Michi, you introduced that DCHECK (https://cs.chromium.org/chromium/src/v8/src/asmjs/asm-js.cc?rcl=8cd4009c5b7072ad224f19a9e668ec0ed7430599&l=380) in this CL: https://chromium-review.googlesource.com/c/v8/v8/+/509552

I guess that in this case, we have a pending RangeError because of stack overflow?
So should be clear that exception, or propagate it?

Thanks! Definitely needs to be cleared, the caller is not prepared to propagate an exception of any kind. Even though in this example the subsequent fallback and compilation of Ignition bytecode will most certainly also fail and throw a RangeError itself. But at least the module is in a stable state and marked as {is_asm_wasm_broken}. I'll take a look at this.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/54a3027033f8e474625865ace7aa7f11cb3f69da

commit 54a3027033f8e474625865ace7aa7f11cb3f69da
Author: Michael Starzinger <mstarzinger@chromium.org>
Date: Wed Sep 06 15:03:13 2017

[asm.js] Gracefully handle stack overflow in start function.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-762472
BUG= chromium:762472 

Change-Id: I8977fb9c9330f03641291b08cf803d0117b7a96a
Reviewed-on: https://chromium-review.googlesource.com/652478
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47852}
[modify] https://crrev.com/54a3027033f8e474625865ace7aa7f11cb3f69da/src/asmjs/asm-js.cc
[add] https://crrev.com/54a3027033f8e474625865ace7aa7f11cb3f69da/test/mjsunit/regress/regress-crbug-762472.js

ClusterFuzz has detected this issue as fixed in range 47851:47852.

Detailed report: https://clusterfuzz.com/testcase?key=5564879745581056

Fuzzer: mbarbella_js_mutation
Job Type: mac_asan_d8_dbg
Platform Id: mac

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  !isolate->has_pending_exception() in asm-js.cc
  v8::internal::AsmJs::InstantiateAsmWasm
  v8::internal::__RT_impl_Runtime_InstantiateAsmJs
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=mac_asan_d8_dbg&range=47851:47852

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5564879745581056

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5564879745581056 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug requires manual review: M62 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Approving merge for M62. Branch:3202

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e0e7c11bd4b4bae864fc36b76ebb401bcd9a30e5

commit e0e7c11bd4b4bae864fc36b76ebb401bcd9a30e5
Author: Michael Starzinger <mstarzinger@chromium.org>
Date: Mon Sep 18 08:24:46 2017

Merged: [asm.js] Gracefully handle stack overflow in start function.

TEST=mjsunit/regress/regress-crbug-762472
BUG= chromium:762472 
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

Change-Id: I8977fb9c9330f03641291b08cf803d0117b7a96a
Reviewed-on: https://chromium-review.googlesource.com/652478
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#47852}(cherry picked from commit 54a3027033f8e474625865ace7aa7f11cb3f69da)
Reviewed-on: https://chromium-review.googlesource.com/670743
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/branch-heads/6.2@{#23}
Cr-Branched-From: efa2ac4129d30c7c72e84c16af3d20b44829f990-refs/heads/6.2.414@{#1}
Cr-Branched-From: a861ebb762a60bf5cc2a274faee3620abfb06311-refs/heads/master@{#47693}
[modify] https://crrev.com/e0e7c11bd4b4bae864fc36b76ebb401bcd9a30e5/src/asmjs/asm-js.cc
[add] https://crrev.com/e0e7c11bd4b4bae864fc36b76ebb401bcd9a30e5/test/mjsunit/regress/regress-crbug-762472.js

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot