RepresentationChangerError: node #92:Int64Constant of kRepWord64 (Internal) cann |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6596751309406208 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: RepresentationChangerError: node #92:Int64Constant of kRepWord64 (Internal) cann Regressed: V8: r35498:35499 Minimized Testcase (0.31 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96xGOYZczSPEZYNpO0_27y7xkbwgtjJM15riMdmG_InSkmuJDtfOaT9qaOGciFtmcYz9jrAhPlQn224Erw0b6vo_QpNuLdXc5s2uhcsdzqJ0hqzAeTrG3ssZtBhmRTNrVvLxaOu5jpj8ydsO75RIdTkZ191yg var __v_1 = {}; (function __f_2() { var __v_2 = 0; function __f_3(a) { var __v_8 = a + 23 try { let __v_0 = a + 42; function __f_1() { return __v_1 + __v_0 } throw "boom!"; } catch(e) { __v_2 = __v_1; } return __v_1; } %OptimizeFunctionOnNextCall(__f_3); __f_3(); })(); Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 14 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5686226228609024 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: RepresentationChangerError: node #98:Int64Constant of kRepWord64 (Internal) cann Minimized Testcase (0.30 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96vDGDrMUrXQDj4Wy0e70PzYtDplLMYuZ3aY6LbiR390up7MV1343hqi7NI98gbcYb9uW21uTXLJLMAYdtvBv38m8JwiRKmmB7UcBBvZkpkUaHya029HDnfR4roZf8EOn-3snyhQK8RXkeZiQKQVYaMBR1IWw (function __f_2() { var __v_2 = 0; function __f_3(a) { var __v_1 = a + 23 try { let __v_0 = a + 42; function __f_1() { return __v_1 + __v_0 } throw "boom!"; } catch(e) { __v_2 = __v_1; } return __v_1; } %OptimizeFunctionOnNextCall(__f_3); __f_3(); })(); Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 15 2016
Issue 603757 has been merged into this issue.
,
Apr 15 2016
Issue 603630 has been merged into this issue.
,
Apr 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d commit 58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d Author: mstarzinger <mstarzinger@chromium.org> Date: Fri Apr 15 12:19:14 2016 [turbofan] Mark escape analysis as experimental. This prefixes the escape analysis flag with "experimental", thereby making sure the flag in question is not being fuzzed. It will reduce noise levels on ClusterFuzz again. R=jarin@chromium.org BUG= chromium:603653 LOG=n Review URL: https://codereview.chromium.org/1894513002 Cr-Commit-Position: refs/heads/master@{#35521} [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/src/compiler/pipeline.cc [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/src/flag-definitions.h [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-1.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-10.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-2.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-3.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-4.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-5.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-6.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-7.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-8.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-9.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-deopt-1.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-deopt-2.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-deopt-3.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-deopt-4.js [modify] https://crrev.com/58820332034e3a8d1ca6fbf6a8dc5fc51e4feb7d/test/mjsunit/compiler/escape-analysis-deopt-5.js
,
Apr 15 2016
ClusterFuzz has detected this issue as fixed in range 35520:35521. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6596751309406208 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: RepresentationChangerError: node #92:Int64Constant of kRepWord64 (Internal) cann Regressed: V8: r35498:35499 Fixed: V8: r35520:35521 Minimized Testcase (0.31 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96xGOYZczSPEZYNpO0_27y7xkbwgtjJM15riMdmG_InSkmuJDtfOaT9qaOGciFtmcYz9jrAhPlQn224Erw0b6vo_QpNuLdXc5s2uhcsdzqJ0hqzAeTrG3ssZtBhmRTNrVvLxaOu5jpj8ydsO75RIdTkZ191yg var __v_1 = {}; (function __f_2() { var __v_2 = 0; function __f_3(a) { var __v_8 = a + 23 try { let __v_0 = a + 42; function __f_1() { return __v_1 + __v_0 } throw "boom!"; } catch(e) { __v_2 = __v_1; } return __v_1; } %OptimizeFunctionOnNextCall(__f_3); __f_3(); })(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 15 2016
ClusterFuzz has detected this issue as fixed in range 35520:35521. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5686226228609024 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: RepresentationChangerError: node #98:Int64Constant of kRepWord64 (Internal) cann Regressed: V8: r35498:35499 Fixed: V8: r35520:35521 Minimized Testcase (0.30 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96vDGDrMUrXQDj4Wy0e70PzYtDplLMYuZ3aY6LbiR390up7MV1343hqi7NI98gbcYb9uW21uTXLJLMAYdtvBv38m8JwiRKmmB7UcBBvZkpkUaHya029HDnfR4roZf8EOn-3snyhQK8RXkeZiQKQVYaMBR1IWw (function __f_2() { var __v_2 = 0; function __f_3(a) { var __v_1 = a + 23 try { let __v_0 = a + 42; function __f_1() { return __v_1 + __v_0 } throw "boom!"; } catch(e) { __v_2 = __v_1; } return __v_1; } %OptimizeFunctionOnNextCall(__f_3); __f_3(); })(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 15 2016
ClusterFuzz has detected this issue as fixed in range 35520:35521. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4932372025311232 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: RepresentationChangerError: node #129:Int64Constant of kRepWord64 (Internal) can Regressed: V8: r35498:35499 Fixed: V8: r35520:35521 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95rtw0vUIVQHg2i1IQijuQ9dWtpGASmkf1P9nV3Z7cyRqzxVEfOO_2kdmN0u2h5Bndtv9gP5ntPz4vNcsaec53p6U-yOrLDJ9a6mZOoOBdiSnfcNzE83j43zv-iA7UzPVwdch9vvEj3wqv4sKiKbQa7OOcq2g assertFalse = function assertFalse() {; }; (function __f_13() { var __v_6 = 0; function __f_4() { } function __f_5(__v_2) { var __v_8 = __v_2 + 23 try { let __v_7 = __v_2 + 42; assertFalse(delete __v_14); function __f_2() { return __v_8 + __v_7 } __f_4(); } catch(e) { __v_6 = __v_8; } return __v_8; } __f_5(); %OptimizeFunctionOnNextCall(__f_5); __f_5(); })() See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 15 2016
Marking 'Fixed' as per the above comments. Thank you!
,
Apr 22 2016
Issue 605743 has been merged into this issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Apr 14 2016