CFE parsing of spreads/control-flow collections

[aartbik]

DartFuzz follows the grammar of the "CFE Implementation" document to generate arbitrary list and map expressions with spreads and control flow collection elements. For shallow expressions this works well, but for deeper expression the CFE gets all kinds of parsing problems.

See several examples attached.

Please have a look if this is a generating grammar issue, or a true parsing bug.

fuzz.dart:59:427: Error: Expected ':' after this.
Map<int, String> var44 = {...{for (int loc0 = 0; loc0 < 1; loc0++) ...{-66 : '\u{1f600}wV\u2665e', for (int loc1 = 0; loc1 < 12; loc1++) -70 : '9'}, ...{...{2 : 'rr\u2665'}, ...{9223372032559808512 : '-N', 24 : '7('}, if (true) 18 : '\u{1f600}!@D' else 7 : 'JV@qyM'}, if (false) ...{if (true) 28 : '4c(CO5' else 2147483649 : 'p\u2665@', for (int loc0 = 0; loc0 < 7; loc0++) -83 : '33'}}, if (true) -69 : 'Pv4\u{1f600}&#' else for (int loc0 = 0; loc0 < 8; loc0++) ...{for (int loc1 in [-13, -95]) 13 : 'Q\u2665Pg', ...{23 : 'n4\u2665'}, if (true) 1 : 'ba' else 31 : '\u2665g&&dIN'}, if (true) ...{5 : 'O)'} else ...{10 : '\u2665Xuz\u{1f600}'}, if (false) if (true) for (int loc0 = 0; loc0 < 8; loc0++) ...{-4 : '\u2665J'} else -57 : ' p9', for (int loc0 in {4294967296, 14, ...{-36, for (int loc1 = 0; loc1 < 11; loc1++) if (true) 47}}) if (false) ...{...{40 : '89w'}, 2147483647 : 'ZB0\u{1f600}'} else if (false) if (true) 29 : '' else -35 : 'PGt' else 9223372034707292161 : '6qM3sfQ'};
                                                                                                                                                                                                                                                                                                                                                                                                                                          ^
fuzz.dart:59:665: Error: Expected ':' after this.
Map<int, String> var44 = {...{for (int loc0 = 0; loc0 < 1; loc0++) ...{-66 : '\u{1f600}wV\u2665e', for (int loc1 = 0; loc1 < 12; loc1++) -70 : '9'}, ...{...{2 : 'rr\u2665'}, ...{9223372032559808512 : '-N', 24 : '7('}, if (true) 18 : '\u{1f600}!@D' else 7 : 'JV@qyM'}, if (false) ...{if (true) 28 : '4c(CO5' else 2147483649 : 'p\u2665@', for (int loc0 = 0; loc0 < 7; loc0++) -83 : '33'}}, if (true) -69 : 'Pv4\u{1f600}&#' else for (int loc0 = 0; loc0 < 8; loc0++) ...{for (int loc1 in [-13, -95]) 13 : 'Q\u2665Pg', ...{23 : 'n4\u2665'}, if (true) 1 : 'ba' else 31 : '\u2665g&&dIN'}, if (true) ...{5 : 'O)'} else ...{10 : '\u2665Xuz\u{1f600}'}, if (false) if (true) for (int loc0 = 0; loc0 < 8; loc0++) ...{-4 : '\u2665J'} else -57 : ' p9', for (int loc0 in {4294967296, 14, ...{-36, for (int loc1 = 0; loc1 < 11; loc1++) if (true) 47}}) if (false) ...{...{40 : '89w'}, 2147483647 : 'ZB0\u{1f600}'} else if (false) if (true) 29 : '' else -35 : 'PGt' else 9223372034707292161 : '6qM3sfQ'};

[aartbik]

fuzz1.dart.txt
fuzz2.dart.txt
fuzz3.dart.txt

Aart, I don't suppose there is a way to make the fuzzer boil this down to the minimal repro example?
Having to hand-parse a 987 character one-liner is a bit tedious.

Ok, so here's what I've been able to boil it down to manually:

Map<int, String> a = {
  if (true)
    for (int i = 0; i < 1; i++) ...{1 : '2'}
  else
    3 : '4'
};

Note: the else branch has to be there to trigger the issue, but it also triggers the other way around where the for loop is in the else branch instead.

/cc @johnniwinther @jensjoha

[aartbik]

@cskau-g I was just writing an email on minimizing the reproducers, but I am glad you spent the time already finding a smaller example. Thanks!

[jensjoha]

The example from @cskau-g parses fine --- but seemingly hits a case in pkg/front_end/lib/src/fasta/kernel/body_builder.dart we didn't anticipate.

sdk/pkg/front_end/lib/src/fasta/kernel/body_builder.dart

Lines 3946 to 3955 in 23e8f2b

	} else {
	int offset = thenEntry is Expression
	? thenEntry.fileOffset
	: offsetForToken(ifToken);
	push(new MapEntry(
	buildProblem(fasta.templateExpectedAfterButGot.withArguments(':'),
	offset, 1),
	new NullLiteral())
	..fileOffset = offsetForToken(ifToken));
	}

@johnniwinther do you have some insight here?