Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/58988c6c6395788799057ab8a0676d0534c46c14 ([parser] Remove broken/half-implemented do-expressions).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4235fc0bae8746c219ff6999cfc5b255aaffdaf1

commit 4235fc0bae8746c219ff6999cfc5b255aaffdaf1
Author: Toon Verwaest <verwaest@chromium.org>
Date: Mon Nov 12 09:44:56 2018

[parser] Restore reparenting of temporaries

Now that we have no more do-expressions, we don't need to reparent variables
and declarations anymore. However, it's still possible that temporaries were
implicitly allocated. We still need to move those.

Bug:  chromium:904255 
Change-Id: Ia8a90eb822b9db123ffb0bad58e4b720c1452d9f
Reviewed-on: https://chromium-review.googlesource.com/c/1329685
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57424}
[modify] https://crrev.com/4235fc0bae8746c219ff6999cfc5b255aaffdaf1/src/ast/scopes.cc
[modify] https://crrev.com/4235fc0bae8746c219ff6999cfc5b255aaffdaf1/src/ast/scopes.h
[add] https://crrev.com/4235fc0bae8746c219ff6999cfc5b255aaffdaf1/test/mjsunit/regress/regress-904255.js

Issue 904168 has been merged into this issue.

ClusterFuzz testcase 5511346646679552 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 57423:57424.

Detailed report: https://clusterfuzz.com/testcase?key=6510837914927104

Fuzzer: lokihardt_jshitter
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: Ill
Crash Address: 0x55f9002a6a18
Crash State:
  v8::internal::interpreter::BytecodeArrayBuilder::Local
  v8::internal::interpreter::BytecodeGenerator::BuildVariableAssignment
  v8::internal::interpreter::BytecodeGenerator::VisitAssignment
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8&range=57387:57388
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8&range=57423:57424

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6510837914927104

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

+cc lokihardt@ who is the author of this fuzzer.