right_block->HasPredecessor() in v8/src/crankshaft/hydrogen.cc |
|||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5617488779280384 Fuzzer: decoder_langfuzz Job Type: linux_msan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: right_block->HasPredecessor() in v8/src/crankshaft/hydrogen.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=382185:382588 Minimized Testcase (6.94 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97xEwDu0sMMxLrXdTex_RYQ-5Ncg3_KRC856AaWkbPmAKpJF_NvLqAwk8kR8Mhhe_1dfkLhYZdYHcwSMcLDjdBYDpoB4YvbgafyWUSl2gwvLwWBzWDFrwzzcEpk0JHNTe42aGlm_ZMg9vr4GVy2sxXkdoG6Mw Filer: manoranjanr See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 31 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6634989642317824 Fuzzer: decoder_langfuzz Job Type: linux_msan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: cond_true->HasPredecessor() in v8/src/crankshaft/hydrogen.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=382185:382588 Minimized Testcase (7.29 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95TfTv1bq_gGGzD8-6q7wczeVK2AHJ3GhsGhqI7-QcgaH3Ifa0pS5C7nvOSk_MyI_cPOHBPd9HAJcg9oJnGdtbgFlEw0K3WrA1o51xosR73n1hxImdKUtOSQw03kkKZtj-jsaMlv23LEjogxTsYpnNL3OBzzg Filer: manoranjanr See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 31 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6033207748722688 Fuzzer: decoder_langfuzz Job Type: linux_msan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: eval_right->HasPredecessor() in v8/src/crankshaft/hydrogen.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=382185:382588 Minimized Testcase (9.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97pWpa5O894nNDuaUd8Wgwo2qjz7VE3BF5P81VBoB4jbB3bwYvNYIAZUKySxthpWbWc8k66jrhdLHOoBk61_tStyX9ZhZbASy0q_8eqq1kreajayRi66YNbus_XfEj9FIBhlFi9QaM-8oYmKw2xhf3tfybctA Filer: manoranjanr See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 31 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5482092980338688 Fuzzer: decoder_langfuzz Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: cond_false->HasPredecessor() in v8/src/crankshaft/hydrogen.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_d8&range=382185:382588 Minimized Testcase (6.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94zsFFwejh_OazPX1P9mjml4VZTYww05u0Hwjf39TQ_dCzBUxZ9Elxgkxtx5jx3xSxFmxXW8bwAaQb2gk9sWHSQCnSinO8s6qApyQt1y_Zdxv0hFnBm8AktvSd7MmEu2mJ8SzXeaca3rlTy70EAsBEBliIWpg Filer: manoranjanr See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 1 2016
Assigning to jarin@ as this could be similar to Issue 598993 and for further investigation.
,
Apr 7 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/3df0a8c1f226984118cadb79db2872f8b98296c9 commit 3df0a8c1f226984118cadb79db2872f8b98296c9 Author: jarin <jarin@chromium.org> Date: Thu Apr 07 05:36:25 2016 [crankshaft] Make infinite loops preserve control flow. We have to preserve control flow so that the liveness analysis is less confused. This CL fixes loops to preserve teh original control flow. BUG= chromium:599710 LOG=n Review URL: https://codereview.chromium.org/1863123002 Cr-Commit-Position: refs/heads/master@{#35318} [modify] https://crrev.com/3df0a8c1f226984118cadb79db2872f8b98296c9/src/crankshaft/hydrogen.cc [add] https://crrev.com/3df0a8c1f226984118cadb79db2872f8b98296c9/test/mjsunit/regress/regress-599710.js
,
Apr 8 2016
,
Apr 8 2016
Issue 596867 has been merged into this issue.
,
Apr 8 2016
Issue 597246 has been merged into this issue.
,
Apr 8 2016
,
Apr 8 2016
Issue 597247 has been merged into this issue.
,
Apr 11 2016
ClusterFuzz has detected this issue as fixed in range 386315:386318. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6033207748722688 Fuzzer: decoder_langfuzz Job Type: linux_msan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: eval_right->HasPredecessor() in v8/src/crankshaft/hydrogen.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=382185:382588 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=386315:386318 Minimized Testcase (9.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97pWpa5O894nNDuaUd8Wgwo2qjz7VE3BF5P81VBoB4jbB3bwYvNYIAZUKySxthpWbWc8k66jrhdLHOoBk61_tStyX9ZhZbASy0q_8eqq1kreajayRi66YNbus_XfEj9FIBhlFi9QaM-8oYmKw2xhf3tfybctA See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 11 2016
ClusterFuzz has detected this issue as fixed in range 386315:386318. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5617488779280384 Fuzzer: decoder_langfuzz Job Type: linux_msan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: right_block->HasPredecessor() in v8/src/crankshaft/hydrogen.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=382185:382588 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=386315:386318 Minimized Testcase (6.94 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97xEwDu0sMMxLrXdTex_RYQ-5Ncg3_KRC856AaWkbPmAKpJF_NvLqAwk8kR8Mhhe_1dfkLhYZdYHcwSMcLDjdBYDpoB4YvbgafyWUSl2gwvLwWBzWDFrwzzcEpk0JHNTe42aGlm_ZMg9vr4GVy2sxXkdoG6Mw See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 11 2016
ClusterFuzz has detected this issue as fixed in range 386315:386318. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5482092980338688 Fuzzer: decoder_langfuzz Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: cond_false->HasPredecessor() in v8/src/crankshaft/hydrogen.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_d8&range=382185:382588 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_d8&range=386315:386318 Minimized Testcase (6.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94zsFFwejh_OazPX1P9mjml4VZTYww05u0Hwjf39TQ_dCzBUxZ9Elxgkxtx5jx3xSxFmxXW8bwAaQb2gk9sWHSQCnSinO8s6qApyQt1y_Zdxv0hFnBm8AktvSd7MmEu2mJ8SzXeaca3rlTy70EAsBEBliIWpg See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 20 2016
This (see comment #6) is a correctness fix, let's backmerge it.
,
Apr 20 2016
[Automated comment] Commit may have occurred before M51 branch point (4/8/2016), needs manual review.
,
Apr 20 2016
Fix: https://chromium.googlesource.com/v8/v8/+/3df0a8c1f226984118cadb79db2872f8b98296c9 is not on 51
,
Apr 20 2016
Please merge your change to M51 branch 2704 before 5:00 PM PST so we can take it for today's M51 Beta candidate cut. Thank you.
,
Apr 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/6300b1eaa288787d1a8ac65d246e69bbc31baf6c commit 6300b1eaa288787d1a8ac65d246e69bbc31baf6c Author: Jaroslav Sevcik <jarin@chromium.org> Date: Thu Apr 21 08:04:37 2016 Version 5.1.281.12 (cherry-pick) Merged 3df0a8c1f226984118cadb79db2872f8b98296c9 [crankshaft] Make infinite loops preserve control flow. BUG= chromium:599710 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/1903593004 . Cr-Commit-Position: refs/branch-heads/5.1@{#15} Cr-Branched-From: 167dc63b4c9a1d0f0fe1b19af93644ac9a561e83-refs/heads/5.1.281@{#1} Cr-Branched-From: 03953f52bd4a184983a551927c406be6489ef89b-refs/heads/master@{#35282} [modify] https://crrev.com/6300b1eaa288787d1a8ac65d246e69bbc31baf6c/include/v8-version.h [modify] https://crrev.com/6300b1eaa288787d1a8ac65d246e69bbc31baf6c/src/crankshaft/hydrogen.cc [add] https://crrev.com/6300b1eaa288787d1a8ac65d246e69bbc31baf6c/test/mjsunit/regress/regress-599710.js
,
Apr 22 2016
This is already merged to M51 per comment #19. So removing "Merge-Approved-51" label.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by manoranj...@chromium.org
, Mar 31 2016