V8 correctness failure in configs: x64,fullcode:x64,ignition_staging |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6035186614796288 Fuzzer: foozzie_js_mutation Job Type: foozzie_ignition_staging Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,fullcode:x64,ignition_staging sources: 52c Sanitizer: address (ASAN) Regressed: V8: 42370:42371 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95w4sFDAgzay9UPmiJumzSfHaj4JACybdy_gGAnJ6QhEknmntrfpdVfe3j1wtoL4J9Ou56PYXycY9ixDn-0IO3CPReT4xJPAbIkCFIEmvQCgFhPXaDoiFPHe1Enm_i4wi_R1-5mwV3lRdL4OWm4zbW7jMJqS9FJx4fvJ_8vBF_Jim3qfIlEyfCQYAk5JcF0Kg0cvJfXuDax9f1a7rqrDUlESSIjZVwqQ7XQslPxJsQIr-slJBawc5w6r8rIQ2tLVFw9H30ZVRsPNLL9o9QUxUqYpkbezxGHbMNPXxvGiYaunzIi7F7mK0VoyX9azgS_4UkKAkaD13LKwP7xhBHUL5OkTjtezA9GQG-FVQtVwM7xxyuBF0w?testcase_id=6035186614796288 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 8 2017
ClusterFuzz has detected this issue as fixed in range 43662:43663. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6035186614796288 Fuzzer: foozzie_js_mutation Job Type: foozzie_ignition_staging Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,fullcode:x64,ignition_staging sources: 52c Sanitizer: address (ASAN) Regressed: V8: 42370:42371 Fixed: V8: 43662:43663 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95w4sFDAgzay9UPmiJumzSfHaj4JACybdy_gGAnJ6QhEknmntrfpdVfe3j1wtoL4J9Ou56PYXycY9ixDn-0IO3CPReT4xJPAbIkCFIEmvQCgFhPXaDoiFPHe1Enm_i4wi_R1-5mwV3lRdL4OWm4zbW7jMJqS9FJx4fvJ_8vBF_Jim3qfIlEyfCQYAk5JcF0Kg0cvJfXuDax9f1a7rqrDUlESSIjZVwqQ7XQslPxJsQIr-slJBawc5w6r8rIQ2tLVFw9H30ZVRsPNLL9o9QUxUqYpkbezxGHbMNPXxvGiYaunzIi7F7mK0VoyX9azgS_4UkKAkaD13LKwP7xhBHUL5OkTjtezA9GQG-FVQtVwM7xxyuBF0w?testcase_id=6035186614796288 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 8 2017
ClusterFuzz testcase 6035186614796288 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 8 2017
,
Mar 10 2017
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by machenb...@chromium.org
, Jan 31 2017Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)
// PTAL. Repros with fullcode/default. Simple repro: function foo(e) { print(Math.clz32(-undefined)); } foo(); %OptimizeFunctionOnNextCall(foo); foo(); // Output: # Compared x64,fullcode with x64,default # # Flags of x64,fullcode: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1234 --nocrankshaft --turbo-filter=~ --validate-asm # Flags of x64,default: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1234 --validate-asm # # Difference: - 32 + NaN # # Source file: none # ### Start of configuration x64,fullcode: 32 32 ### End of configuration x64,fullcode # ### Start of configuration x64,default: 32 NaN ### End of configuration x64,default