The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ec0e9e6a400df0789b5269cd3c6b84b351d249e2

commit ec0e9e6a400df0789b5269cd3c6b84b351d249e2
Author: mstarzinger <mstarzinger@chromium.org>
Date: Mon Sep 26 11:38:51 2016

[turbofan] Handle simplified ops in escape analysis.

This adds handling of simplified ops without effect input to the escape
status analysis. Such uses are treated as escaping for now until we add
dedicated handling to the escape analysis reducer.

R=bmeurer@chromium.org
BUG= chromium:650170 

Review-Url: https://codereview.chromium.org/2372533002
Cr-Commit-Position: refs/heads/master@{#39714}

[modify] https://crrev.com/ec0e9e6a400df0789b5269cd3c6b84b351d249e2/src/compiler/escape-analysis.cc

ClusterFuzz has detected this issue as fixed in range 39713:39714.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5639584467910656

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: Unreachable code
Crash Address: 
Crash State:
  escape-analysis.cc
  
Regressed: V8: r39680:39681
Fixed: V8: r39713:39714

Minimized Testcase (1.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv953Ljf5xN-4YMVwSbxI5Ov-O4h9kuiy8FBTvvfU3mT1akjScbDaSAn04oCj_PlovNE4fuFu4wPJGdEWzhZQ1ShodQuD5tYvZdniePIjstch2tz7cTUbIuy5cK3Z0K7EQKXDIpZvpuJHUhLao4uWpFwmvWeCeA?testcase_id=5639584467910656

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot