Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

[Intl] Move most functions from DateFormat to JSDateTimeFormat by ftang@chromium.org - https://chromium.googlesource.com/v8/v8/+/41db90b0da7a0909272b3ac1ee229996ec3d5044

[Intl] Use Intl::BoundFunctionContextSlot::kBoundFunction instead. by ftang@chromium.org - https://chromium.googlesource.com/v8/v8/+/3110b592537f12901b876c81ff6b1df13cd7647c

[Intl] Move NumberFormat to JSNumberFormat by ftang@chromium.org - https://chromium.googlesource.com/v8/v8/+/9c7ec98a906e5bfe259c4d913c9115f0b52e90d2

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

Issue 883439 has been merged into this issue.

 Issue 881187  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/506dc92422c5b462b2cacda493cbea040baff3c5

commit 506dc92422c5b462b2cacda493cbea040baff3c5
Author: Adam Klein <adamk@chromium.org>
Date: Thu Sep 13 22:41:04 2018

[intl] Bind NumberFormat.prototype.format to the proper receiver

Also fix type-check to check receiver for JSReceiver, not JSObject,
and add a test for DateTimeFormat verifying that it already
has the proper behavior.

Bug:  chromium:881023 
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I950c86094dfb9634e0b7e49bcbbb022fa81a71f7
Reviewed-on: https://chromium-review.googlesource.com/1225612
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55880}
[modify] https://crrev.com/506dc92422c5b462b2cacda493cbea040baff3c5/src/builtins/builtins-intl.cc
[modify] https://crrev.com/506dc92422c5b462b2cacda493cbea040baff3c5/test/intl/date-format/format-is-bound.js
[modify] https://crrev.com/506dc92422c5b462b2cacda493cbea040baff3c5/test/intl/number-format/format-is-bound.js

ClusterFuzz has detected this issue as fixed in range 591312:591313.

Detailed report: https://clusterfuzz.com/testcase?key=6441590000975872

Fuzzer: inferno_twister
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  v8::internal::Builtin_Impl_NumberFormatInternalFormatNumber
  v8::internal::Simulator::DoRuntimeCall
  v8::internal::Simulator::ExecuteInstruction
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=588833:588834
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=591312:591313

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6441590000975872

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6441590000975872 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.