Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/08dba83aa4d5be3c87d1c6ef90a863d5bdb709b6 ([d8] Support more console functions).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

From what I can see, the output is correct but it should not we classified as a bug. The only difference is the length of the address 32 vs 64-bit.

# Difference:
- Security context: 0x1292dd023421 <JSObject>#0#
+ Security context: 0x23594ca9 <JSObject>#0#

I added some new mjsunit tests that use console, CF must have picked that up.

If we have new expected observable differences between archs, we'll soon drown in duplicates :(

Is there a simple way to mock out these features? E.g. with some prequel code in https://cs.chromium.org/chromium/src/v8/tools/foozzie/v8_mock_archs.js?q=mock_arch&sq=package:chromium&l=1

CC reviewers of CL

Re 4: If no good mocking solution exists, we could also dump the files that trigger this bug into:
https://cs.chromium.org/chromium/src/v8/tools/foozzie/v8_suppressions.py?sq=package:chromium&l=39

Let's revert that CL for now. I suggest to introduce a flag to hide the output, or not expose the address. We can already use %DebugPrint to expose the address.

As far as code search tells me, console.trace() appears only in one mjsunit test, which we could just add to the ignored tests. Or is there more functionality that's more widely used, which can lead to different output?

 Issue 775407  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/2aa434d2f5b7ece5eca5627d88ab1ce18655ade0

commit 2aa434d2f5b7ece5eca5627d88ab1ce18655ade0
Author: Michael Achenbach <machenbach@chromium.org>
Date: Tue Oct 17 13:39:22 2017

[foozzie] Skip unsuitable test

NOTRY=true
TBR=yangguo@chromium.org

Bug:  chromium:774805 
Change-Id: Iaf744749acf006558e02300c05627c8f25457e0d
Reviewed-on: https://chromium-review.googlesource.com/723383
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48642}
[modify] https://crrev.com/2aa434d2f5b7ece5eca5627d88ab1ce18655ade0/tools/foozzie/v8_suppressions.py

 Issue 775403  has been merged into this issue.

SGTM, I might add some more tests but will keep it to the single file.

ClusterFuzz has detected this issue as fixed in range 48714:48715.

Detailed report: https://clusterfuzz.com/testcase?key=5781981400137728

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:arm,ignition
  sources: none
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=48530:48531
Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=48714:48715

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5781981400137728

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

It's more than a year nobody has added another console.trace() test. So lets just close this. The one test that exists is blacklisted. Should something else be added we can add a suppression regexp as well.