Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/cc862e69c9deb4c48aec613c8595a2029bdddec0

commit cc862e69c9deb4c48aec613c8595a2029bdddec0
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Wed Mar 14 08:13:12 2018

[Liftoff] Fix stack pointer corruption

During a C call, a previous value of the stack pointer is stored in a
platform specific callee saved register. Loading the out argument of the
C call might overwrite the value in that register, if the destination
register collides with the platform specific register. Hence, do first
use that register to restore the previous stack pointer, and only then
load the out argument.
Similarly, when pushing arguments to the stack, do first push all
values and then set the platform specific register in order to avoid
overwriting an argument value held in that register.

Drive-by: Fix offset computations for parameters pushed to the stack
for c calls.

R=titzer@chromium.org

Bug:  chromium:820802 , chromium:820896 , chromium:820807 ,v8:6600
Change-Id: If4567467b7912454f0bd2cad5927233c98894b03
Reviewed-on: https://chromium-review.googlesource.com/959064
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51916}
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/arm/liftoff-assembler-arm.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/arm64/liftoff-assembler-arm64.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/ia32/liftoff-assembler-ia32.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/liftoff-assembler.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/mips/liftoff-assembler-mips.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/ppc/liftoff-assembler-ppc.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/s390/liftoff-assembler-s390.h
[modify] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/src/wasm/baseline/x64/liftoff-assembler-x64.h
[add] https://crrev.com/cc862e69c9deb4c48aec613c8595a2029bdddec0/test/mjsunit/regress/wasm/regress-820802.js

ClusterFuzz has detected this issue as fixed in range 543078:543081.

Detailed report: https://clusterfuzz.com/testcase?key=6057178067369984

Fuzzer: libFuzzer_v8_wasm_compile_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  result_interpreter == result_liftoff in wasm-fuzzer-common.cc
  v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule
  wasm-compile.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=542394:542396
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=543078:543081

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6057178067369984

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6057178067369984 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.