Issue metadata
Sign in to add a comment
|
CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #336 in simplified- |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4567213502889984 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: CHECK failure Crash Address: Crash State: Representation inference: unsupported opcode 59 (Dead), node #336 in simplified- v8::platform::PrintStackTrace v8::internal::compiler::RepresentationSelector::VisitNode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=502564:502580 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4567213502889984 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 21 2017
This is big was caused by commit 37aa13fe3b434f5fe778ab4bc69c56c6bd526383 Author: Mike Stanton <mvstanton@chromium.org> Date: Fri Sep 15 14:48:36 2017 +0200 [Turbofan] Array.prototype.filter inlining. We have reverted that since than because we suspected it crashed on Canary: commit 47b63806fcf544cacc779fc08694dacdd9886e26 Author: Jaroslav Sevcik <jarin@chromium.org> Date: Tue Sep 19 13:59:15 2017 +0000 Revert "[Turbofan] Array.prototype.filter inlining." This reverts commit 37aa13fe3b434f5fe778ab4bc69c56c6bd526383. Reason for revert: Suspected to break 63.0.3219 Canary Original change's description: > [Turbofan] Array.prototype.filter inlining. > > Support inlining of Array.prototype.filter in TurboFan. > > Bug: v8:1956 > Change-Id: Iba4d683aaa86c6104e8a1cf4d0f549a0c516576a > Reviewed-on: https://chromium-review.googlesource.com/657021 > Commit-Queue: Michael Stanton <mvstanton@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#48040} TBR=mvstanton@chromium.org,mstarzinger@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:1956 Change-Id: I125a8caf128890d788e040adfe2fc76bd8d1fbea Reviewed-on: https://chromium-review.googlesource.com/672783 Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#48083}
,
Sep 21 2017
,
Sep 21 2017
ClusterFuzz has detected this issue as fixed in range 503077:503094. Detailed report: https://clusterfuzz.com/testcase?key=4567213502889984 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: CHECK failure Crash Address: Crash State: Representation inference: unsupported opcode 59 (Dead), node #336 in simplified- v8::platform::PrintStackTrace v8::internal::compiler::RepresentationSelector::VisitNode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=502564:502580 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=503077:503094 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4567213502889984 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by palmer@chromium.org
, Sep 21 2017Labels: M-63 Pri-1
Owner: bmeu...@chromium.org
Status: Assigned (was: Untriaged)