1, ("a"&(-5))) + (((-5)%24 .toString())|(Infinity^NaN))));} while (((--b) + (delete ((c_1 && (c_1.a+=(((a && (a[(c = 1 + c, ((c = c + 1, (23..toString()>>(-4)))<=((25. >>>5)^( /[a2][^e]+$/ ===null))))]=("foo"> /[a2][^e]+$/ )))*(void (1)))/((0x26.toString()&"c")*(Infinity>="undefined")))))))) && --brake41 > 0);}
 } finally { 


{var b_1 = function f1(){




(c = 1 + c, (NaN && (NaN[(a++ + (~((((23..toString()&&-0)<<( /[a2][^e]+$/  + Infinity))^(a && (a[((--b) + (c_1 && c_1[(c = 1 + c, (c_1+=(((3||"function"),( /[a2][^e]+$/ *"c"))/(("foo"!=[,0][1])&("object" + Infinity)))))]))]=((0x26.toString()<<-0)&&(a && (a.Infinity>>>=([,0][1]&"number"))))))))))]=(((1<<4)!==(22%"c"))>=((c = c + 1, "bar")||(22>>>(-1)))))));
(c = 1 + c, ((c = c + 1, (this>>>({})))%(((-5)<<1)==(+("number")))));

}
();}
{var expr47 = (a++ + ([(c = 1 + c, (((23..toString()||([,0].length === 2))!=("a"<""))/((!(true)) - (undefined&&([,0].length === 2))))), (c = 1 + c, (((4==="a")>>("foo"||25. ))!=(b && (b.undefined|=((""^Infinity)==(4>=({})))))))].null)); L13605:  for (var key47 in expr47) {c = 1 + c; var b_1 = expr47[key47]; L13606: {


}}}
 }
 } finally { 


try {{var brake50 = 5; do {((--b) + (1 === 1 ? a : b));} while (((--b) + (+((-((("bar"^25. )!==([] + "function"))))))) && --brake50 > 0);} } catch (async) { 


{


if ((c = 1 + c, (((undefined/24 .toString())>>>("">>> /[a2][^e]+$/ ))>>((23..toString()|25. )<<((-3)!=(-2))))))(c = 1 + c, (((a && (a[(c = 1 + c, (b && (b.NaN+=(((b && (b.var=(true>4))) + (0<<"undefined"))!==((([,0].length === 2)^22)||(([,0].length === 2)*24 .toString()))))))]>>>=(Infinity^0)))===(b && (b[(c = 1 + c, (((([,0].length === 2)>>>false)>(22>>>"foo"))<<((a && ([ a.Infinity ] = [ (({})%-0) ]))^(true&&NaN))))]=(23..toString()^0x26.toString()))))*(("c">"function")||("undefined", /[a2][^e]+$/ )))); else (c = 1 + c, (((23..toString()>>false) + (a && ([ a.c ] = [ (Infinity!==23..toString()) ]))),(void ((undefined=="c")))));
}
switch (((--b) + (c_1 && c_1[((c = c + 1) + ([(c = 1 + c, ((((-5)>=NaN),(c = c + 1, 22))===(("foo"<<(-1))<(3<=true))))]))]))) { 
case ((typeof (a++ + (b)))):
(c = 1 + c, (((({})^"c")!==(25. ===(-2)))!=(("number"&&(-4))<=(~(1)))));

 break;

case ((--b) + (function a(arguments_2, foo, a_1,){




(c = 1 + c, ((("bar"<=this) + ((-5)==(-4)))>(("object" - 22)>=(null||({})))));

}((c = 1 + c, (a*=((("object"!=NaN)/("undefined"&"c"))>=((null<=24 .toString())>("c"!=="number")))))))):
{;}
switch ((c = 1 + c, (((4>>>(-4))^("function">(-2)))||(async && (async[((c = c + 1) + (this))]=((3<<(-1))^(22,"foo"))))))) { 
case (c = 1 + c, (c = c + 1, (("a"<<2)^("a"&&[,0][1])))):
;
 break;

case (c = 1 + c, ((("c"&"foo")|("undefined"==="object"))|(((-4)||false)^("undefined" - 1)))):
;
 break;

case (c = 1 + c, (a && (a.null=(((22>>>3)>=("function"%(-4)))!=(([]!==0)<<(({}) + 22)))))):
;
/* fall-through */

case (c = 1 + c, ((( /[a2][^e]+$/ *1)%(async && (async[(c = 1 + c, (((23..toString()==[,0][1])|((-4)>>>5))>>>((({})|(-3))==((-1)<=-0))))]=("object"&"number"))))>>>((22%"foo")*(23..toString()<<-0)))):
;
 break;
}

 break;

default:
switch ((c = 1 + c, ((("b">>"b")!=([,0][1],25. ))^(("object"<=([,0].length === 2)) + (22%"foo"))))) { 
case (c = 1 + c, ((("undefined" + 23..toString())||(4>=(-1)))==(((-4)!==(-1))===("function" - Infinity)))):
;
 break;

default:
;

case (c = 1 + c, ((((-1)<true)>>>(3<"foo"))^(c_1=(("function"||([,0].length === 2))|(a && (a[(c = 1 + c, (void (((25. |(-1))<<(24 .toString() + "a")))))]+=(0&&5))))))):
;
 break;

case (c = 1 + c, (((b && (b.b<<=((-3) + 25. )))<<(24 .toString()|0)) + ((([,0].length === 2)>undefined)|(([,0].length === 2)^5)))):
;
 break;
}


case ((--b) + (-b)):

 break;
}
 }
(a++ + ((typeof (a++ + (a && a[((--b) + ((typeof b_2 != "function")))])))));
 } } catch (b_2) { 


if ((typeof f3 == "function" && --_calls_ >= 0 && f3(((--b) + (a--)), "undefined",  /[a2][^e]+$/ ))){


{var brake65 = 5; do {{var brake66 = 5; do {{;}} while ((a++ + ((((true===(-4)) - ("bar"||(-5)))%((25. /"undefined")&&("b"|this))))) && --brake66 > 0);}} while (((c = c + 1) + (typeof b == "function" && --_calls_ >= 0 && b((c = 1 + c, ((("function"/ /[a2][^e]+$/ )>("b"<Infinity))!==((({})||(-3))>(b_2 && ([ b_2[(c = 1 + c, (((c = c + 1, 25. )&(([,0].length === 2)===4))===(a && (a[((typeof (c = 1 + c, (((Infinity!=23..toString())>>(23..toString()*"function"))&(a && (a.NaN=((0==="a")*(b && ({ c: b[(c = 1 + c, ((b_2+=((({})/"a")&&(void ("bar"))))<((b_2 && (b_2[(c = 1 + c, ((c = c + 1, (({})!=([,0].length === 2)))==(("b"^[,0][1])/(this===2))))]+=(4&&({}))))!==([]>24 .toString()))))] } = { c: ((-3)/2) })))))))))]+=(("c">>>4)<=("undefined"||23..toString()))))))] ] = [ (""===(-1)) ]))))), "b", (c = 1 + c, (b_2+=(((c = c + 1, Infinity)!==(!(this))) + (((-1)/4)/(Infinity!=(-3))))))))) && --brake65 > 0);}
if ((({
foo: (c = 1 + c, ((((-3) - [,0][1])&&(null&&[,0][1]))!=((a && (a.c=(5,NaN))) - (22&(-3))))),
foo: (c = 1 + c, ((([,0][1]*"bar")&&(false/false))/((false/0)>>>(""<=22)))),
foo: (c = 1 + c, (((false<-0)>>>(4&"bar"))==((this - "bar")<<(25. >>22)))),
[(c = 1 + c, ((((-3)&&4)>(25. &&NaN))/((undefined!=0)!=("c"&(-4)))))]: (c = 1 + c, ((("bar"==(-2))%(c_1=(Infinity<NaN)))<<((false>>(-2))>=(null,"foo")))),
0: (c = 1 + c, ((("a"%NaN)^(c = c + 1, (-5)))&&(("a">>>"number")>=((-5)^(-3))))),
}).null))break L13599;
;
} else {


;
if (((--b) + (--(b))))if ((a++ + ("c")))if ((c = 1 + c, (((a && (a[(c = 1 + c, (((([,0].length === 2)&23..toString())||((-5)*({})))^(("foo"/(-3)) + (this||"c"))))]=(NaN>>>"undefined")))^(c = c + 1, (-1)))>>>((22<=[,0][1]) - (b && (b[(c = 1 + c, (a+=((("foo"^"b")<(true!="object"))&((({})!=null)<(false===0)))))]+=("foo">="object")))))))(c = 1 + c, ((( /[a2][^e]+$/  - 0x26.toString())&&(1<<"object"))^((2,true)^(null^25. )))); else (c = 1 + c, ((( /[a2][^e]+$/  + "number")&("undefined"^"c"))*((undefined||"bar")>=(true&[,0][1])))); else {var brake78 = 5; do {(c = 1 + c, (((Infinity==2)|("number">>4))&&((25. <22) + (undefined>>>Infinity))));} while ((c = 1 + c, (((1!=Infinity)==(false|5))&(c = c + 1, (({})<="")))) && --brake78 > 0);}
{var brake80 = 5; L13607: while (( ((-a) || 5).toString()[((--b) + (+function (){




;
}()))] ) && --brake80 > 0){var brake81 = 5; L13608: do {{var expr82 = (c = 1 + c, (b=((("a"<=NaN)&&(b=("bar"==24 .toString())))/((23..toString()/"number")*(c = c + 1, ([,0].length === 2)))))); L13609:  for (var key82 in expr82) {c = 1 + c; var Infinity_1 = expr82[key82]; (c = 1 + c, (((24 .toString()*"number") - (true===false))>=(("bar"<"a")&("a"%"bar"))));}}} while ((Infinity_1 && typeof Infinity_1.var == "function" && --_calls_ >= 0 && Infinity_1.var()) && --brake81 > 0);}}
for (var brake84 = 5; (a++ + ((typeof ((typeof c_1_1))))) && brake84 > 0; --brake84)((c = c + 1) + ( /[abc4]/.test(((c = 1 + c, (((0x26.toString() + 0x26.toString())>>(null<this))<(c_1 && (c_1[(!function b(){




;
}())]=((4<"c")>>(1,(-1))))))) || b || 5).toString()) ));
}
try {(a++ + (typeof b_2 == "function" && --_calls_ >= 0 && b_2("a", "undefined", "object"))); } catch (c_2) { 


((--b) + (b_2));
(void ((((c_2&=(22>>3))<<(3>>>false))<((({})^24 .toString())>>>("object"!=23..toString())))));
 }
 } finally { 


var b_1 = ( (((--b) + (({
[((c = c + 1) + (++/* ignore */a))]: (b = a),
a,
1.5: ((c = c + 1) + (0 === 1 ? a : b)),
in: ((--b) + (b_1 && typeof b_1.null == "function" && --_calls_ >= 0 && b_1.null(null))),
c: ((c = c + 1) + (b && b[(a+=(c = 1 + c, (((void (Infinity))!=("undefined"!==NaN))^(("b"<=2)|(3 + 5)))))])),
})[(1 === 1 ? a : b)])) || a || 3).toString() );
if ((typeof f1 == "function" && --_calls_ >= 0 && f1())){


(a++ + ((typeof c_2)));
L13610: for (var brake94 = 5; ((c = c + 1) + ((typeof b_1 !== "boolean"))) && brake94 > 0; --brake94)c = c + 1;
}
 }
}
{var b_1 = function f2(){




;
{var brake101 = 5; do {;} while ((([,0].length === 2)) && --brake101 > 0);}

}
(((c = c + 1) + (({
var: ( ((a/* ignore */++) || 3).toString()[(-((((Infinity<<"c")>>(1,(-4))) - (("bar">="function")<=((-1)>=22)))))] ),
})[((c = c + 1) + ([(a++ + ( ((({}) in ({
})) || 4).toString()[(a++ + ( (((typeof b_2 == "boolean")) || 5).toString()[((c = c + 1) + ( ((++a) || 0).toString()[(void function b(){




{var brake97 = 5; while ((c = 1 + c, ((("foo"!==-0)!=(true>=0)) - (([,0][1]*undefined)>=((-1)<(-4))))) && --brake97 > 0)(c = 1 + c, (b && (b[(b=((c = c + 1) + (typeof f1 == "function" && --_calls_ >= 0 && f1(...[(c = 1 + c, (c = c + 1, ((5!=="object")^((-5) + ([,0].length === 2)))))], "bar"))))]/=(((c = c + 1, 4)^(this%5))<=((b-=(([,0].length === 2)>23..toString()))<<(3 - 3))))));}
var {} = "", a_1 = (c = 1 + c, (((2>="function")!==(this^Infinity)) - ((Infinity - false)<("foo"==(-3))))), undefined_1 = (c = 1 + c, ((("undefined"|(-2))>(-0 - "number"))*((undefined!==4)^(0x26.toString()>>>4))));

}())] ))] ))] )), (a++ + (0 === 1 ? a : b)), (-(((("b">>5) + (2>>"foo")) - ((22,3)^(null/undefined)))))][(([,0].length === 2) in [])]))])));}

console.log(null, a, b, c, Infinity, NaN, undefined);
// uglified code
//
var brake78,_calls_=10,a=100,b=10,c=0;c:if(c+=1,--b,"function"==typeof f1&&0<=--_calls_&&f1(-1,"undefined"),--b+{"":a+++("function"==typeof a&&0<=--_calls_&&a(-0,"undefined")),in:[+function(){var t="function"==typeof f0&&0<=--_calls_&&f0();for(const e in t){c=1+c;var n=t[e];return c=1+c,n&&(n.null={}*this=="bar"*23..toString()==(2===[,0].length|2===[,0].length)<<8)}for(var r=5;c=1+c,a=NaN,delete Infinity,a+++("string"!=typeof n)&&0<--r;);for(var o=5;c=1+c,c=1+(c+=1),a=!0^"function"!=[],0<--o;)c=1+c,23..toString(),a&&(a.Infinity=0)}(),({"":a}=(c+=1)+a||{})],a:a,a:NaN in{length:--b+(-44-(5<<(2===[,0].length))<("c"==(a^=!1)))}}.NaN)t:for(var brake14=5;(--b+{0:(c+=1)+("function"==typeof f1&&0<=--_calls_&&f1(a+++(a+++a||a||3).toString(),a&&a.foo)),a:(c+=1)+("unknown"==typeof a),...{3:a+++typeof(--b+(c=1+c,(38..toString()&&"foo")-3<(void 0+this<-4)?(c=1+c,("object"==23..toString())-1&&1):(c=1+c,38..toString()+!0>(1/0&!1===24..toString())))),"-2":a+++{undefined:(c=1+c,(a=0)^2===[,0].length!=23..toString()),"\t":(c=1+c,!1),[(c=1+c,[]+"foo"===3==!1+(-2===23..toString()))]:(c=1+c,-2!=(!1^(c+=1,3))),in:(c=1+c,NaN-((2===[,0].length)<0)<=-1),Infinity:(c=1+c,0)}[a]}[--b+new function(t,a,n){c=1+c,(2===[,0].length!=(-5===[]))%0&&(c=1+c,c+=1,t&&(t.NaN="undefined"^[]))}],"\t":--b+("function"==typeof parseInt)}[(c+=1)+[a+++(!1+"b"*[]<="1barb"),b--]]||2).toString()[b]&&0<brake14&&/[abc4]/g.exec(((c+=1)+(void 0===b)||b||5).toString());--brake14);else try{try{var key24,expr24=--b+"number";for(key24 in expr24){c=1+c;var c_1=expr24[key24],expr25=(c+=1)+--b;for(const m in expr25){c=1+c;b=expr25[m];c+=1}}}catch(t){var brake27=5;t:for(;--b+0/0&&0<--brake27;)continue t;try{for(var brake30=5;(c+=1)+(t&&t.null)&&0<--brake30;)if((c+=1)+(a&&"function"==typeof a.c&&0<=--_calls_&&a.c(4)))for(var brake32=5;c=1+c,a&&(a[(c+=1)+[].toString()[--b]]=!0),a+++/[abc4]/.test((c=1+c,((25<38..toString()<=(c_1&&({0:c_1[c=1+c,!0]}={0:0/0})))<<(4<=23..toString()^[]>>>!0)||b||5).toString()))&&0<--brake32;);else{var expr34={1.5:(c=1+c,!({}<<24..toString())<t+(c_1&&(c_1.b=23..toString()>>"foo"))),...(c=1+c,(c_1&&(c_1.in=0))<<25^(4&[])%({}===/[a2][^e]+$/)),c:(c=1+c,-5+(-5==t)>>5)}[c=1+c,((c_1=0/0)|25&this)!=(0|38..toString())<=!1];for([c_1]in expr34)throw c=1+c,0===(t=!0)}}catch(b){if(c=1+c,(typeof(a&=(b=(c_1+=!1)-!0)>>!0*{}/("undefined"+!1))||a||3).toString(),c+=1,c_1=a)a=void 0;else{var brake41=5;do{for(var brake42=5;c=1+c,a&&(a[2+a++]=38..toString()==t^!0)&&0<brake42;--brake42)c=1+c,c+=1,24..toString()}while(--b+(c_1&&(c_1.a+=void 0*(a&&(a[c=1+c,c+=1,23..toString()>>-4<=0]=!0))/(!1*("c"&38..toString()))),!0)&&0<--brake41)}}finally{var key47,b_1=(c=1+c,t&&(t[a+++~((23..toString()&&-0)<</[a2][^e]+$/+1/0^(a&&(a[--b+(c_1&&c_1[c=1+c,c_1+=0/0])]=38..toString()<<-0&&a&&(a.Infinity>>>=0))))]=(c+=1,"bar")<=!0),c=1+c,void(c+=1)),expr47=a+++[(c=1+c,(0!=(23..toString()||2===[,0].length))/(0/0)),(c=1+c,0!=(b&&(b.undefined|=0=={}<=4)))].null;for(key47 in expr47){c=1+c;b_1=expr47[key47]}}}finally{try{for(var brake50=5;--b,--b+ +-(25!==[]+"function")&&0<--brake50;);}catch(t){switch(c=1+c,void 0/24..toString()>>>0>>((25|23..toString())<<!0)?(c=1+c,a&&(a[c=1+c,b&&(b.NaN+=(b&&(b.var=!1))+0!==(2===[,0].length^22||(2===[,0].length)*24..toString()))]>>>=0),b&&(b[c=1+c,(22<(2===[,0].length)>>>!1)<<(NaN^(a&&([a.Infinity]=[{}%-0])))]=23..toString()^38..toString())):(c=1+c,23..toString(),a&&([a.c]=[1/0!==23..toString()])),--b+(c_1&&c_1[(c+=1)+[(c=1+c,!1===(c+=1,22))]])){case typeof(a+++b):c=1+c;break;case--b+(c=1+c,a*=1/0>=(!0<(null<=24..toString())),void(c=1+c)):switch(c=1+c,t&&(t[(c+=1)+this]=-2147483648)){case c=1+c,c+=1,0:case c=1+c,-4:break;case c=1+c,a&&(a.null=0!=(0!==[])<<{}+22):case c=1+c,NaN%(t&&(t[c=1+c,(0==23..toString()|-4>>>5)>>>(1==(-3|{}))]=0))>>>NaN*(23..toString()<<-0):}break;default:switch(!0^("object"<=(2===[,0].length))+NaN){case c=1+(c=1+c),0==("undefined"+23..toString()||!0):break;default:case c=1+c,1^(c_1="function"|(a&&(a[c=1+c,void 24..toString()]+=0))):case c=1+c,((b&&(b.b<<=22))<<(0|24..toString()))+(void 0<(2===[,0].length)|2===[,0].length^5):}case--b-b:}}a++,++a&&a[--b+("function"!=typeof b_2)]}}catch(b_2){if("function"==typeof f3&&0<=--_calls_&&f3(--b+a--,"undefined",/[a2][^e]+$/)){var brake65=5;do{for(var brake66=5;a+++NaN&&0<--brake66;);}while((c+=1)+("function"==typeof b&&0<=--_calls_&&b((c=1+c,!1!={}>(b_2&&([b_2[c=1+c,c+=1,(25&2===[,0].length===4)===(a&&(a[c=1+c,typeof((1/0!=23..toString())>>"function"*23..toString()&(a&&(a.NaN=!1*(b&&({c:b[c=1+c,(b_2+={}/"a"&&void 0)<((b_2&&(b_2[c=1+c,c+=1,{}!=(2===[,0].length)==0/(2===this)]+={}))!==[]>24..toString())]}={c:-1.5})))))]+=!1))]]=[!1]))),"b",(c=1+c,b_2+=(c+=1,(1/0!==!this)+-.25))))&&0<--brake65);if({foo:(c=1+c,null!=(a&&(a.c=NaN))-20),foo:NaN,foo:0==this-"bar"<<0,[0]:!1%(c_1=!1)<<!1,0:(c=1+(c=1+(c=1+(c=1+(c=1+c)))),c+=1,!1)}.null)break c}else{--b+--b&&(c=1+c,((++a&&(a[c=1+c,(2===[,0].length&23..toString()||-5*{})^NaN+(this||"c")]=0))^(c+=1,-1))>>>!1-(b&&(b[c=1+c,a+=!0&(null!={})<!1]+=!1))?(c=1+c,38..toString()):c=1+c);for(var brake80=5;(-a||5).toString()[--b+NaN]&&0<--brake80;){var brake81=5;do{var key82,expr82=(c=1+c,b=!1/(23..toString()/"number"*(c+=1,2===[,0].length)));for(key82 in expr82){c=1+c;var Infinity_1=expr82[key82],c=1+c;24..toString()}}while(Infinity_1&&"function"==typeof Infinity_1.var&&0<=--_calls_&&Infinity_1.var()&&0<--brake81)}for(var brake84=5;a+++typeof typeof c_1_1&&0<brake84;--brake84)/[abc4]/.test((c=1+(c+=1),(38..toString()+38..toString()>>(null<this)<(c_1&&(c_1[!0]=0))||b||5).toString()))}try{a++,"function"==typeof b_2&&0<=--_calls_&&b_2("a","undefined","object")}catch(c){--b,c&=2,24..toString(),23..toString()}}finally{b_1=(--b+{[(c+=1)+ ++a]:b=a,a:a,1.5:(c+=1)+b,in:--b+(b_1&&"function"==typeof b_1.null&&0<=--_calls_&&b_1.null(null)),c:(c+=1)+(b&&b[a+=(c=1+c,9)])}[a]||a||3).toString();if("function"==typeof f1&&0<=--_calls_&&f1()){a++;for(var brake94=5;(c+=1)+("boolean"!=typeof b_1)&&0<brake94;--brake94)c+=1}}b_1=function(){for(var c=5;2===[,0].length&&0<--c;);}((c+=1,(a++||3).toString()[1],c+=1,a++,({}in{}||4).toString()[a+++("boolean"==typeof b_2||5).toString()[(c+=1)+(++a||0).toString()[void function(){c=1+c;c=1+(c=1+c),38..toString()}()]]],a++));console.log(null,a,b,c,1/0,NaN,void 0);
original result:
null 17 2 46 Infinity NaN undefined

uglified result:
evalmachine.<anonymous>:1
var brake78,_calls_=10,a=100,b=10,c=0;c:if(c+=1,--b,"function"==typeof f1&&0<=--_calls_&&f1(-1,"undefined"),--b+{"":a+++("function"==typeof a&&0<=--_calls_&&a(-0,"undefined")),in:[+function(){var t="function"==typeof f0&&0<=--_calls_&&f0();for(const e in t){c=1+c;var n=t[e];return c=1+c,n&&(n.null={}*this=="bar"*23..toString()==(2===[,0].length|2===[,0].length)<<8)}for(var r=5;c=1+c,a=NaN,delete Infinity,a+++("string"!=typeof n)&&0<--r;);for(var o=5;c=1+c,c=1+(c+=1),a=!0^"function"!=[],0<--o;)c=1+c,23..toString(),a&&(a.Infinity=0)}(),({"":a}=(c+=1)+a||{})],a:a,a:NaN in{length:--b+(-44-(5<<(2===[,0].length))<("c"==(a^=!1)))}}.NaN)t:for(var brake14=5;(--b+{0:(c+=1)+("function"==typeof f1&&0<=--_calls_&&f1(a+++(a+++a||a||3).toString(),a&&a.foo)),a:(c+=1)+("unknown"==typeof a),...{3:a+++typeof(--b+(c=1+c,(38..toString()&&"foo")-3<(void 0+this<-4)?(c=1+c,("object"==23..toString())-1&&1):(c=1+c,38..toString()+!0>(1/0&!1===24..toString())))),"-2":a+++{undefined:(c=1+c,(a=0)^2===[,0].lengt

SyntaxError: Label 't' has already been declared
    at createScript (vm.js:80:10)
    at Object.runInContext (vm.js:119:10)
    at Object.run_code (/home/runner/work/UglifyJS/UglifyJS/test/sandbox.js:75:12)
    at /home/runner/work/UglifyJS/UglifyJS/test/ufuzz/index.js:1839:37
    at Array.forEach (<anonymous>)
    at Object.<anonymous> (/home/runner/work/UglifyJS/UglifyJS/test/ufuzz/index.js:1831:20)
    at Module._compile (module.js:653:30)
    at Object.Module._extensions..js (module.js:664:10)
    at Module.load (module.js:566:32)
    at tryModuleLoad (module.js:506:12)
// reduced test case (output will differ)

L13599:{if(0..NaN)L13602:for(var brake14=5;0;0){break L13602}else try{L13603:while(0)continue L13603}catch(b_2){break L13599}}
// output: 
// minify: SyntaxError: Label 'e' has already been declared
// options: {
//   "output": {
//     "v8": true
//   },
//   "validate": true
// }
minify(options):
{
  "output": {
    "v8": true
  }
}

Suspicious compress options:
  booleans
  conditionals
  loops
  sequences
  unused

Suspicious output options:
  v8
@alexlamsl alexlamsl added the bug label Dec 27, 2020
@alexlamsl
Copy link
Collaborator Author

@kzc TIL:

$ node -v
v0.8.28

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node

[stdin]:1
M:if(0)L:;else L:;
               ^
SyntaxError: Label 'L' has already been declared
    at Object.<anonymous> ([stdin]-wrapper:6:22)
$ node -v
v0.10.48

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node

[stdin]:1
M:if(0)L:;else L:;
               ^
SyntaxError: Label 'L' has already been declared
    at Object.<anonymous> ([stdin]-wrapper:6:22)
$ node -v
v0.12.18

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node
[stdin]:1
M:if(0)L:;else L:;
               ^
SyntaxError: Label 'L' has already been declared
    at Object.exports.runInThisContext (vm.js:73:16)
$ node -v
v4.9.1

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node
[stdin]:1
M:if(0)L:;else L:;
               ^

SyntaxError: Label 'L' has already been declared
    at Object.exports.runInThisContext (vm.js:53:16)
$ node -v
v6.17.1

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node
[stdin]:1
M:if(0)L:;else L:;
               ^

SyntaxError: Label 'L' has already been declared
    at createScript (vm.js:56:10)
$ node -v
v8.17.0

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node
[stdin]:1
M:if(0)L:;else L:;
               ^

SyntaxError: Label 'L' has already been declared
    at createScript (vm.js:80:10)
$ node -v
v10.22.1

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node
[stdin]:1
M:if(0)L:;else L:;
               ^

SyntaxError: Label 'L' has already been declared
    at new Script (vm.js:83:7)
$ node -v
v12.19.0

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node
$ node -v
v14.13.1

$ echo 'if(0)L:;else L:;' | node

$ echo 'M:if(0)L:;else L:;' | node

@alexlamsl alexlamsl removed the bug label Dec 27, 2020
alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Dec 27, 2020
@kzc
Copy link
Contributor

kzc commented Dec 27, 2020

The behavior in most recent versions of V8 seems to be correct and matches an old version of spidermonkey:

$ jx -jsv
Mozilla SpiderMonkey v34

$ echo 'if(0)L:;else L:;' | jx

$ echo 'M:if(0)L:;else L:;' | jx

The label belongs to each empty statement, not the if statement itself.

alexlamsl added a commit that referenced this issue Dec 27, 2020
@alexlamsl
Copy link
Collaborator Author

None of the other platforms I've tried have the same bug either − so that's Google Genuine Advantage™️

@alexlamsl
Copy link
Collaborator Author

... and while we are on about quirks − do you know of any stdio bug on macOS that would do something like this? 🤔

https://github.com/mishoo/UglifyJS/runs/1612437614#step:4:224

@kzc
Copy link
Contributor

kzc commented Dec 27, 2020

Regarding the label issue, all software has bugs. It was fixed in the most recent version of V8. No big deal.

I'm not running the latest macos version, but the Mac version of Node has always had stdio buffering issues. I suggest to revert 9809567 in order to make stdio blocking. Or just don't bother to test on Mac at all.

@alexlamsl
Copy link
Collaborator Author

Regarding the label issue, all software has bugs.

True − just admiring how basic, probably zero-day, and how long it stuck around. I don't think it's undetected, nor do I think the fix was deliberate. 😏

but the Mac version of Node has always had stdio buffering issues

Another long-standing issue then 😅

I've only added that ufuzz job into the mix to cover later versions of Node.js, and thought I might as well (ab)use that OS offering from GitHub, in response to recent degradation in on.scedule performce of GitHub Actions.

Currently only takes up 20% of testing capacity so the rest are still fully functional for both Node.js & OS of choice.

@alexlamsl
Copy link
Collaborator Author

Looks like it's not going away any time soon:
nodejs/node#6379
nodejs/node#6456

Speaking of out-of-date macOS, me too 🙄 − and since that looks like your primary development platform, let me boot it up and see if I can make tools/exit.js work over there as well.

(The suggested solution in those issue reports don't work for all versions of Node.js IIRC − the hack deepens... 👻)

@kzc
Copy link
Contributor

kzc commented Dec 27, 2020

You'll notice my participation in those and other threads. Years ago I proposed a simple solution to the flushing stdio bug upon process.exit in nodejs and libuv projects but the correctly working fix offended their aesthetic sensibilities so they preferred to ignore the glaring problem and close the issue. Brilliant!

@kzc
Copy link
Contributor

kzc commented Dec 27, 2020

fwiw, this PR is an adaptation of my proposal to fix the NodeJS process.exit stdio buffering bug: nodejs/node#6773. I've turfed my NodeJS tree long ago. Here was the attempt to upstream the libuv component of the fix: libuv/libuv#876. This problem cannot be fixed in the NodeJS layer alone due to inaccessible in-flight buffered stdio data in the libuv layer.

A short term "workaround" at the time was to make stdio blocking in Node 6 by default. But people complained about the speed of synchronous unbuffered stdio so I would not be surprised if they reverted that and reintroduced the problem without a fix.

@alexlamsl
Copy link
Collaborator Author

So the direct execution of test/ufuzz -V runs on without much success in reproduction − however, imitating the following seems to do the trick:

child.stderr.on("data", trap).pipe(process.stdout);

... which is odd in the sense that my test script doesn't even call process.exit() − it continues to run after truncation is observed seemingly indefinitely.

@kzc
Copy link
Contributor

kzc commented Dec 27, 2020

I no longer follow NodeJS development after that experience. I wouldn't be surprised if other problems arose in their stdio subsystem in subsequent versions.

@alexlamsl
Copy link
Collaborator Author

No worries − at least I know with good confidence that the current tools/exit.js works for you, and the issue is confined to those GitHub Actions jobs.

I'll poke a little further until I get bored 😜

@kzc
Copy link
Contributor

kzc commented Dec 27, 2020

at least I know with good confidence that the current tools/exit.js works for you

I don't know about the current version. I don't run uglify-js, ufuzz or test/reduce much. I maintain a private fork of uglify-es with dozens of my own patches and probably an equal number of yours (which is increasingly difficult lately due to code divergence). In my fork stdio is still set to blocking. I still follow uglify-js development because it's interesting.

@alexlamsl
Copy link
Collaborator Author

Here's the script I use to somewhat reliably reproduce the issue:

var child = require("child_process").spawn("node", [
    "test/ufuzz",
    "-V",
], {
    stdio: [ "ignore", "pipe", "pipe" ],
});
var stdout = "", stderr = "";
var original = 0, uglified = 0;
child.stdout.on("data", function(data) {
    stdout += data;
});
child.stderr.on("data", function(data) {
    stderr += data;
    stderr = stderr.replace(/[\s\S]*?\/\/ (original|uglified) code/g, function(match, type) {
        if (type === "original") original++;
        if (type === "uglified") uglified++;
        return "";
    });
}).pipe(process.stdout);
setInterval(function() {
    var end = stdout.lastIndexOf("\r");
    if (end < 0) return;
    console.log(stdout.slice(0, end), original, uglified, stderr.length);
    stdout = stdout.slice(end + 1);
}, 5000);

... and once it pops, child.stderr just stops:

$ cat test.js | node
9 of Infinity 0 0 0
27 of Infinity 0 0 0
39 of Infinity 0 0 0
52 of Infinity 0 0 0
59 of Infinity 0 0 0
69 of Infinity 0 0 0
82 of Infinity 0 0 0
98 of Infinity 0 0 0
//=============================================================
// original code
...
    +function() {
105 of Infinity 1 0 8209
118 of Infinity 1 0 8209
129 of Infinity 1 0 8209
135 of Infinity 1 0 8209
146 of Infinity 1 0 8209
155 of Infinity 1 0 8209
163 of Infinity 1 0 8209
180 of Infinity 1 0 8209
188 of Infinity 1 0 8209
200 of Infinity 1 0 8209
211 of Infinity 1 0 8209
224 of Infinity 1 0 8209

You can see it shoots past the second checkpoint (200) without any verbose output at all.

@alexlamsl
Copy link
Collaborator Author

I've added child.stderr.on() for "error", "end" & "close" just in case − got zilch.

@alexlamsl
Copy link
Collaborator Author

8209 keeps showing up when trouble strikes, but not always, e.g. sometimes it's 8193 🤔

@kzc
Copy link
Contributor

kzc commented Dec 27, 2020

fwiw I ran the script above against unmodified latest master 6a8aed2 on Mac OS 10.9.5 with node-v14.3.0 and I do see truncation for large test cases.

However, when I reverted 9809567 it appears to correctly output large test cases. One such original beautified test case was 60,610 bytes.

@alexlamsl
Copy link
Collaborator Author

alexlamsl commented Dec 27, 2020

So may be a racing condition in Node.js or libuv that trips over and silently kills stderr (coz that's always A Good Thing™️ 😏) − that would explain why a serialising setBlocking(true) (presumbly what that does, haven't read the code myself to be sure...) would iron out such an issue.

I shall put that original workaround into tools/exit.js, with the current behaviour as the fallback when setBlocking() is unavailable.

@kzc
Copy link
Contributor

kzc commented Dec 28, 2020

Without blocking the small Mac OS stdio buffers fill up quick and then undefined behaviour ensues. The same thing probably happens on Linux except their stdio buffers are larger - 64K as I recall.

@kzc
Copy link
Contributor

kzc commented Dec 28, 2020

Windows stdio is always synchronous in NodeJS as I recall.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants