Unfortunately, this is a known difference between crankshaft and fullcode.


As f.arguments is unspecified, this is not violating any spec.

Ok, then I need to think about how to suppress this.

 Issue 679884  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8024d8f42e7b54fb6230c03f79162b1b8369571f

commit 8024d8f42e7b54fb6230c03f79162b1b8369571f
Author: machenbach <machenbach@chromium.org>
Date: Wed Jan 11 10:49:09 2017

[foozzie] Add suppressions based on metadata.

Also suppress a testcase using f.arguments.

BUG= chromium:662424 
TBR=jarin@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2625983002
Cr-Commit-Position: refs/heads/master@{#42215}

[modify] https://crrev.com/8024d8f42e7b54fb6230c03f79162b1b8369571f/tools/foozzie/v8_foozzie.py
[modify] https://crrev.com/8024d8f42e7b54fb6230c03f79162b1b8369571f/tools/foozzie/v8_suppressions.py

ClusterFuzz testcase 5104674803023872 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Keeping that open as it is suppressed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4689880216240128

Fuzzer: foozzie_js_mutation
Job Type: foozzie_ignition_staging
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  suppression:  crbug.com/662424 
  
Sanitizer: address (ASAN)

Regressed: V8: r42214:42215

Minimized Testcase (0.27 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97ahG7jh8KIlv11wBhZMaHc6NBoSDwr_eCNfM6x0jZFceoHCzt6gqnRt4caAfxgPDAsZj1kBfLk5P5vtuQvNxf7qAP4IOT9d8Km_7AXN0S1KoFZJBDGt9KWyRZ01Qo36n8wR6u0xlEsoEtdzRsos8S1Y2qw4ic1wsscs0fvtzAWQZ8rx-z33Lu_wmzAyK_e0BVlpPxfbyN7b6mQUPdRf_OTRQRjnMSTVdUW49IsEQovu8VwkfnIkCtDDExANmYtrwg_zJpqO6nFOF7n7PqVLs9-DwINMHkUlktkaIusx5Ow6INTSTdXc9HsBE3zfv2uVB3PqZ-EUr-oBgCM2oKwb8o2wekh2X27RouzmVxRTdD8wxKsu6V4CmprfxEhhLGCRzHoQvlBU032Zgrbh_ECY4Zs6Xw0fQ?testcase_id=4689880216240128

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 42370:42371.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4689880216240128

Fuzzer: foozzie_js_mutation
Job Type: foozzie_ignition_staging
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  suppression:  crbug.com/662424 
  
Sanitizer: address (ASAN)

Regressed: V8: r42214:42215
Fixed: V8: r42370:42371

Minimized Testcase (0.27 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97ahG7jh8KIlv11wBhZMaHc6NBoSDwr_eCNfM6x0jZFceoHCzt6gqnRt4caAfxgPDAsZj1kBfLk5P5vtuQvNxf7qAP4IOT9d8Km_7AXN0S1KoFZJBDGt9KWyRZ01Qo36n8wR6u0xlEsoEtdzRsos8S1Y2qw4ic1wsscs0fvtzAWQZ8rx-z33Lu_wmzAyK_e0BVlpPxfbyN7b6mQUPdRf_OTRQRjnMSTVdUW49IsEQovu8VwkfnIkCtDDExANmYtrwg_zJpqO6nFOF7n7PqVLs9-DwINMHkUlktkaIusx5Ow6INTSTdXc9HsBE3zfv2uVB3PqZ-EUr-oBgCM2oKwb8o2wekh2X27RouzmVxRTdD8wxKsu6V4CmprfxEhhLGCRzHoQvlBU032Zgrbh_ECY4Zs6Xw0fQ?testcase_id=4689880216240128

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Should still stay open. The problem remains and the suppression is still there:
https://cs.chromium.org/chromium/src/v8/tools/foozzie/v8_suppressions.py?q=662424&sq=package:chromium&l=41

The original test case was too old and didn't print the metadata yet. I assume clusterfuzz will find a new one soon...

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6385492234076160

Fuzzer: foozzie_js_mutation
Job Type: foozzie_ignition_staging
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  suppression:  crbug.com/662424 
  
Sanitizer: address (ASAN)

Regressed: V8: r42370:42371

Minimized Testcase (0.07 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94CBsiIlXAlKZzPK4m10E8vgaubFFjWVrKWTJqB8N-vinWZE8RcTvSh0WiJ_b5rbT7ej4iOdKmA2v8Id-wjK0QRqeeCcdmPOhe1egBnaAgTrn0_mT8R4Gm0i9as8lgLhCRIizjHsozwJARcG62H3md4N2AC_oos2vi5OJrAlOLJAVVc8cMlzna_bmdMx0AxcMbcT-ZYISIdOjOKU2XU6Yd2qBwXoF7zEDbI6Ee2q-0LyBCY5r1z1tzZcZJ1wYSdvb49CPHpfTK-7J0uutCj0dQ1BgBUDJGSc93A04TNnC7_f1a1u6F4jXxAhsoS6Z2UNITQN8iXm4ujTWSHYdCOyvJz0_Dn_IRjbPu_fwzgMNqiYo3pCJA?testcase_id=6385492234076160
print("v8-foozzie source: /v8/test/mjsunit/regress/regress-2989.js");


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

 Issue 688708  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ea7dc87cbd0652617865e8e0645e2905d94b7c65

commit ea7dc87cbd0652617865e8e0645e2905d94b7c65
Author: Michael Achenbach <machenbach@chromium.org>
Date: Mon Feb 06 10:29:34 2017

[foozzie] Suppress some test cases using f.arguments

BUG= chromium:662424 
NOTRY=true
TBR=mstarzinger@chromium.org,jarin@chromium.org

Change-Id: I3576f90a864831e22d065af6ff6ab6b0e2264b1d
Reviewed-on: https://chromium-review.googlesource.com/438305
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42956}
[modify] https://crrev.com/ea7dc87cbd0652617865e8e0645e2905d94b7c65/tools/foozzie/v8_suppressions.py

Wontfix, suppression will stay...

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/9da6ab2a2d0b5ad72d221dcfebb320c57a729448

commit 9da6ab2a2d0b5ad72d221dcfebb320c57a729448
Author: Michael Achenbach <machenbach@chromium.org>
Date: Mon Feb 27 08:16:29 2017

[foozzie] More f.arguments suppressions

BUG= chromium:662424 , chromium:696247 
NOTRY=true
TBR=mstarzinger@chromium.org

Change-Id: I8ff62f16267efc20b1f612300498cc0b994c9a58
Reviewed-on: https://chromium-review.googlesource.com/446346
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43437}
[modify] https://crrev.com/9da6ab2a2d0b5ad72d221dcfebb320c57a729448/tools/foozzie/v8_suppressions.py