Regression range points to 4e92e124858c56bd0c99533395c9c2333d954e5f. Cannot set non project members as owners. Setting Andreas as owner instead.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/6ad5ca59c927b6318633a36e8038fbaca9e4efa6

commit 6ad5ca59c927b6318633a36e8038fbaca9e4efa6
Author: Andreas Haas <ahaas@chromium.org>
Date: Mon Mar 27 12:06:41 2017

[wasm] Check the result of Promise::Resolver

We check that if we do not get a result, or if we get a negative result,
then there has to be a scheduled exception.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regression-704127
BUG= chromium:704127 

Change-Id: I3fef3cc02f685a9cbc3f10203e2a59b61b3702d5
Reviewed-on: https://chromium-review.googlesource.com/458282
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44144}
[modify] https://crrev.com/6ad5ca59c927b6318633a36e8038fbaca9e4efa6/src/wasm/wasm-js.cc
[modify] https://crrev.com/6ad5ca59c927b6318633a36e8038fbaca9e4efa6/src/wasm/wasm-module.cc
[add] https://crrev.com/6ad5ca59c927b6318633a36e8038fbaca9e4efa6/test/mjsunit/regress/wasm/regression-704127.js

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e63070e976e96dd0558ca600a6a349fbd9770de0

commit e63070e976e96dd0558ca600a6a349fbd9770de0
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Mon Mar 27 12:33:40 2017

Revert "[wasm] Check the result of Promise::Resolver"

This reverts commit 6ad5ca59c927b6318633a36e8038fbaca9e4efa6.

Reason for revert: Breaks on noi18n bot, needs fix in the new regression test

Original change's description:
> [wasm] Check the result of Promise::Resolver
> 
> We check that if we do not get a result, or if we get a negative result,
> then there has to be a scheduled exception.
> 
> R=​clemensh@chromium.org
> TEST=mjsunit/regress/wasm/regression-704127
> BUG= chromium:704127 
> 
> Change-Id: I3fef3cc02f685a9cbc3f10203e2a59b61b3702d5
> Reviewed-on: https://chromium-review.googlesource.com/458282
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44144}

TBR=ahaas@chromium.org,clemensh@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:704127 

Change-Id: Ibf6d27929c88064bc2755688358998640092e31a
Reviewed-on: https://chromium-review.googlesource.com/459512
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44145}
[modify] https://crrev.com/e63070e976e96dd0558ca600a6a349fbd9770de0/src/wasm/wasm-js.cc
[modify] https://crrev.com/e63070e976e96dd0558ca600a6a349fbd9770de0/src/wasm/wasm-module.cc
[delete] https://crrev.com/6ad5ca59c927b6318633a36e8038fbaca9e4efa6/test/mjsunit/regress/wasm/regression-704127.js

ClusterFuzz has detected this issue as fixed in range 44167:44168.

Detailed report: https://clusterfuzz.com/testcase?key=5342849739784192

Fuzzer: v8_builtins_generator
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !maybe.IsNothing() in wasm-js.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 44009:44010
Fixed: V8: 44167:44168

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94hJAZqUV0qhaApkNilwf3s2TRquBeLFRl0p7UXaqZgBMHycUS3TQUAmIzsCPxIKyA4KrPddU4KUfc0ASB_CHC2Suvko2yDUBA7vysMx7korK4ym1xf75ZlWYCxec2TNtvAE7W6XDbc8ABS8urcdeFDdRWfhrk4kYxgtLYcJGbaVeqRrl29aKx5LjhL-wSteoVbBcpIwaL5_jB7Q7ddg4d47kWWKgrLwh1Y8rW4IvotNiIz8vf2wfGU7wRyVGsYupr3C5P72XO_i8sRhDDKVsVJHuh5cj5mCyXZdZ5QFZr_4uUFLxyuI8QUOsLlRGrbHrrbt4bp_UFzSDI-uztEg7IjglZlcwoPCZy4HupjCqWtBbn0IEdzKSH4qe1LgOJ3xuZutade4P29eSqvOvz3W4DcIh56_Q?testcase_id=5342849739784192


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5342849739784192 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/42f285fcbb6f2546ce83f8d2e444328f754517ef

commit 42f285fcbb6f2546ce83f8d2e444328f754517ef
Author: Andreas Haas <ahaas@chromium.org>
Date: Fri Mar 31 09:54:21 2017

Reland [wasm] Check the result of Promise::Resolver

The original CL was reverted because regression test used i18n stuff,
which was not available in the no-i18n bot.

The regression test turned out to be flaky, because I cannot even
reproduce the crash now without the fix. I think the reason is that for
the crash to happen a stack check has to fail within the rejection of
a promise. Small changes can cause the stack check to fail somewhere
else. Investigations showed though that the crash should still be
possible. I propose therefore to land the fix now without the
regression test.

Original message:
We check that if we do not get a result, or if we get a negative result,
then there has to be a scheduled exception.

R=clemensh@chromium.org
BUG= chromium:704127 

Change-Id: Iaf355249686412a636074a476687413b621aac68
Reviewed-on: https://chromium-review.googlesource.com/464846
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44300}
[modify] https://crrev.com/42f285fcbb6f2546ce83f8d2e444328f754517ef/src/wasm/wasm-js.cc
[modify] https://crrev.com/42f285fcbb6f2546ce83f8d2e444328f754517ef/src/wasm/wasm-module.cc