IrOpcode::kMerge == control->opcode() in src/compiler/memory-optimizer.cc |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6442029500596224 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: IrOpcode::kMerge == control->opcode() in src/compiler/memory-optimizer.cc Regressed: V8: r36127:36128 Minimized Testcase (6.57 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96jxv-tecwnWkUOyQ8ffgEjR_UZ6jI4bkKoe-iY9yY9dulb-yXIOUvsbYcIQ-PSoiNmYy4wGcQwE5Fq8kAPPV87IV1WWt4fwNuYhJyUsxPh7cwjLfmmO9LUt_Z5BpJ9shwXzQFn6pnfFXHN3ch7n8tGTJnWCA Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/5e0cd389bff2833c0b13179977b11ec216330bb3 commit 5e0cd389bff2833c0b13179977b11ec216330bb3 Author: bmeurer <bmeurer@chromium.org> Date: Tue Jun 21 10:38:50 2016 [turbofan] MemoryOptimizer cannot deal with dead nodes in use lists. We need to trim the graph before we execute the MemoryOptimizer, because that just walks the effect chain from Start to End and cannot deal with dead nodes in the use lists. R=jarin@chromium.org BUG= chromium:614292 Review-Url: https://codereview.chromium.org/2080703003 Cr-Commit-Position: refs/heads/master@{#37133} [modify] https://crrev.com/5e0cd389bff2833c0b13179977b11ec216330bb3/src/compiler/pipeline.cc [add] https://crrev.com/5e0cd389bff2833c0b13179977b11ec216330bb3/test/mjsunit/regress/regress-crbug-614292.js
,
Jun 21 2016
,
Jun 21 2016
ClusterFuzz has detected this issue as fixed in range 37129:37138. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6442029500596224 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: IrOpcode::kMerge == control->opcode() in memory-optimizer.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=36127:36128 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=37129:37138 Minimized Testcase (6.57 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95wHcPDJ9ouOAN49CDXePFacFlav87FC0EV9K6x6zRfrKG5Hefl3ACycl1o6n18lhnMJHsfQa0oyerICu8UsQqmXAOeAgwuDZIeex285lKmlhQ2o0wVslu-L4xhcTvckOymzkwXFzyk964UBAd-6RlfUrFToQ?testcase_id=6442029500596224 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by mstarzinger@chromium.org
, May 24 2016Owner: bmeu...@chromium.org
Status: Assigned (was: Available)