Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/cc862e69c9deb4c48aec613c8595a2029bdddec0

commit cc862e69c9deb4c48aec613c8595a2029bdddec0
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Wed Mar 14 08:13:12 2018

[Liftoff] Fix stack pointer corruption

During a C call, a previous value of the stack pointer is stored in a
platform specific callee saved register. Loading the out argument of the
C call might overwrite the value in that register, if the destination
register collides with the platform specific register. Hence, do first
use that register to restore the previous stack pointer, and only then
load the out argument.
Similarly, when pushing arguments to the stack, do first push all
values and then set the platform specific register in order to avoid
overwriting an argument value held in that register.

Drive-by: Fix offset computations for parameters pushed to the stack
for c calls.

R=titzer@chromium.org

Bug:  chromium:820802 , chromium:820896 , chromium:820807 ,v8:6600
Change-Id: If4567467b7912454f0bd2cad5927233c98894b03
Reviewed-on: https://chromium-review.googlesource.com/959064
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51916}
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/arm/liftoff-assembler-arm.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/arm64/liftoff-assembler-arm64.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/ia32/liftoff-assembler-ia32.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/liftoff-assembler.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/mips/liftoff-assembler-mips.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/ppc/liftoff-assembler-ppc.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/s390/liftoff-assembler-s390.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/x64/liftoff-assembler-x64.h
[add] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/test/mjsunit/regress/wasm/regress-820802.js

ClusterFuzz has detected this issue as fixed in range 543078:543084.

Detailed report: https://clusterfuzz.com/testcase?key=5354094370488320

Fuzzer: afl_v8_wasm_compile_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x0000ed7b7bb0
Crash State:
  v8::internal::Invoke
  v8::internal::CallInternal
  v8::internal::Execution::Call
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=542394:542396
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=543078:543084

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5354094370488320

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5354094370488320 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.