// Danno PTAL or reassign. Introduced by https://chromium.googlesource.com/v8/v8/+/63f09185d1a4799f82494cebb95b62e19f101093 according to bisect. Lower prio since this affects only error messages.
// The repro leads to a difference only if the string has a certain length (around 450 characters...):

v = '';
for (let i = 0; i < 45; i++) {
  v += '**********';
}
function foo(callback) {
  [ Float64Array ].forEach(callback);
}
try {
  foo();
} catch(e) {}
%OptimizeFunctionOnNextCall(foo);
foo(v);

// Output:
# Compared x64,ignition with x64,ignition_turbo
#
# Flags of x64,ignition:
--abort_on_stack_or_string_length_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 123 --turbo-filter=~ --noopt --suppress-asm-messages
# Flags of x64,ignition_turbo:
--abort_on_stack_or_string_length_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 123 --suppress-asm-messages
#
# Difference:
- /usr/local/google/home/machenbach/v8/v8/repro.js:6: TypeError: *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************...
+ /usr/local/google/home/machenbach/v8/v8/repro.js:6: TypeError: string is not a function
#
### Start of configuration x64,ignition:
/usr/local/google/home/machenbach/v8/v8/repro.js:6: TypeError: ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** is not a function
  [ Float64Array ].forEach(callback);
                   ^



### End of configuration x64,ignition
#
### Start of configuration x64,ignition_turbo:
/usr/local/google/home/machenbach/v8/v8/repro.js:6: TypeError: string is not a function
  [ Float64Array ].forEach(callback);
                   ^



### End of configuration x64,ignition_turbo

Pretty sure this is the same as  issue chromium:769852 , I'll hold this.

I was jumping to conclusions in comment #2, this is a different issue. But it is only a difference in error messages here. In TurboFan we properly render the call-site whereas in the builtin stub we just use the given string directly as part of the TypeError. Both cases properly throw a TypeError. Lowering priority.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/bb46a592d09c9e513d44bb598947b6aefac66c22

commit bb46a592d09c9e513d44bb598947b6aefac66c22
Author: Michael Starzinger <mstarzinger@chromium.org>
Date: Mon Oct 09 12:05:28 2017

[turbofan] Unify error message on non-callable callback.

R=mvstanton@chromium.org
BUG= chromium:770581 
TEST=mjsunit/regress/regress-crbug-770581

Change-Id: I3a5854b6534e67da3e28d9c713830808013675b5
Reviewed-on: https://chromium-review.googlesource.com/702378
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48375}
[modify] https://crrev.com/bb46a592d09c9e513d44bb598947b6aefac66c22/src/compiler/js-call-reducer.cc
[add] https://crrev.com/bb46a592d09c9e513d44bb598947b6aefac66c22/test/mjsunit/regress/regress-crbug-770581.js

ClusterFuzz has detected this issue as fixed in range 48374:48375.

Detailed report: https://clusterfuzz.com/testcase?key=5809014293397504

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:x64,ignition_turbo
  sources: 7ef
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=45770:45771
Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=48374:48375

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5809014293397504

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5809014293397504 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.