Detailed report: https://clusterfuzz.com/testcase?key=6507305503031296 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: key->IsSmi() in runtime-classes.cc KeyToName<v8::internal::NumberDictionary> v8::internal::MaybeHandle<v8::internal::Object> v8::internal::GetMethodAndSetHom Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49290:49291 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6507305503031296 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/22932d6b43e9df81c29116f9e4ff1c1e36a0aaa3 (Reland "[runtime] Slightly optimize creation of class literals."). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
ClusterFuzz has detected this issue as fixed in range 49302:49303. Detailed report: https://clusterfuzz.com/testcase?key=6507305503031296 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: key->IsSmi() in runtime-classes.cc KeyToName<v8::internal::NumberDictionary> v8::internal::MaybeHandle<v8::internal::Object> v8::internal::GetMethodAndSetHom Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49290:49291 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49302:49303 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6507305503031296 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 6507305503031296 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/cc9e77abe8497578a967259f643dcfb12e134fdb commit cc9e77abe8497578a967259f643dcfb12e134fdb Author: Igor Sheludko <ishell@chromium.org> Date: Fri Nov 17 18:15:34 2017 Reland^2 "[runtime] Slightly optimize creation of class literals." This CL also includes fixes for CF issues found while the previous reland was active. Bug: v8:5799 , chromium:783902 , chromium:783926 , chromium:783822 Change-Id: I1f7d9b037d90838469c45f5d72771a77444c662e Reviewed-on: https://chromium-review.googlesource.com/764067 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#49457} [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/BUILD.gn [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/ast/ast.cc [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/ast/ast.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/compiler/code-assembler.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/factory.cc [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/heap/heap.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/interpreter/bytecode-generator.cc [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/interpreter/bytecode-generator.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects-inl.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects-printer.cc [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects.cc [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects/dictionary.h [add] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects/literal-objects-inl.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects/literal-objects.cc [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects/literal-objects.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/objects/shared-function-info.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/runtime/runtime-classes.cc [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/runtime/runtime.h [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/src/v8.gyp [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/test/cctest/interpreter/bytecode_expectations/ClassDeclarations.golden [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/test/cctest/interpreter/bytecode_expectations/Modules.golden [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/test/cctest/interpreter/bytecode_expectations/NewAndSpread.golden [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/test/mjsunit/es6/class-computed-property-names-super.js [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/test/mjsunit/es6/classes.js [add] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/test/mjsunit/regress/regress-crbug-783902.js [modify] https://crrev.com/cc9e77abe8497578a967259f643dcfb12e134fdb/tools/v8heapconst.py
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Comment 1 by ClusterFuzz
, Nov 10 2017Owner: ishell@chromium.org
Status: Assigned (was: Untriaged)