Ill in v8::internal::JSFunction::ComputeInstanceSizeWithMinSlack |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6263490237693952 Fuzzer: ochang_js_fuzzer Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Ill Crash Address: 0x55f16d5322ae Crash State: v8::internal::JSFunction::ComputeInstanceSizeWithMinSlack v8::internal::compiler::InitialMapInstanceSizePredictionDependency::IsValid AreValid Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=55889:55890 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6263490237693952 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 27
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/7af52329de407a336990688d1647be291f2cd936 ([turbofan] Serialize initial map's predicted instance size.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Sep 28
,
Sep 28
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/e693c691ec95a1027ba1067637b8dff68089fedd commit e693c691ec95a1027ba1067637b8dff68089fedd Author: Jaroslav Sevcik <jarin@chromium.org> Date: Fri Sep 28 08:20:42 2018 [turbofan] Fail slack tracking dependency if initial map disappears. Bug: chromium:890057 Change-Id: I98bc278ebc202c3d8f6417367bd1c592e4824011 Reviewed-on: https://chromium-review.googlesource.com/1250481 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56279} [modify] https://crrev.com/e693c691ec95a1027ba1067637b8dff68089fedd/src/compiler/compilation-dependencies.cc [add] https://crrev.com/e693c691ec95a1027ba1067637b8dff68089fedd/test/mjsunit/compiler/regress-890057.js
,
Sep 29
ClusterFuzz has detected this issue as fixed in range 56278:56279. Detailed report: https://clusterfuzz.com/testcase?key=6263490237693952 Fuzzer: ochang_js_fuzzer Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Ill Crash Address: 0x55f16d5322ae Crash State: v8::internal::JSFunction::ComputeInstanceSizeWithMinSlack v8::internal::compiler::InitialMapInstanceSizePredictionDependency::IsValid AreValid Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=55889:55890 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=56278:56279 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6263490237693952 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 29
ClusterFuzz testcase 6263490237693952 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Sep 27Labels: Test-Predator-Auto-Components