V8 correctness failure in configs: x64,fullcode:x64,ignition_staging |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6374303441616896 Fuzzer: foozzie_js_mutation Job Type: foozzie_ignition_staging Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,fullcode:x64,ignition_staging sources: e81 Sanitizer: address (ASAN) Regressed: V8: 42370:42371 Minimized Testcase (7.18 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97TiAO3NE2CCJvGzci5zWuyxZmKB_LJ8A66aANYA6weyzsCLUl1Ny46IH6nGilC8KdqOnWPEqm20v5AowSjT4F2ul53TAx2Qds0FKTDulIE7MjyI2mfrGlFHF7dhkGx5Od72V4XQ3Au_H6Hcqq9x4DEW4gUOrmQR6xJdTl7SqzGj16NfQ0xpzo1E1APTCnLDjvRprAql8MevqBjx9-1GTlPXHCaUVHRnKbc7LdvstfIVkFsMAKrKfQ_7y2Goj1tKo5oDmiq0kG5_By8QHzGOA-hg6CVH1S7U56MA9-aKbc_p1FqfKn8L6USX_uXarJmgz77Pex9UeGJJ185j6VznyWZ_5Q7LwLzh3Tdnn7uqJHtUdrSu4Q?testcase_id=6374303441616896 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 24 2017
,
Jan 25 2017
Probably the same as issue 684859 .
,
Jan 26 2017
,
Mar 8 2017
ClusterFuzz has detected this issue as fixed in range 43662:43663. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6374303441616896 Fuzzer: foozzie_js_mutation Job Type: foozzie_ignition_staging Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,fullcode:x64,ignition_staging sources: e81 Sanitizer: address (ASAN) Regressed: V8: 42370:42371 Fixed: V8: 43662:43663 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97TiAO3NE2CCJvGzci5zWuyxZmKB_LJ8A66aANYA6weyzsCLUl1Ny46IH6nGilC8KdqOnWPEqm20v5AowSjT4F2ul53TAx2Qds0FKTDulIE7MjyI2mfrGlFHF7dhkGx5Od72V4XQ3Au_H6Hcqq9x4DEW4gUOrmQR6xJdTl7SqzGj16NfQ0xpzo1E1APTCnLDjvRprAql8MevqBjx9-1GTlPXHCaUVHRnKbc7LdvstfIVkFsMAKrKfQ_7y2Goj1tKo5oDmiq0kG5_By8QHzGOA-hg6CVH1S7U56MA9-aKbc_p1FqfKn8L6USX_uXarJmgz77Pex9UeGJJ185j6VznyWZ_5Q7LwLzh3Tdnn7uqJHtUdrSu4Q?testcase_id=6374303441616896 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 8 2017
ClusterFuzz testcase 6374303441616896 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 8 2017
,
Mar 10 2017
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by machenb...@chromium.org
, Jan 20 2017Components: -Blink>JavaScript Blink>JavaScript>Compiler
// PTAL. Probably a crankshaft bug. Repros between fullcode and default: function foo(b) { b *= 0; if (b < 1) { return b; } } foo(0); %OptimizeFunctionOnNextCall(foo); print(1 / foo(-0x40000000)) # Compared x64,fullcode with x64,default # # Flags of x64,fullcode: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1474417455 --nocrankshaft --turbo-filter=~ --novalidate-asm # Flags of x64,default: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1474417455 # # Difference: - -Infinity + Infinity # # Source file: none # ### Start of configuration x64,fullcode: -Infinity ### End of configuration x64,fullcode # ### Start of configuration x64,default: Infinity ### End of configuration x64,default