Looping in V8 stability sheriff to get this assigned correctly.

@jkummerov, can you please take a look at this issue ?

Reproduces on TOT, introduced by [turbofan] Move lowering of ObjectIs* nodes to ChangeLowering (https://codereview.chromium.org/1712563002).

#
# Fatal error in ../src/compiler/scheduler.cc, line 1273
# Check failed: InsideSameDominatorChain(block, data->minimum_block_).
#

I wasn't able to minimize the test case. Add --turbo to the command line.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/03975befe31fbc357928fbdc8cf8cf49533eada1

commit 03975befe31fbc357928fbdc8cf8cf49533eada1
Author: jarin <jarin@chromium.org>
Date: Fri Apr 08 08:25:50 2016

[turbofan] Remove some clever-but-wrong bits from select lowering.

BUG= chromium:600593 
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1870763003

Cr-Commit-Position: refs/heads/master@{#35347}

[modify] https://crrev.com/03975befe31fbc357928fbdc8cf8cf49533eada1/src/compiler/select-lowering.cc
[modify] https://crrev.com/03975befe31fbc357928fbdc8cf8cf49533eada1/src/compiler/select-lowering.h
[add] https://crrev.com/03975befe31fbc357928fbdc8cf8cf49533eada1/test/mjsunit/compiler/regress-600593.js
[delete] https://crrev.com/d72112161d36cbc257e8e7c19f4809495ef97208/test/unittests/compiler/select-lowering-unittest.cc
[modify] https://crrev.com/03975befe31fbc357928fbdc8cf8cf49533eada1/test/unittests/unittests.gyp

Your change meets the bar and is auto-approved for M51 (branch: 2704)

Please merge your change to M51 branch 2704 before 5:00 PM PST tomorrow (Wednesday), so we can take it in for M51 Thursday's dev push.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8e4f1e953ba1051fa5442dee86381b30f6aab853

commit 8e4f1e953ba1051fa5442dee86381b30f6aab853
Author: Jaroslav Sevcik <jarin@chromium.org>
Date: Wed Apr 13 08:15:31 2016

Version 5.1.281.6 (cherry-pick)

Merged 03975befe31fbc357928fbdc8cf8cf49533eada1

[turbofan] Remove some clever-but-wrong bits from select lowering.

BUG= chromium:600593 
LOG=N
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1877223005 .

Cr-Commit-Position: refs/branch-heads/5.1@{#9}
Cr-Branched-From: 167dc63b4c9a1d0f0fe1b19af93644ac9a561e83-refs/heads/5.1.281@{#1}
Cr-Branched-From: 03953f52bd4a184983a551927c406be6489ef89b-refs/heads/master@{#35282}

[modify] https://crrev.com/8e4f1e953ba1051fa5442dee86381b30f6aab853/include/v8-version.h
[modify] https://crrev.com/8e4f1e953ba1051fa5442dee86381b30f6aab853/src/compiler/select-lowering.cc
[modify] https://crrev.com/8e4f1e953ba1051fa5442dee86381b30f6aab853/src/compiler/select-lowering.h
[add] https://crrev.com/8e4f1e953ba1051fa5442dee86381b30f6aab853/test/mjsunit/compiler/regress-600593.js
[delete] https://crrev.com/2bb6af5a5c4af649561b9d1806552a6daf75db93/test/unittests/compiler/select-lowering-unittest.cc
[modify] https://crrev.com/8e4f1e953ba1051fa5442dee86381b30f6aab853/test/unittests/unittests.gyp

As per comment #11, this is already merged to M51. So removing
"Merge-Approved-51" label.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot