New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 681236 link

Starred by 2 users
Status: Verified
Owner:
bradnelson@chromium.org
Last visit > 30 days ago
Closed: Jan 2017
Cc:
bradnelson@chromium.org
titzer@chromium.org
adamk@chromium.org
dschuff@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug

Blocking:
issue v8:4203



Sign in to add a comment

V8 correctness failure in configs: x64,fullcode:x64,ignition_staging

Project Member Reported by ClusterFuzz, Jan 14 2017

Comment 1 by machenb...@chromium.org, Jan 16 2017

Blocking: v8:4203
Cc: bradnelson@chromium.org
Components: -Blink>JavaScript Blink>JavaScript>WebAssembly
Labels: v8-foozzie-failure
Owner: titzer@chromium.org
Status: Assigned (was: Untriaged)
// Simple repro:
function __f_3() {
  "use asm";
  function __f_15(__v_7) {
    __v_7 = __v_7|0;
  }
  return {__f_15: __f_15};
}
print(Object.getOwnPropertyNames(__f_3()))

// Difference:
- __f_15
+ __foreign_init__,__f_15

// Use with or without --novalidate-asm

// PTAL for triage
Project Member

Comment 2 by bugdroid1@chromium.org, Jan 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e9981e076acc92709a5a12361d5ab03a9bf5144a

commit e9981e076acc92709a5a12361d5ab03a9bf5144a
Author: machenbach <machenbach@chromium.org>
Date: Tue Jan 17 12:25:15 2017

[foozzie] Add test suppressions

BUG= chromium:681088 , chromium:681236 
NOTRY=true
TBR=bradnelson@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2632223002
Cr-Commit-Position: refs/heads/master@{#42402}

[modify] https://crrev.com/e9981e076acc92709a5a12361d5ab03a9bf5144a/tools/foozzie/v8_suppressions.py

Comment 4 by bradnelson@chromium.org, Jan 18 2017

Labels: -Pri-1 Hotlist-Asm Pri-3

Comment 5 by bradnelson@chromium.org, Jan 18 2017

Cc: titzer@chromium.org
Owner: bradnelson@chromium.org
Status: Started (was: Assigned)
Project Member

Comment 7 by ClusterFuzz, Jan 18 2017 

ClusterFuzz has detected this issue as fixed in range 42401:42402.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4715062213476352

Fuzzer: foozzie_js_mutation
Job Type: foozzie_ignition_staging
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,fullcode:x64,ignition_staging
  sources: 6fb
  
Sanitizer: address (ASAN)

Regressed: V8: r42334:42335
Fixed: V8: r42401:42402

Minimized Testcase (0.62 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97kgecWt9oY2ZIggO0xzDC3Qr6bACGw8A3HLUp0N6-jaSNgY8UTAKWsIejQ56kGJPPjpDoyEmD5G9atB7CNxPN7HUFib_Ae1W91HVvJuxkbpDl9_PnqrFOpDfzDauAqesHWvXCKjgCdKOXw85Xn_CV53_7j4470uQzE0FoOE3RAGewbrnT_0bcTipuYbTFusNippcD_NpHS67tTM_ZKf9WKqoW04VRTJ3NYpk-cb3q8gGEjO5hAfibzA768QAWNqlb2-Li7qr60o2rodum1FrUrTZoTp0DQhX0aBEQ3W1Ks8ZWLuts1-p5uTwKEZjMsu-SAp3i0crM0JMTL2-CMYzYZQg5ECbY_6ULytIuK8Dj6uH5C17g?testcase_id=4715062213476352

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 8 by machenb...@chromium.org, Jan 18 2017 

Fix comment by clusterfuzz is wrong as usual. It's just the suppression.

Comment 9 by bradnelson@chromium.org, Jan 28 2017 

Fixed here:
https://codereview.chromium.org/2664493002/

Waiting for clusterfuzz to close.

Comment 10 by machenb...@chromium.org, Jan 30 2017 

Clusterfuzz won't close this as it's already suppressed. We can delete the suppression. Are any of the other problems fixed with this too?
Project Member

Comment 11 by bugdroid1@chromium.org, Jan 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/2ef69834268e26b7b305182e8d94f5549b009ea3

commit 2ef69834268e26b7b305182e8d94f5549b009ea3
Author: machenbach <machenbach@chromium.org>
Date: Mon Jan 30 12:37:40 2017

[foozzie] Remove obsolete suppressions

BUG= chromium:681236 
NOTRY=true
TBR=bradnelson@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2662823002
Cr-Commit-Position: refs/heads/master@{#42772}

[modify] https://crrev.com/2ef69834268e26b7b305182e8d94f5549b009ea3/tools/foozzie/v8_suppressions.py
Project Member

Comment 12 by ClusterFuzz, Jan 31 2017 

ClusterFuzz has detected this issue as fixed in range 42771:42772.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5477374549557248

Fuzzer: foozzie_js_mutation
Job Type: foozzie_ignition_staging
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  suppression:  crbug.com/681236 
  
Sanitizer: address (ASAN)

Regressed: V8: 42401:42402
Fixed: V8: 42771:42772

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv964XB9373mQ7RJIc72r9M9tjM-lZhqdzqC6DITYDiz5g33_wxMt6KO91Hc-nts-_5C2qXaE293q25zNkHdaUsB5H3La0E2u2iTezNNqBPZjwAbPFUWUD-3aS2_zEVg9KoHFu6wP0ZHrrArOnb3mAiB_TwpipMfHGK5FyDUZsG-1VvwPCjYNqZgfAyH6ZwNsKQ7VI_HwlM-kU_VmSSScmSit6hylOVC5V5p2dMhJ94sd-Q6FqfdYvOTvAEnTpyT9czo7_PRZUm2dhoVVXnFavt1IWUjmonQC7Kzbvmh_9-Fqi7Pj-jDzxOErsNYLJdjEY1Vk5dwcbElIdRZVwB4TuDSQWbz7Ou20QtvX14yr4OWRxNstI1U?testcase_id=5477374549557248


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 13 by ClusterFuzz, Jan 31 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 5477374549557248 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment