Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ufuzz failure on hoist_props #3021

Closed
alexlamsl opened this issue Mar 22, 2018 · 0 comments · Fixed by #3022
Closed

ufuzz failure on hoist_props #3021

alexlamsl opened this issue Mar 22, 2018 · 0 comments · Fixed by #3022
Labels
bug

Comments

@alexlamsl
Copy link
Collaborator

https://travis-ci.org/alexlamsl/UglifyJS2/builds/357102074

// original code
// (beautified)
var _calls_ = 10, a = 100, b = 10, c = 0;

{
    var undefined_2 = function c_2(b_1, bar, arguments_2) {
        function f0(b, NaN_2) {
            {
                var brake2 = 5;
                while (--b + {
                    length: {
                        Infinity: (c = 1 + c, "c" >> null == 23..toString() % "foo" | (arguments_2 && (arguments_2[+function undefined_1() {
                        }()] = 5 * -2 >>> 24..toString() + "b")))
                    }[(c = 1 + c, +[ , 0 ][1] === ("undefined" === 5) & (/[a2][^e]+$/ > "" ^ (c = c + 1, 
                    {})))],
                    "\t": {
                        var: (c = 1 + c, ((NaN | false) > 24..toString() << "foo") >>> (b_1 && (b_1[(c = 1 + c, 
                        (("a" & -5) < (NaN_2 && (NaN_2[(c = 1 + c, "a" * 24..toString() >= ([] <= {}) ^ void ("object" && -0))] = (false, 
                        "")))) * (arguments_2 && (arguments_2.b += "function" - "undefined" ^ "bar" & -4)))] /= true ^ 3)) - (2 & NaN)),
                        undefined: (c = 1 + c, (NaN_2 = true + -0 && -3 === -0) * (c = c + 1, "c" < null))
                    },
                    c: arguments_2
                }.undefined && --brake2 > 0) {
                    for (var brake3 = 5; a++ + /[abc4]/.test((a++ + (typeof b_1 == "function" && --_calls_ >= 0 && b_1((c = 1 + c, 
                    (2 & "b") == (23..toString() ^ "b") != ("b" > /[a2][^e]+$/) + ([] >>> [ , 0 ][1])), (c = 1 + c, 
                    b_1 && (b_1.Infinity += (-1 != ([ , 0 ].length === 2)) << (0 || "object") & (3 ^ [] ^ (arguments_2 && (arguments_2.undefined += 38..toString() & -0))))))) || b || 5).toString()) && brake3 > 0; --brake3) {
                        var brake4 = 5;
                        L24080: do {
                            c = c + 1;
                        } while (((c = 1 + c, ((24..toString() ^ {}) >>> "foo" % null) % (("number" && "b") !== 22 % "foo")) || 8).toString()[(c = 1 + c, 
                        (c = c + 1, "c" & "b") === -0 + false >> (/[a2][^e]+$/ ^ 22))] && --brake4 > 0);
                    }
                }
            }
        }
        var foo_2 = f0("", 22);
        function f1(a) {
            function f2(parseInt, a) {
                {
                    var brake7 = 5;
                    do {
                        c = 1 + c, !(0 < {}) % (-0 >>> undefined !== ("b" || 2));
                    } while ((c = 1 + c, arguments_2 && (arguments_2[(c = 1 + c, ((foo_2 && (foo_2.var >>>= undefined - "bar")) <= (arguments_2 && (arguments_2[(c = 1 + c, 
                    ("foo" ^ 1) == {} < Infinity && 5 / "undefined" > (-3 ^ ""))] = -4 ^ "bar"))) >> ((c = c + 1, 
                    22) <= (22, Infinity)))] = "object" < "undefined" & {} == "foo"), -2 === 1 || /[a2][^e]+$/ && /[a2][^e]+$/) && --brake7 > 0);
                }
                var NaN_2 = (c = 1 + c, (undefined === []) % (2 && 0) != "function" / -0 >= "bar" << 24..toString());
            }
            var a_1 = f2(a--, a++ + new function() {
                this.foo = "a" && 38..toString();
                this.b = "a" % {};
            }());
            function f3(a_2) {
                {
                }
                {
                }
            }
            var bar = f3();
            function f4() {
                {
                    var brake12 = 5;
                    while ((c = 1 + c, (c = c + 1, -1 < "undefined") <= (+25 ^ 38..toString() / {})) && --brake12 > 0) {
                        c = 1 + c, (-1 >= "b" | "function" % 22) === (-4 & 38..toString(), 0 - ([ , 0 ].length === 2));
                    }
                }
                L24081: {
                }
            }
            var b_1_1 = f4();
            function f5(b_1, a_1) {
                switch (c = 1 + c, ("undefined" + -4) * ([ , 0 ].length === 2 & [ , 0 ].length === 2) !== (arguments_2 && (arguments_2[(c = 1 + c, 
                ((a_1 += [ , 0 ].length === 2 | 24..toString()) === (b_1 && (b_1[(c = 1 + c, ((b_1 && (b_1.in += 1 <= "number")) | "foo" % Infinity) >= 3 * "b" % (a_1 && (a_1[(c = 1 + c, 
                (23..toString() ^ []) < (c = c + 1, /[a2][^e]+$/) ^ -("number" >> -3))] = "" >>> null)))] = "c" > "foo"))) >> void 24..toString() * ({} + 4))] += Infinity ^ null)) > ([] != null)) {
                  case c = 1 + c, ([] ^ -2) << this * "c" < (("object" && NaN) !== [ , 0 ][1] / -1):
                    ;
                    break;

                  default:
                    ;

                  case c = 1 + c, (foo_2 && (foo_2.Infinity = NaN < 23..toString())) <= "number" % this <= (23..toString() > this !== (-5 !== 4)):
                    ;
                    break;

                  case c = 1 + c, ([ , 0 ].length === 2 ^ null) - (4 << -2) & (1 >> false || 5 / -3):
                    ;
                    break;
                }
                try {
                    c = 1 + c, (3 > -3 >= ([ , 0 ][1] === -0)) + ("b" ^ /[a2][^e]+$/ && (-0 || true));
                } catch (a_1_2) {
                }
            }
            var foo_1 = f5(~(("b" % "c", "" || []) << (Infinity < this < ("c" !== true))), true);
            function f6() {
                try {
                    c = 1 + c, (c = c + 1, "number" >= null) >> ((-2 ^ {}) < 0 * false);
                } catch (a) {
                }
                {
                    var brake20 = 5;
                    L24082: while ((c = 1 + c, (b_1_1 = (undefined != 22) > ([ , 0 ][1] > "number")) - (true && "number" && /[a2][^e]+$/ / 2)) && --brake20 > 0) {
                        c = 1 + c, 0 >>> "b" > ([ , 0 ].length === 2) % {} || a_1 && (a_1[(c = 1 + c, (undefined !== "a") << {} / -4 ^ false * -4 + (foo_1 && (foo_1.NaN += null << false))) ? (c = 1 + c, 
                        ((b_1 /= 4 == -3) ^ this !== 4) + ((arguments_2 && (arguments_2[(c = 1 + c, foo_2 && (foo_2[[][a++]] = 2 * Infinity && "c" % "" || "" | "bar" | (c = c + 1, 
                        [ , 0 ].length === 2)))] = 25 >= "b")) - (4 && true))) : (c = 1 + c, ("object" || "object" || 23..toString() >>> 1) << ("number" <= 25 === 25 << 25))] = (-5 ^ [ , 0 ][1]) >>> (0 == -2));
                    }
                }
            }
            var b_1_1_2 = f6(this, -1, 0 === 1 ? a : b);
        }
        var b_1 = f1();
        function f7(NaN_2) {
            foo_2;
            c = c + 1;
        }
        var parseInt = f7();
        function f8(b, Infinity) {
            try {
                if (+function b_1_1() {}()) {
                    L24083: {
                        c = 1 + c, ([ , 0 ].length === 2) < -0 >= (5 & /[a2][^e]+$/) !== ((b_1 %= /[a2][^e]+$/ <= -2) && (arguments_2 && (arguments_2[(c = 1 + c, 
                        undefined !== "a" == (false & "c") === (("function", 4) === ("number" | this)))] += (-5, 
                        "function"))));
                    }
                }
            } catch (b_1_2) {
                return;
            }
            switch (typeof f2 == "function" && --_calls_ >= 0 && f2(a++ + (typeof f10 == "function" && --_calls_ >= 0 && f10((c = 1 + c, 
            (/[a2][^e]+$/ & 2) / (5 >> "function") / ((-3 & "undefined") + ({} > null))))), (c = c + 1) + +(void [] % ("" << "b"), 
            (null === undefined) <= (-5 & "undefined")))) {
              case b_1 = (c = c + 1) + 38..toString():
                {
                    var arguments_1 = function f9() {
                    }();
                }
                break;

              case typeof f6 == "function" && --_calls_ >= 0 && f6((c = c + 1) + (typeof f6 == "function" && --_calls_ >= 0 && f6((c = 1 + c, 
                (b_1 && (b_1[(c = 1 + c, (this && 23..toString()) < ("b" || 24..toString()) !== +(5 <= 25))] = {} !== 3), 
                NaN && "foo") ^ (Infinity & [ , 0 ][1] && ~{})), 0)), arguments_2 += this - "a" >> (b_1 += 24..toString() || 23..toString()) << (-0 === NaN | ("c" && true))):
                break;

              default:
              case (c = c + 1) + typeof (null << "b" > undefined / "c" ^ (1 !== -5) >= [ , 0 ][1] + "number"):
                if (--b + [ (c = 1 + c, ("undefined" >>> "foo", 0 !== "number") >> ~(undefined / false)), , (c = 1 + c, 
                (3 * this ^ 24..toString() <= this) != (arguments_2 |= (c = c + 1, 1) - (-3, "undefined"))) ].length) {}
                break;
            }
        }
        var b_2 = f8(a++ + (b_1 && b_1.length), (c = c + 1) + ++a, (c = c + 1) + -a);
        function f10(bar, parseInt, c) {
            {
                if (b = a) {
                    var brake36 = 5;
                    do {
                        c = 1 + c, (foo_2 && (foo_2.c = (23..toString(), false))) < (38..toString(), -0) && (-4 >= 24..toString()) >>> (-0 ^ this);
                    } while ((c = 1 + c, ((Infinity | null) > ([ , 0 ].length === 2) >> 25) / (b_2 && (b_2.Infinity = (NaN >= "a") >> void {}))) && --brake36 > 0);
                }
                if (a++ + b--) {
                    var bar = (c = 1 + c, ((38..toString() && -0) | -2 >> 22) & ("function" ^ 4 && 38..toString() + "undefined")), b_1 = (c = 1 + c, 
                    (null >> NaN > (-1 & "bar")) << (("number" && 38..toString()) ^ "a" <= 0));
                }
                {
                    var parseInt_2 = function f11(b_1, a, c_1) {
                    }((c = 1 + c, (24..toString() % "function", Infinity === /[a2][^e]+$/) >>> (("undefined" & "number") >> ("b" << []))), Infinity, (c = 1 + c, 
                    (NaN << /[a2][^e]+$/) / (-0 === "") == (c = c + 1, 24..toString()) >> ("bar" != false)));
                }
            }
            try {
                {
                    return typeof NaN_1 == "number";
                }
            } catch (bar_2) {
                {
                    var expr43 = ((c = 1 + c, (4 === 1 ^ (c = c + 1, 5)) != ("number" >= 25) / (-0 + -0)) || 4).toString()[(c = 1 + c, 
                    ("undefined", "foo") < (false | -3) !== (-5 >>> NaN === (1 ^ -5)))];
                    for (var key43 in expr43) {
                        c = 1 + c;
                        var Math = expr43[key43];
                        return;
                    }
                }
                var NaN_1;
            } finally {
                var b_2;
                var parseInt_2 = a++ + b_2, b = {
                    length: (c = 1 + c, (23..toString() % true ^ -2 <= 2) >= (-0 == NaN & "number" != undefined)),
                    "": (c = 1 + c, ("a" === 0 === (2 ^ "a")) << (arguments_2 += -3 >>> 1 != ("undefined" || "")))
                };
            }
        }
        var Math = f10(b--);
    }(--b + void ("a" << -1 < (undefined_2 && (undefined_2.Infinity += 4 >>> {}))), -3);
}

console.log(null, a, b, c, Infinity, NaN, undefined);
// uglified code
// (beautified)
var _calls_ = 10, a = 100, b = 10, c = 0, undefined_2 = function(b_1, bar, arguments_2) {
    var foo_2 = function(b, NaN_2) {
        for (var brake2 = 5; --b + {
            length: {
                Infinity: (c = 1 + c, 0 == 23..toString() % "foo" | (arguments_2 && (arguments_2.NaN = -10 >>> 24..toString() + "b")))
            }[(c = 1 + c, !1 & (!0 ^ (c += 1, {})))],
            "\t": {
                var: (c = 1 + c, (24..toString() << "foo" < 0) >>> (b_1 && (b_1[(c = 1 + c, (0 < (NaN_2 && (NaN_2[(c = 1 + c, 
                "a" * 24..toString() >= ([] <= {}) ^ void 0)] = ""))) * (arguments_2 && (arguments_2.b += 0)))] /= 2)) - 0),
                undefined: (c = 1 + c, (NaN_2 = !1) * (c += 1, !1))
            },
            c: arguments_2
        }.undefined && 0 < --brake2; ) {
            for (var brake3 = 5; a++ + /[abc4]/.test((a++ + ("function" == typeof b_1 && 0 <= --_calls_ && b_1((c = 1 + c, 
            0 == ("b" ^ 23..toString()) != !0 + ([] >>> 0)), (c = 1 + c, b_1 && (b_1.Infinity += (-1 != (2 === [ , 0 ].length)) << "object" & (3 ^ [] ^ (arguments_2 && (arguments_2.undefined += -0 & 38..toString()))))))) || b || 5).toString()) && 0 < brake3; --brake3) {
                for (var brake4 = 5; (c = 1 + (c += 1), ((24..toString() ^ {}) >>> NaN) % !0 || 8).toString()[(c = 1 + c, 
                0 == (c += 1, 0))] && 0 < --brake4; ) {}
            }
        }
    }("", 22);
    b_1 = function(a) {
        !function(parseInt, a) {
            for (var brake7 = 5; c = 1 + (c = 1 + c), arguments_2 && (arguments_2[(c = 1 + c, 
            ((foo_2 && (foo_2.var >>>= NaN)) <= (arguments_2 && (arguments_2[(c = 1 + c, 1 == {} < 1 / 0 && !1)] = -4))) >> (c += 1, 
            !0))] = !0 & "foo" == {}), 0 < --brake7; ) {}
            c = 1 + c, 24..toString();
        }(0, new function() {
            this.foo = 38..toString(), this.b = "a" % {};
        }());
        !function() {
            for (var brake12 = 5; c = 1 + c, c += 1, !1 <= (25 ^ 38..toString() / {}) && 0 < --brake12; ) {
                c = 1 + c, 38..toString();
            }
        }();
        !function(b_1, a_1) {
            switch (c = 1 + c, "undefined-4" * (2 === [ , 0 ].length & 2 === [ , 0 ].length) !== (arguments_2 && (arguments_2[(c = 1 + c, 
            ((a_1 += 2 === [ , 0 ].length | 24..toString()) === (b_1 && (b_1[(c = 1 + c, (NaN | (b_1 && (b_1.in += !1))) >= NaN % (a_1 && (a_1[(c = 1 + c, 
            (23..toString() ^ []) < (c += 1, /[a2][^e]+$/) ^ -0)] = 0)))] = !1))) >> void 24..toString() * ({} + 4))] += 0)) > (null != [])) {
              case c = 1 + c, (-2 ^ []) << "c" * this < !0:
                break;

              default:
              case c = 1 + c, (foo_2 && (foo_2.Infinity = NaN < 23..toString())) <= "number" % this <= (23..toString() > this != 1):
              case c = 1 + c, (2 === [ , 0 ].length ^ null) - 0 & 1:
            }
            try {
                c = 1 + c;
            } catch (a_1_2) {}
        }(~([] << (1 / 0 < this < !0)), !0);
        !function() {
            try {
                c = 1 + c, c += 1;
            } catch (a) {}
            c = 1 + c;
        }();
    }();
    c += 1;
    !function(b, Infinity) {
        switch ("function" == typeof f2 && 0 <= --_calls_ && f2(a++ + (0 <= --_calls_ && f10((c = 1 + c, 
        0 / (0 + (null < {}))))), (c += 1) + 1)) {
          case b_1 = (c += 1) + 38..toString():
          case "function" == typeof f6 && 0 <= --_calls_ && f6((c += 1) + ("function" == typeof f6 && 0 <= --_calls_ && f6((c = 1 + c, 
            b_1 && (b_1[(c = 1 + c, (this && 23..toString()) < "b" !== 1)] = 3 !== {}), NaN ^ (0 & Infinity && ~{})), 0)), arguments_2 += this - "a" >> (b_1 += 24..toString() || 23..toString()) << 1):
            break;

          default:
          case (c += 1) + "number":
            c = 1 + (c = 1 + c), 24..toString(), arguments_2 |= (c += 1, NaN);
        }
    }((a++, b_1 && b_1.length), (c += 1) + ++a, c += 1);
    function f10(bar, parseInt, c) {
        if (b = a) {
            for (var brake36 = 5; c = 1 + c, (foo_2 && (foo_2.c = (23..toString(), !1))) < (38..toString(), 
            -0) && 24..toString(), c = 1 + c, ((2 === [ , 0 ].length) >> 25 < 0) / void 0 && 0 < --brake36; ) {}
        }
        if (a++ + b--) {
            c = 1 + c, 38..toString(), 38..toString(), c = 1 + c, 38..toString();
        }
        c = 1 + c, 24..toString(), c = 1 + c, c += 1, 24..toString();
        try {
            return !1;
        } catch (bar_2) {
            var expr43 = (c = 1 + c, NaN != (!1 ^ (c += 1, 5)) || 4).toString()[(c = 1 + c, 
            !1)];
            for (var key43 in expr43) {
                c = 1 + c;
                expr43[key43];
                return;
            }
        } finally {
            a++, c = 1 + c, 23..toString(), c = 1 + c, arguments_2 += !0;
        }
    }
    f10(b--);
}(--b + void (undefined_2 && (undefined_2.Infinity += 4 >>> {})));

console.log(null, a, b, c, 1 / 0, NaN, void 0);
original result:
null 104 8 41 Infinity NaN undefined

uglified result:
null 104 101 41 Infinity NaN undefined

minify(options):
{
  "mangle": false
}

Suspicious compress options:
  hoist_props
  reduce_vars
@alexlamsl alexlamsl added the bug label Mar 22, 2018
alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Mar 22, 2018
@alexlamsl
fix corner case in hoist_props
e74868a 
fixes mishoo#3021
@alexlamsl alexlamsl mentioned this issue Mar 22, 2018
Merged
alexlamsl added a commit that referenced this issue Mar 22, 2018
@alexlamsl
fix corner case in hoist_props (#3022)
12985d8 
fixes #3021
kzc referenced this issue in terser/terser May 8, 2018
@alexlamsl @kzc
[cherry-pick] fix corner case in hoist_props (#3022)
47568f1 
fixes #3021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix corner case in hoist_props alexlamsl/UglifyJS
1 participant
@alexlamsl