ufuzz failure #3744

alexlamsl · 2020-03-05T18:41:06Z

// original code
// (beautified)
var _calls_ = 10, a = 100, b = 10, c = 0;

function f0(a, arguments_1) {
    if (--b + {
        c: Infinity,
        get undefined() {
            switch (1 === 1 ? a : b) {
              case --b + a++:
                break;

              case a++ + void ((arguments_1 <<= -0 > 23..toString() ^ 0 >= 22) <= ((-5 && "foo") & ("number" || []))):
                /[abc4]/g.exec(((c = c + 1) + ((c = 1 + c, void (-5 >> "a", [ , 0 ].length === 2 == 4)) || a || 3).toString() || b || 5).toString());
                if ({
                    0: (c = 1 + c, 25 / 5 % ("c" % [ , 0 ][1]) == ("b" & NaN && "object" ^ 38..toString()))
                }[[].b]) {
                    for (var brake5 = 5; --b + (typeof f0 == "function" && --_calls_ >= 0 && f0((c = 1 + c, 
                    arguments_1 && (arguments_1[a++ + b--] = (("" !== "number") < (true < 0)) >>> ((2 == -2) >>> ([ , 0 ].length === 2) + 38..toString()))), (c = 1 + c, 
                    ("a", 5) <= (arguments_1 && (arguments_1[c = 1 + c, (arguments_1 && (arguments_1[1 === 1 ? a : b] += (-2 && "a", 
                    "bar" >= 4))) ^ (arguments_1 && (arguments_1[c = 1 + c, (-4 & "a") - (22 !== "a") & (-2 || null && "b")] = "foo" % this)) % (-3 ^ null)] *= "a" * 24..toString())) & (c = c + 1, 
                    c = c + 1, -3)))) && brake5 > 0; --brake5) {
                        L23049: {
                        }
                    }
                }
                break;

              default:
              case [ a++ + (!function arguments() {
                }() ? +a : --b + {
                    in: (c = 1 + c, (3 | -4) * (4 ^ 23..toString()) != ("foo" !== "object") >> 38..toString() % -4),
                    "": (c = 1 + c, c = c + 1, 3 !== 25 | (c = c + 1, "function"))
                }), {
                    b: (c = 1 + c, (Infinity >> 23..toString() << (NaN, true)) * ("bar" >> -4 > ("function" | "number"))),
                    NaN: (c = 1 + c, (arguments_1 && (arguments_1.Infinity = "function" >= "object")) >= this / "c" ^ (arguments_1 = [ , 0 ][1] & "" ^ 22 <= 2)),
                    0: (c = 1 + c, (c = c + 1, 3 + "number") || ("object" && "c") == 38..toString() + -2),
                    b: (c = 1 + c, -4 & 5 & "bar" === 38..toString() ^ NaN - "b" < NaN - 38..toString())
                }.in, (arguments_1 && (arguments_1.a = true >= 25 !== (-0 || "function"))) / ("a" << undefined == 24..toString() << 38..toString()), --b + a++ ? arguments_1 : 1 === 1 ? a : b ]:
                {
                    var foo_1 = function f1(b_2) {
                        c = 1 + c, ((arguments_1 |= [] <= -0) > ("bar" !== "object")) >> ("function" * -4 >>> ({}, 
                        "function"));
                        c = 1 + c, ((0 ^ this) == (b_2 && (b_2.a = 4 - NaN))) << -0 * 3 % (-3 * "bar");
                    }();
                }
                (function() {
                });
                break;
            }
            return;
        },
        1.5: b &= a,
        "-2": a++ + (1 === 1 ? a : b),
        3: arguments_1 && arguments_1[a--]
    }.undefined) {
        undefined;
    }
    try {
        L23050: for (var brake14 = 5; delete ((c = c + 1, -5) - ("" ^ 5)) && brake14 > 0; --brake14) {
            var brake15 = 5;
            do {
                {
                    var expr16 = a++ + delete a;
                    L23051: for (var key16 in expr16) {
                        break L23050;
                    }
                }
            } while (typeof f3 == "function" && --_calls_ >= 0 && f3() && --brake15 > 0);
        }
    } catch (b_1) {
        switch (a++) {
          default:
            {
                var brake19 = 5;
                L23052: while ([ --b + delete ((b_1 && (b_1[(c = c + 1) + /[abc4]/g.exec(((c = 1 + c, 
                (arguments_1 <<= (-2 & "foo") >>> (arguments_1 && (arguments_1[c = 1 + c, arguments_1 && (arguments_1[--b + (typeof arguments_1 == "function" && --_calls_ >= 0 && arguments_1())] += 4 - "" == this >>> 4) && (Infinity && this, 
                /[a2][^e]+$/ ^ "b")] += "undefined" % "b"))) >= (Infinity ^ -1) >> undefined / -0) || b || 5).toString())] %= (24..toString() == 25, 
                "bar" && "object"))) === (NaN !== -0) - (-4 ^ null)) ][a++ + /[abc4]/.test(((c = c + 1) + {
                    3: (c = 1 + c, delete false << (-4 != Infinity) !== (("function", "number") && 1 == 2)),
                    c: (c = 1 + c, (24..toString() << "b") % (25 === -5) << ("undefined" + -2) * ({} ^ "object")),
                    b: (c = 1 + c, (c = c + 1, [] ^ Infinity) === (null !== "" & "b" >= "foo")),
                    get a() {
                        c = 1 + c, arguments_1 && (arguments_1.NaN >>= -("object" & undefined) !== (3 < NaN) / (38..toString() ^ [ , 0 ][1]));
                    }
                } || b || 5).toString())] && --brake19 > 0) {
                    return arguments_1 /= /[abc4]/.test((--b + ((b_1 && (b_1[--b + (typeof f2 == "function" && --_calls_ >= 0 && f2(4, 2))] += -4 / undefined * ("a" && -5))) ^ (-5 || "b") << (4, 
                    "object")) || b || 5).toString());
                }
            }
            if ((c = c + 1) + arguments_1) {
                var a = --b + b++, foo = (/[abc4]/.test((--b + {
                    c: (c = 1 + c, (c = c + 1, [ , 0 ][1]) / (22 | "bar") << (true >> /[a2][^e]+$/ << ("foo" >>> 5)))
                } || b || 5).toString()) || a || 3).toString();
            }

          case --b + {
                var: (c = c + 1) + void (b_1 && (b_1.undefined = !(-2 >= 1) << (("function", "bar") & 22 / "a")))
            }[!function NaN_2() {
                switch ({
                    1.5: (c = 1 + c, (NaN / "bar", 24..toString() >>> 1) == ("c" >>> Infinity != 38..toString() << "a")),
                    "\t": (c = 1 + c, void (c = c + 1, {}), -"", Infinity === "number"),
                    null: (c = 1 + c, 4 < [ , 0 ][1] != -2 * 23..toString() ^ ("function" | NaN | "c" - /[a2][^e]+$/)),
                    1.5: (c = 1 + c, (b_1 += 1 * false, "object" & "function") * (this >= -4 < true >>> []))
                }) {
                  default:
                  case {
                        "\t": (c = 1 + c, -1 % 38..toString() <= (4 <= "") == (null, 2, "number" >> "b"))
                    }:
                    {
                        return;
                        c = 1 + c, "bar" >>> "a" >> (b_1 && (b_1[c = 1 + c, (-3 / 3 >= 5 - -4) + (b_1 && (b_1[(c = c + 1) + (b = a)] = [ , 0 ].length === 2 != 0 ^ -0 <= 25))] += "a" == Infinity)) >= (c = c + 1, 
                        NaN_2 += "b" <= /[a2][^e]+$/);
                    }
                    if (c = 1 + c, (b_1 && (b_1.in %= (false, 0) + ("bar" || 4))) <= ("c" == ([ , 0 ].length === 2) !== ("bar" & "a"))) {
                        c = 1 + c, ("function" - {} >>> (-3 >= 23..toString())) / (("bar" << Infinity) % (0 >> 1));
                    }
                    break;

                  case a++ + ((-4 != 23..toString()) - "object" / ([ , 0 ].length === 2) | -5 % 1 >> (-4 & true)):
                    break;

                  case +function() {
                        c = 1 + c, ((Infinity && 3) > -22) >> (0 + this !== -1 < 5);
                        c = 1 + c, (false & [ , 0 ].length === 2 ^ "bar" === -3) != (arguments_1 && (arguments_1[c = 1 + c, 
                        (this - "function" !== (b_1 *= 38..toString() >= 25)) >>> (b_1 = 1 == "b" ^ {} << undefined)] = 4 <= 25)) - 0 * "bar";
                        c = 1 + c, NaN_2 && (NaN_2.var = "object" - [ , 0 ][1] <= (b_1 && (b_1.undefined = "b" * "bar")) | ("b" >= 5) % (null & 25));
                    }():
                    var c_1 = (c = 1 + c, 5 >>> null >>> (undefined | []) >= (b_1 = (-4 && NaN) ^ 2 == 23..toString()));
                    L23053: for (var brake32 = 5; (c = 1 + c, ("function" ^ -2) != (Infinity && -5) !== "object" >> NaN >> (/[a2][^e]+$/ >>> 2)) && brake32 > 0; --brake32) {
                        c = 1 + c, -2 % "bar" & -0 >= null ^ (5 || "b") <= (c = c + 1, 5);
                    }
                    break;
                }
                c = c + 1;
                {
                    var brake35 = 5;
                    L23054: do {
                        (c = c + 1) + {}.length;
                    } while ((c = c + 1) + void function() {
                        c = 1 + c, (null < "bar") / ("b" === -2) > 3 % 38..toString() - (3 || 0);
                        c = 1 + c, ("function" != "c" !== (NaN_2 && (NaN_2[c = 1 + c, c_1 && (c_1[[ (c = 1 + c, 
                        (-3 + -1 === (c = c + 1, 0)) >> (this + "object" >= 5 * /[a2][^e]+$/)), (c = 1 + c, 
                        -4 <= "number" & "number" >= "function" | (arguments_1 && (arguments_1.c = (-0 && this) - false % 23..toString()))), (c = 1 + c, 
                        ([ , 0 ][1] >>> 1, -1 * "b") !== (b_1 && (b_1[void function() {
                        }()] |= undefined % Infinity != (-5 == [])))), (c = 1 + c, (c_1 && (c_1[typeof f2 == "function" && --_calls_ >= 0 && f2((c = 1 + c, 
                        (23..toString() > 24..toString() && (arguments_1 <<= -0 ^ this)) <= (arguments_1 = (true & [ , 0 ][1]) - ("bar" | this))), (c = 1 + c, 
                        (true ^ "foo") !== ("bar" !== "number") ^ (b_1 += delete -2 - (c_1 && (c_1[c = 1 + c, 
                        -((NaN_2 += -1 == 23..toString()) * (b_1 += "c" + 5))] = /[a2][^e]+$/ - 1)))))] += (4 != 38..toString(), 
                        this !== Infinity))) * ({} % 3 <= (undefined | 5))) ][--b + c_1]] = (("foo" <= null) >>> -"b", 
                        2 != ([ , 0 ].length === 2) == (c = c + 1, 4)))] += "bar" != ([ , 0 ].length === 2)))) << (b_1 && (b_1.c += (false == 3) - (true !== "object")));
                        c = 1 + c, ((NaN_2 && (NaN_2[c = 1 + c, ("undefined" == [ , 0 ][1]) >> ("object" || "foo") > (arguments_1 && (arguments_1.var += (-0 && "a") != (this ^ NaN)))] += /[a2][^e]+$/ < 38..toString())) !== 2 >> true) >= (b_1 && (b_1[a++ + ((false > "") << "number" % "number" | ([ , 0 ][1] <= -0) % ("number" >= "number"))] += 3 % 5 <= (c_1 += [ , 0 ].length === 2 | "undefined")));
                        c = 1 + c, (NaN_2 && (NaN_2.c |= -0 > 5), undefined / ([ , 0 ].length === 2)) ^ (null == Infinity) >= (-4 !== /[a2][^e]+$/);
                    }() && --brake35 > 0);
                }
                switch ((c = c + 1) + (typeof f2 == "function" && --_calls_ >= 0 && f2((c = 1 + c, 
                (c = c + 1, 4 ^ "") + (({} | Infinity) - ("object" | -2))), (c = 1 + c, (-3 / "" >= ([ , 0 ][1] ^ 24..toString())) >> ((4 <= -0) >> (b_1 && (b_1.NaN /= false ^ Infinity)))), -0))) {
                  case {}:
                    break;

                  case (c = c + 1) + [ (c = 1 + c, 24..toString() > "number" & (c_1 = "object" % 1) && (c_1 %= null == -0 ^ (24..toString(), 
                    -1))), (c = 1 + c, c = c + 1, undefined <= 22 | "a" >>> {}), (c = 1 + c, (c = c + 1, 
                    c = c + 1, 2) != ("a" << 3) + (this == "b")) ]:
                    c = c + 1;
                    break;

                  case b = a:
                    break;

                  case --b + (1 === 1 ? a : b):
                    break;
                }
            }()]:
            var bar_1;
            L23055: {
                {
                    var Math_2 = function f2(undefined_2, foo_1, b_1) {
                        c = 1 + c, (2 <= 24..toString() != 38..toString() < 5) << (b_1 = -1 & 24..toString()) - ("foo" !== null);
                        c = 1 + c, ("bar" < 38..toString() !== 38..toString() + 23..toString()) % (5 <= "a" != (0, 
                        -2));
                    }((c = 1 + c, -3 * "foo" < (25 ^ -1) != (false <= undefined) >>> (arguments_1 && (arguments_1.b *= "c" || "object"))));
                }
                if (typeof bar_1 == "function" && --_calls_ >= 0 && bar_1("a")) {
                    var brake49 = 5;
                    L23056: do {
                        c = 1 + c, - -0 > /[a2][^e]+$/ + -5 == ("c" ^ "bar") > (this ^ 23..toString());
                    } while ((b %= a) && --brake49 > 0);
                }
                c = c + 1;
                var Infinity_1 = --b + a++;
            }
            break;

          case ~(b_1 && (b_1.undefined += (3 <= [] <= -2 + 2) << (0 >> "foo" > -1 % false))):
            switch (1 === 1 ? a : b) {
              case (c = c + 1) + ((c = c + 1) + (bar_1 = bar_1) || 2).toString()[[ typeof f3 == "function" && --_calls_ >= 0 && f3(undefined, (c = 1 + c, 
                Infinity_1 >>>= (false > "number") + 38..toString() % undefined >>> (bar_1 && (bar_1[{
                    c: (c = 1 + c, (undefined !== NaN) + (25 | Infinity) + ((0 && 2) < "b" >>> 3))
                }] += ([ , 0 ].length === 2 & -2) - (-0 | -1)))), {}), b++, , --b + (typeof undefined_1 === "function") ]]:
                break;

              case (c = c + 1) + ({
                    3: typeof f3 == "function" && --_calls_ >= 0 && f3("number", "undefined"),
                    c: (c = c + 1) + function() {
                    }(),
                    null: a++ + ((c = 1 + c, c = c + 1, !true < ("bar" !== {})) || 5).toString()[c = 1 + c, 
                    ((24..toString() && Infinity) != (24..toString(), 0)) >> (-5 < "") - ("number" - null)],
                    0: (c = c + 1) + /[abc4]/.test(((c = 1 + c, (("b" != 2) <= (-5, null)) % (3 || -5, 
                    -3 & -4)) || b || 5).toString())
                } || 3).toString()[(c = c + 1) + void function arguments_1() {
                    c = 1 + c, ((-0, [ , 0 ][1]) ^ "undefined" < -1) % (24..toString() + 23..toString() >> (b_1 && (b_1[c = 1 + c, 
                    arguments_1 /= ([ , 0 ][1] ^ 4) + (bar_1 && (bar_1[c = 1 + c, +"foo" / (-1 - []) + (true >> true << "foo" * -5)] = 3 + 24..toString())), 
                    24..toString() <= 3 ^ (arguments_1 = "bar" >>> 4)] >>= [] <= 38..toString())));
                }()]:
                break;

              case typeof f2 == "function" && --_calls_ >= 0 && f2():
                L23057: for (var brake56 = 5; (c = c + 1) + b-- && brake56 > 0; --brake56) {
                    var arguments = (c = 1 + c, -0 << -4 > ([ , 0 ].length === 2) + -4 | "object" !== "object" & "object" * 1);
                }
                {
                    var brake58 = 5;
                    L23058: do {
                        {
                            var expr59 = (c = c + 1) + 5;
                            for (var key59 in expr59) {
                                c = 1 + c;
                                var Infinity_1 = expr59[key59];
                                {
                                    var brake60 = 5;
                                    L23059: while ((c = 1 + c, ((c = c + 1, 0) != "number" <= 4) >>> (c = c + 1, ([ , 0 ].length === 2) % [])) && --brake60 > 0) {
                                        c = 1 + c, "b" ^ 0 ^ ([ , 0 ].length === 2) <= [] || (Math_2 && (Math_2[c = 1 + c, 
                                        (c = c + 1, "") > 25 - "undefined" | (24..toString() & "foo") == ("foo" == NaN)] = "object" ^ /[a2][^e]+$/)) >= 23..toString() % [];
                                    }
                                }
                            }
                        }
                    } while (a++ + void (Math_2 = (NaN ^ null && "function" < "bar") == ("foo" & -0) <= 0 >>> true) && --brake58 > 0);
                }
                break;

              case a--:
                {
                    var expr62 = void function Math_2_2() {
                        c = 1 + c, ("undefined" ^ Infinity) % (undefined + "undefined") << ((-2, "c") >= "number" - -1);
                        c = 1 + c, ([ , 0 ].length === 2 ^ this ^ (Math_2_2 += [ , 0 ].length === 2 !== "b")) === 25 > this < ("object" >= "undefined");
                        c = 1 + c, bar_1 && (bar_1[[ , (c = 1 + c, (-1 & -2 | (b_1 = 22 == [])) >>> (38..toString() / true >= ([] != -3))), (c = 1 + c, 
                        (Math_2_2 = /[a2][^e]+$/ >>> NaN) % ("c" & "object") || Infinity === "undefined" == 4 << "b") ].in] += (24..toString() > 2 || Math_2_2 && (Math_2_2[c = 1 + c, 
                        (c = c + 1, this) + Infinity % false + (4 / "b" == (-5 | this))] += [] % -1)) === (Math_2_2 && (Math_2_2.c += (-1 === 5) <= (false === "c"))));
                        c = 1 + c, ("" ^ 22) >> [ , 0 ][1] + -1 >> (24..toString() === [] & (b_1 && (b_1.NaN += "b" === "")));
                    }();
                    L23060: for (var key62 in expr62) {
                        c = 1 + c;
                        var b_2 = expr62[key62];
                        {
                            c = 1 + c, /[a2][^e]+$/ % false * ("undefined" != -2) | (25 > Infinity) + (c = c + 1, 
                            "foo");
                            c = 1 + c, (/[a2][^e]+$/ != NaN, -2 - -0) >= (arguments_1 && (arguments_1.undefined = (b_1 && (b_1.NaN = this != 5)) >>> (-3 < undefined)));
                            c = 1 + c, (([] || -1) == ("b" != -4)) << ((b_2 && (b_2.undefined = (-5, 3))) ^ 22 * false);
                            c = 1 + c, "object" % 2 - (null !== undefined) ^ "c" << true > [] - false;
                        }
                    }
                }
                break;
            }
            ;
            break;

          case (--b + ((b = a) ? Infinity_1 : b >>>= a) || 6).toString()[[ a++ + void function() {
                {
                }
                c = c + 1;
                return c = 1 + c, true != this ^ {} != undefined | (arguments_1 += 23..toString() ^ 3) + ("object" || 0);
                {
                    var brake76 = 5;
                    do {
                        c = 1 + c, (25 ^ 24..toString() | "undefined" ^ "b") === 2 % -5 + ("number" < 1);
                    } while ((c = 1 + c, (null & -4) >= "function" / -2 < (Infinity === "foo") * (null & [ , 0 ].length === 2)) && --brake76 > 0);
                }
            }(), --b + (b_1 && b_1.undefined), --b + (b = a), typeof f3 == "function" && --_calls_ >= 0 && f3(b + 1 - .1 - .1 - .1, "bar"), (c = c + 1) + /[abc4]/g.exec(({
                length: (c = 1 + c, ~(-4 % -0) < -(false - "object")),
                0: (c = 1 + c, -(([ , 0 ][1] & "function") >> (24..toString() & 1))),
                set NaN(b_2) {
                    this.b = 0 > true;
                }
            }[a++ + (typeof bar_1 == "function" && --_calls_ >= 0 && bar_1((c = 1 + c, ([ , 0 ].length === 2, 
            25) > "number" >> undefined != (NaN >> "bar") % ("foo" ^ "foo"))))] || b || 5).toString()) ][--a]]:
        }
        {
            var brake78 = 5;
            while (typeof f0 == "function" && --_calls_ >= 0 && f0() && --brake78 > 0) {
                var c_2 = a++ + (typeof f3 == "function" && --_calls_ >= 0 && f3()), Math = (c = c + 1) + (typeof Infinity_1 == "function" && --_calls_ >= 0 && Infinity_1());
            }
        }
    } finally {
        {
            switch (--b + (1 === 1 ? a : b)) {
              default:
                var bar = a++ + 23..toString(), b = (c = c + 1) + (--b + (typeof f0 == "function" && --_calls_ >= 0 && f0(NaN, [ , 0 ][1], (c = 1 + c, 
                (c_2 && (c_2[c = 1 + c, 1 >>> 3 < (undefined | 38..toString()) ^ ((Infinity_1 && (Infinity_1[c = 1 + c, 
                ([] >> "foo", 4 && false) <= (Infinity_1 && (Infinity_1.var = (c = c + 1, -5) > Infinity * 2))] += 4 !== -3)) ^ "bar" - -0)] += "b" <= -2)) + ("foo" === 25) >= (-4 * -1 != ({} & -1))))));
                L23061: for (var brake83 = 5; (1 === 1 ? a : b) && brake83 > 0; --brake83) {}

              case --b + /[abc4]/.test((a++ + ((c = c + 1) + a--) || b || 5).toString()):
              case --b + /[abc4]/.test(([ (c = c + 1) + ((c = 1 + c, (23..toString() <= "a") - ("function" >= "object") ^ 22 == 23..toString() !== (b_2 && (b_2.var = true & null))) ? (c = 1 + c, 
                ([] && true) >= ("object" === -5) | ("" !== 38..toString()) << -3 * NaN) : (c = 1 + c, 
                b_2 <<= (false, NaN, 23..toString() - -3) == (bar_1 && (bar_1.in += (b_2 && (b_2.null = 1 && "function")) == 22 / false)))), --b + {
                    foo: (c = 1 + c, c = c + 1, (undefined == 25) >= Infinity << 2)
                }[c = 1 + c, (Infinity_1 && (Infinity_1.null = (22 ^ this) / (([ , 0 ].length === 2) * 3))) == (Infinity !== "" == ({} || 3))], a++ + (c = 1 + c, 
                -3 + -5 + "" % -2 === (0 !== 5) + (([ , 0 ].length === 2) < 2)) ] || b || 5).toString()):
                try {
                    try {
                        switch (c = 1 + c, 25 >>> -1 === 0 * -2 == (([ , 0 ].length === 2 && null) == ("b", 
                        5))) {
                          case c = 1 + c, (-5 * Infinity | 25 <= "object") << ("" * NaN ^ 38..toString() > 5):
                            ;
                            break;

                          case c = 1 + c, (23..toString() + {} ^ (b_2 = [] >>> [])) & ([ , 0 ].length === 2 == 4) > (b_2 && (b_2.b = 23..toString() / true)):
                            ;

                          case c = 1 + c, c = c + 1, ("bar" === "number") + (this != "undefined"):
                            ;
                            break;

                          case c = 1 + c, (delete {} ^ undefined + "number") >= (3 <= -2 != (38..toString() == 1)):
                            ;
                            break;
                        }
                    } catch (Infinity_1) {
                        c = 1 + c, (2 + "object") % (arguments_1 && (arguments_1.Infinity |= 38..toString() & {})) << ("bar" >>> 4 >>> (25 >> -4));
                        c = 1 + c, (Infinity * 23..toString() >= [ , 0 ][1] / -4) - ([ , 0 ].length === 2 != 3 ^ 38..toString() === "object");
                    }
                } finally {
                    {
                    }
                    c = 1 + c, (22 <= Infinity <= (-1 || [ , 0 ][1])) * (Math_2 && (Math_2.c -= "object" !== "undefined" | (c = c + 1, 
                    24..toString())));
                }
                break;

              case a++ + (1 === 1 ? a : b):
                L23062: {
                    c = c + 1;
                    switch (c = 1 + c, ([ , 0 ].length === 2) >>> "object" << ("c" && "c"), (Infinity_1 += [ , 0 ].length === 2 ^ "undefined") || ("object" || "object")) {
                      default:
                        ;

                      case c = 1 + c, Math_2 && (Math_2.in = +(0 & null) >= (3 % undefined & void ([ , 0 ].length === 2))):
                        ;
                        break;

                      case c = 1 + c, (Infinity_1 && (Infinity_1[c = 1 + c, bar_1 && (bar_1.undefined /= (Infinity_1 && (Infinity_1.Infinity += 5 > Infinity)) > (Infinity_1 && (Infinity_1[c = 1 + c, 
                        "object" % -1 != (Math_2 = 24..toString() && /[a2][^e]+$/) ^ (-3 < 22 || Infinity_1 && (Infinity_1.undefined = "function" >>> "a"))] = /[a2][^e]+$/ >= -0)) != ((arguments_1 && (arguments_1[c = 1 + c, 
                        (-0 != "foo") < true >>> true <= ("undefined" === "foo" ^ 38..toString() - -5)] >>>= ("number", 
                        23..toString()))) ^ "object" <= 5))] += "number" | 25)) == -1 >>> "bar" ^ (c = c + 1, 
                        38..toString() > -0):
                        ;
                        break;

                      case c = 1 + c, (Infinity_1 && (Infinity_1[c = 1 + c, (([ , 0 ].length === 2) << this ^ (true && 22)) & (true - "b", 
                        this % 25)] %= /[a2][^e]+$/ != null) || [ , 0 ][1] >>> "undefined") + (-0 * -3 < ("c" <= "function")):
                        ;
                    }
                    L23063: for (var brake95 = 5; (c = 1 + c, ((undefined == 2) > ("foo" ^ -5)) + ((25 >>> []) + (4 < undefined))) && brake95 > 0; --brake95) {
                        c = 1 + c, b_2 && (b_2[(c = c + 1) + (Math_2 && Math_2.c)] += this - "object" >>> ([ , 0 ][1] >= "function") | (Math_2 && (Math_2[c = 1 + c, 
                        arguments_1 && (arguments_1.c = (-2 << Infinity & (Infinity_1 && (Infinity_1[c = 1 + c, 
                        (5 >= Infinity) + ("", "bar") >> void Infinity - (0 <= null)] = /[a2][^e]+$/ ^ "foo"))) % (this >>> "b" != "a" >= NaN))] = ("", 
                        [ , 0 ][1]))) >= ("b" !== {}));
                    }
                    {
                        var brake97 = 5;
                        do {
                            c = 1 + c, (38..toString() || "number") <= (this && "a"), ("a" >> "foo") % delete NaN;
                        } while ((c = 1 + c, (Math_2 && (Math_2[c = 1 + c, (0 - NaN | undefined ^ 1) != (([] || 24..toString()) ^ 24..toString() & 4)] = 38..toString() * "c")) << (NaN !== "c") ^ (24..toString() <= "b" ^ [] * 23..toString())) && --brake97 > 0);
                    }
                }
                break;
            }
            c = c + 1;
        }
        "foo";
    }
}

var a = f0("a", "function", 1);

console.log(null, a, b, c, Infinity, NaN, undefined);

// uglified code
// (beautified)
var x = 10, $ = 0, a = function e(i, c) {
    --g, {
        c: 1 / 0,
        get undefined() {
            switch (i) {
              case --g + i++:
                break;

              case i++ + void (c <<= 0):
                if ({
                    0: ($ = 1 + (1 + ($ + 1)), !1)
                }[[].b]) {
                    for (var a = 5; --g + (0 <= --x && e(($ = 1 + $, c && (c[i++ + g--] = 0)), ($ = 1 + $, 
                    5 <= (c && (c[$ = 1 + $, (c && (c[i] += !1)) ^ (c && (c[$ = 1 + $, -2] = "foo" % this)) % -3] *= NaN)) & ($ += 1, 
                    $ += 1, -3)))) && 0 < a; --a) {}
                }
                break;

              default:
              case [ i++ + +i, {
                    b: 0,
                    NaN: ($ = 1 + (1 + $), (c && (c.Infinity = !1)) >= this / "c" ^ (c = 0)),
                    0: "3number",
                    b: ($ = 1 + (($ = 1 + $) + 1), 0)
                }.in, (c && (c.a = !0)) / !1, --g + i++ ? c : i ]:
                c |= !0, $ = 1 + (1 + $), K && (K.a = NaN);
            }
        },
        1.5: g &= i,
        "-2": i++ + i,
        3: c && c[i--]
    }.undefined;
    try {
        a: for (var a = 5; $ += 1, 0 < a; --a) {
            var t = 5;
            do {
                var f = i++ + delete i;
                for (var n in f) {
                    break a;
                }
            } while ("function" == typeof f3 && 0 <= --x && f3() && 0 < --t);
        }
    } catch (n) {
        switch (i++) {
          default:
            var o = 5;
            if ([ --g + (n && (n[($ += 1) + /[abc4]/g.exec(($ = 1 + $, "" + (-1 <= (c <<= 0 >>> (c && (c[$ = 1 + $, 
            c && (c[--g + ("function" == typeof c && 0 <= --x && c())] += 4 == this >>> 4) && 0] += NaN))) || g || 5)))] %= "object"), 
            !0) ][i++ + /[abc4]/.test("" + (($ += 1) + {
                3: !0,
                c: 0,
                b: ($ = 1 + ($ = 1 + ($ = 1 + $)), 0 == ($ += 1, 0)),
                get a() {
                    $ = 1 + $, c && (c.NaN >>= !1);
                }
            } || g || 5))] && 0 < --o) {
                return c /= /[abc4]/.test("" + (--g + (-5 ^ (n && (n[--g + ("function" == typeof f2 && 0 <= --x && f2(4, 2))] += NaN))) || g || 5));
            }
            ($ += 1) + c && (i = --g + g++, --g, $ = 1 + $, $ += 1);

          case --g + {
                var: ($ += 1) + void (n && (n.undefined = 1))
            }[!function a() {
                switch ({
                    1.5: !1,
                    "\t": ($ = 1 + ($ = 1 + $), !1),
                    null: 1,
                    1.5: (n += 0, 0 * (-4 <= this < 1))
                }) {
                  default:
                  case {
                        "\t": ($ = 1 + ($ = 1 + ($ = 1 + ($ += 1))), !1)
                    }:
                    return;

                  case 0 + i++:
                    break;

                  case +function() {
                        $ = 1 + ($ = 1 + $), c && (c[$ = 1 + $, (this - "function" != (n *= !0)) >>> (n = 0)] = !0), 
                        $ = 1 + $, a.var = NaN <= (n && (n.undefined = NaN)) | NaN;
                    }():
                    for (var e = ($ = 1 + $, (n = 0) <= 5), t = 5; $ = 1 + $, 0 < t; --t) {
                        $ = 1 + $, $ += 1;
                    }
                }
                $ += 1;
                for (var f = 5; $ += 1, ($ += 1) + void function() {
                    $ = 1 + ($ = 1 + $), a[$ = 1 + $, e && (e[[ ($ = 1 + $, !1 >> (NaN <= this + "object")), ($ = 1 + ($ += 1), 
                    0 | (c && (c.c = -0))), ($ = 1 + $, NaN !== (n && (n[void 0] |= !0))), ($ = 1 + $, 
                    !1 * (e && (e["function" == typeof f2 && 0 <= --x && f2(!1 <= (c = 0 - ("bar" | this)), ($ = 1 + ($ = 1 + $), 
                    !0 ^ (n += !0 - (e && (e[$ = 1 + $, -((a + !1) * (n += "c5"))] = NaN)))))] += this !== 1 / 0))) ][--g + e]] = 1 == ($ += 1, 
                    4))] += !0, n && (n.c += -1), a[$ = 1 + ($ = 1 + $), (c && (c.var += -0 != (NaN ^ this))) < 0] += !0, 
                    n && (n[0 + i++] += 3 <= (e += 1)), $ = 1 + $, a.c |= !1;
                }() && 0 < --f; ) {}
                switch (($ += 1) + ("function" == typeof f2 && 0 <= --x && f2(($ = 1 + $, 6), ($ = 1 + ($ += 1), 
                !1 >> (!1 >> (n && (n.NaN /= 0)))), -0))) {
                  case {}:
                    break;

                  case ($ += 1) + [ !1 & (e = NaN), ($ = 1 + ($ = 1 + $), 0), ($ = 1 + ($ += 1), $ += 1, 
                    $ += 1, 2 != +("b" == this)) ]:
                    $ += 1;
                    break;

                  case g = i:
                  case --g + i:
                }
            }()]:
            var r, s = ($ = 1 + $, c && (c.b *= "c"), void ($ = 1 + ($ = 1 + $)));
            if ("function" == typeof r && 0 <= --x && r("a")) {
                for (var N = 5; $ = 1 + $, (g %= i) && 0 < --N; ) {}
            }
            $ += 1;
            var u = --g + i++;
            break;

          case ~(n && (n.undefined += 1)):
            switch (i) {
              case ($ += 1) + ("" + (($ += 1) + (r = r) || 2))[[ "function" == typeof f3 && 0 <= --x && f3(void 0, ($ = 1 + $, 
                u >>>= NaN >>> (r && (r[{
                    c: ($ = 1 + $, 26)
                }] += 1))), {}), g++, , --g + ("function" == typeof undefined_1) ]]:
              case ($ += 1) + ("" + {
                    3: "function" == typeof f3 && 0 <= --x && f3("number", "undefined"),
                    c: ($ += 1) + void 0,
                    null: i++ + ($ = 1 + $, ("" + !0)[$ = 1 + ($ += 1), 1]),
                    0: ($ += 1) + /[abc4]/.test(($ = 1 + $, "" + (g || 5)))
                })[($ += 1) + ($ = 1 + $, void (n && (n[$ = 1 + $, r && (r[$ = 1 + $, NaN] = "324"), 
                0] >>= !0)))]:
                break;

              case "function" == typeof f2 && 0 <= --x && f2():
                for (var d = 5; ($ += 1) + g-- && 0 < d; --d) {
                    $ = 1 + $;
                }
                var v = 5;
                do {
                    var b = ($ += 1) + 5;
                    for (var h in b) {
                        u = b[h], $ = 1 + ($ = 1 + $), $ += 1, $ += 1;
                    }
                } while (i++ + void (s = !1) && 0 < --v);
                break;

              case i--:
                var l = void function a() {
                    $ = 1 + ($ = 1 + ($ = 1 + $)), r && (r[[ , (-2 | (n = !1)) >>> !0, ($ = 1 + ($ = 1 + $), 
                    !1) ].in] += !0 === (a.c += !0)), $ = 1 + $, n && (n.NaN += !1);
                }();
                for (var y in l) {
                    $ = 1 + $;
                    var p = l[y];
                    $ = 1 + $, $ = 1 + ($ += 1), c && (c.undefined = (n && (n.NaN = 5 != this)) >>> !1), 
                    $ = 1 + $, p && (p.undefined = 3), $ = 1 + $;
                }
            }
            break;

          case ("" + (--g + ((g = i) ? u : g >>>= i) || 6))[[ i++ + ($ = 1 + ($ += 1), void (c += 20)), --g + (n && n.undefined), --g + (g = i), "function" == typeof f3 && 0 <= --x && f3(g + 1 - .1 - .1 - .1, "bar"), ($ += 1) + /[abc4]/g.exec("" + ({
                length: !1,
                0: ($ = 1 + ($ = 1 + $), -0),
                set NaN(a) {
                    this.b = !1;
                }
            }[i++ + ("function" == typeof r && 0 <= --x && r(($ = 1 + $, !0)))] || g || 5)) ][--i]]:
        }
        for (var k = 5; 0 <= --x && e() && 0 < --k; ) {
            var w = i++ + ("function" == typeof f3 && 0 <= --x && f3());
            $ += 1, "function" == typeof u && 0 <= --x && u();
        }
    } finally {
        switch (--g + i) {
          default:
            i++;
            for (var g = ($ += 1) + (--g + (0 <= --x && e(NaN, 0, ($ = 1 + $, w && (w[$ = 1 + $, 
            NaN ^ (u && (u[$ = 1 + $, !1 <= (u && (u.var = ($ += 1, !1)))] += !0)) ^ !0] += !1))))), j = 5; i && 0 < j; --j) {}

          case --g + /[abc4]/.test("" + (i++ + (($ += 1) + i--) || g || 5)):
          case --g + /[abc4]/.test("" + [ ($ += 1) + ($ = 1 + $, 1 ^ !1 !== (p && (p.var = 0)) ? ($ = 1 + $, 
            1) : ($ = 1 + $, p <<= 26 == (r && (r.in += (p && (p.null = "function")) == 1 / 0)))), --g + {
                foo: ($ = 1 + $, !0)
            }[$ = 1 + ($ += 1), 0 == (u && (u.null = (22 ^ this) / 3))], i++ + ($ = 1 + $, !1) ]):
            try {
                try {
                    switch (!1) {
                      case $ = 1 + ($ = 1 + $), 0:
                        break;

                      case $ = 1 + $, ("23" + {} ^ (p = 0)) & (p && (p.b = 23)) < !1:
                      case $ = 1 + $, $ += 1, !1 + ("undefined" != this):
                      case $ = 1 + $, !0:
                    }
                } catch (u) {
                    $ = 1 + $, c && (c.Infinity |= 0), $ = 1 + $;
                }
            } finally {
                $ = 1 + $, s && (s.c -= !0 | ($ += 1, "24"));
            }
            break;

          case i++ + i:
            switch ((u += 1) || "object") {
              default:
              case $ = 1 + ($ = 1 + ($ += 1)), s && (s.in = !0):
              case $ = 1 + $, 4294967295 == (u && (u[$ = 1 + $, r && (r.undefined /= (u && (u.Infinity += !1)) > (u && (u[$ = 1 + $, 
                NaN != (s = /[a2][^e]+$/) ^ !0] = !1)) != (!1 ^ (c && (c[$ = 1 + $, !0] >>>= "23"))))] += 25)) ^ ($ += 1, 
                !0):
                break;

              case $ = 1 + $, (u && (u[$ = 1 + $, (!0 << this ^ 22) & this % 25] %= !0) || 0) + !0:
            }
            for (var I = 5; $ = 1 + $, 0 < I; --I) {
                $ = 1 + $, p && (p[($ += 1) + (s && s.c)] += this - "object" >>> !1 | !0 <= (s && (s[$ = 1 + $, 
                c && (c.c = (-2 & (u && (u[$ = 1 + $, 0] = 0))) % (this >>> "b" != 0))] = 0)));
            }
            for (var m = 5; delete NaN, $ = 1 + ($ = 1 + $), (s && (s[$ = 1 + $, !0] = NaN)) << !0 ^ 1 && 0 < --m; ) {}
        }
        $ += 1;
    }
}("a", "function");

console.log(null, a, 10, $, 1 / 0, NaN, void 0);

original result:
null undefined 10 340 Infinity NaN undefined

uglified result:
evalmachine.<anonymous>:1
(function(){var x=10,$=0,a=function e(i,c){--g,{c:1/0,get undefined(){switch(i){case--g+i++:break;case i+++void(c<<=0):if({0:($=1+(1+($+1)),!1)}[[].b])for(var a=5;--g+(0<=--x&&e(($=1+$,c&&(c[i+++g--]=0)),($=1+$,5<=(c&&(c[$=1+$,(c&&(c[i]+=!1))^(c&&(c[$=1+$,-2]="foo"%this))%-3]*=NaN))&($+=1,$+=1,-3))))&&0<a;--a);break;default:case[i+++ +i,{b:0,NaN:($=1+(1+$),(c&&(c.Infinity=!1))>=this/"c"^(c=0)),0:"3number",b:($=1+(($=1+$)+1),0)}.in,(c&&(c.a=!0))/!1,--g+i++?c:i]:c|=!0,$=1+(1+$),K&&(K.a=NaN)}},1.5:g&=i,"-2":i+++i,3:c&&c[i--]}.undefined;try{a:for(var a=5;$+=1,0<a;--a){var t=5;do{var f=i+++delete i;for(var n in f)break a}while("function"==typeof f3&&0<=--x&&f3()&&0<--t)}}catch(n){switch(i++){default:var o=5;if([--g+(n&&(n[($+=1)+/[abc4]/g.exec(($=1+$,""+(-1<=(c<<=0>>>(c&&(c[$=1+$,c&&(c[--g+("function"==typeof c&&0<=--x&&c())]+=4==this>>>4)&&0]+=NaN)))||g||5)))]%="object"),!0)][i+++/[abc4]/.test(""+(($+=1)+{3:!0,c:0,b:($=1+($=1+($=1+$)),0==($+=1,0)),get a(){$=1+$,c&&(c.NaN>>=!1)}}||g||5)

ReferenceError: K is not defined
    at Object.get undefined [as undefined] (evalmachine.<anonymous>:1:482)
    at e (evalmachine.<anonymous>:1:530)
    at evalmachine.<anonymous>:1:4910
    at evalmachine.<anonymous>:1:4969
    at Script.runInContext (vm.js:133:20)
    at Object.runInContext (vm.js:311:6)
    at Object.exports.run_code (/home/runner/work/UglifyJS2/UglifyJS2/test/sandbox.js:65:12)
    at /home/runner/work/UglifyJS2/UglifyJS2/test/ufuzz/index.js:1142:37
    at Array.forEach (<anonymous>)
    at Object.<anonymous> (/home/runner/work/UglifyJS2/UglifyJS2/test/ufuzz/index.js:1135:51)

// reduced test case (output will differ)

function f0(arguments_1) {
    ({
        get undefined() {
            switch (0) {
              case 0 <= 0:
                f0((c = 0, 3));

              case 0:
                (function f1(b_2) {
                    b_2.a;
                })();
            }
        }
    }).undefined;
}

f0();
// output: TypeError: Cannot read property 'a' of undefined
// minify: ReferenceError: e is not defined
// options: {
//   "compress": {
//     "passes": 1000000,
//     "unsafe": true
//   },
//   "toplevel": true
// }

minify(options):
{
  "compress": {
    "passes": 1000000,
    "unsafe": true
  },
  "toplevel": true
}

Suspicious compress options:
  collapse_vars
  inline
  reduce_vars
  sequences
  unused

Suspicious options:
  rename

The text was updated successfully, but these errors were encountered:

fixes mishoo#3744

fixes #3744

kzc · 2020-03-06T18:28:15Z

Strange... I can't reproduce this reduced test case using Node v10 or v12 with any flag combination - with or without PR #3742.

$ node-v10.4.1 bin/uglifyjs 3744.js -mc toplevel --reduce-test
// Node.js v10.4.1 on darwin x64
// reduce test pass 1, iteration 0: 35297 bytes
// reduce test pass 1, iteration 25: 35297 bytes
// reduce test pass 1, iteration 50: 35297 bytes
// reduce test pass 1, iteration 75: 35297 bytes
// reduce test pass 1, iteration 100: 35297 bytes
// reduce test pass 1, iteration 125: 35297 bytes
// reduce test pass 1, iteration 150: 35297 bytes
// reduce test pass 1, iteration 175: 35297 bytes
// reduce test pass 1, iteration 200: 35297 bytes
// reduce test pass 1, iteration 225: 35297 bytes
// reduce test pass 1, iteration 250: 35297 bytes
// reduce test pass 1, iteration 275: 35297 bytes
// reduce test pass 1, iteration 300: 35297 bytes
// reduce test pass 1, iteration 325: 35297 bytes
// reduce test pass 1, iteration 350: 35297 bytes
// reduce test pass 1, iteration 375: 35297 bytes
// reduce test pass 1, iteration 400: 35297 bytes
// reduce test pass 1, iteration 425: 35297 bytes
// reduce test pass 1, iteration 450: 35297 bytes
// reduce test pass 1, iteration 475: 35297 bytes
// reduce test pass 1, iteration 500: 35297 bytes
// reduce test pass 1, iteration 525: 35297 bytes
// reduce test pass 1, iteration 550: 35297 bytes
// reduce test pass 1, iteration 575: 35297 bytes
// reduce test pass 1, iteration 600: 35297 bytes
// reduce test pass 1, iteration 625: 35297 bytes
// reduce test pass 1, iteration 650: 35297 bytes
// reduce test pass 1, iteration 675: 35297 bytes
// reduce test pass 1, iteration 700: 35297 bytes
// reduce test pass 1, iteration 725: 35297 bytes
// reduce test pass 1, iteration 750: 35297 bytes
// reduce test pass 1, iteration 775: 35297 bytes
// reduce test pass 1, iteration 800: 35297 bytes
// reduce test pass 1, iteration 825: 35297 bytes
// reduce test pass 1, iteration 850: 35297 bytes
// reduce test pass 1, iteration 875: 35297 bytes
// reduce test pass 1, iteration 900: 35297 bytes
// reduce test pass 1, iteration 925: 35297 bytes
// reduce test pass 1, iteration 950: 35297 bytes
// reduce test pass 1, iteration 975: 35297 bytes
// reduce test pass 1: 35297 bytes
^C

It's stuck in an irreducible state. I had to kill the process after 5 minutes. Can you locally reproduce the reduced test case?

kzc · 2020-03-06T18:35:57Z

LOL - I had pasted both the original AND the uglified versions into 3744.js!

When I fixed the input it produced the same reduced result as you had.

alexlamsl · 2020-03-06T18:38:54Z

Ah I was about to report that I couldn't reproduced what you had 😅

But let me investigate this problem of yours...

kzc · 2020-03-06T18:43:48Z

Maybe the combined input is just too big. Or perhaps finally we've found a case where the 0 and 1 replacement values are just not diverse enough.

kzc · 2020-03-06T19:05:52Z

The ill-performing combined test case produces similar but different errors when minified and run:

$ cat irreducible.js | node
...
ReferenceError: K is not defined

$ cat irreducible.js | bin/uglifyjs -mc toplevel | node
...
ReferenceError: J is not defined

I wonder if that has something to do with it.

alexlamsl · 2020-03-06T19:44:50Z

Indeed - the latest push in #3742 should fix that.

alexlamsl added the bug label Mar 5, 2020

alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Mar 6, 2020

fix corner case in collapse_vars

1b8c0db

fixes mishoo#3744

alexlamsl mentioned this issue Mar 6, 2020

fix corner case in collapse_vars #3745

Merged

kzc mentioned this issue Mar 6, 2020

ufuzz failure #3746

Closed

alexlamsl closed this as completed in #3745 Mar 6, 2020

alexlamsl added a commit that referenced this issue Mar 6, 2020

fix corner case in collapse_vars (#3745)

bdc8ef2

fixes #3744

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ufuzz failure #3744

ufuzz failure #3744

alexlamsl commented Mar 5, 2020

kzc commented Mar 6, 2020

kzc commented Mar 6, 2020

alexlamsl commented Mar 6, 2020

kzc commented Mar 6, 2020

kzc commented Mar 6, 2020

alexlamsl commented Mar 6, 2020

ufuzz failure #3744

ufuzz failure #3744

Comments

alexlamsl commented Mar 5, 2020

kzc commented Mar 6, 2020

kzc commented Mar 6, 2020

alexlamsl commented Mar 6, 2020

kzc commented Mar 6, 2020

kzc commented Mar 6, 2020

alexlamsl commented Mar 6, 2020