V8 correctness failure in configs: x64,ignition:arm,ignition |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4818706422824960 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:arm,ignition sources: 8ef Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=56533:56534 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4818706422824960 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 16
+sheriff
,
Nov 16
Note the run of the arm sim binary also got an additional flag --stress-marking=100 passed. Not sure if that makes the difference here.
,
Nov 16
None of the flags are needed. It could be the difference between 32bit and 64bit architectures, because I observe the same difference between x64 and ia32 as well. Here is a reduced repro ... mstarzinger@hopkinson:~$ cat ~/Downloads/clusterfuzz-testcase-minimized-4818706422824960-mod.js var a = []; a.splice(0, 0, 0x40000000); console.log(a.hasOwnProperty(1)); mstarzinger@hopkinson:~$ ~/Development/v8.git/out/x64.debug/d8 ~/Downloads/clusterfuzz-testcase-minimized-4818706422824960-mod.js false mstarzinger@hopkinson:~$ ~/Development/v8.git/out/arm.debug/d8 ~/Downloads/clusterfuzz-testcase-minimized-4818706422824960-mod.js true
,
Dec 11
ClusterFuzz has detected this issue as fixed in range 58156:58157. Detailed report: https://clusterfuzz.com/testcase?key=4818706422824960 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:arm,ignition sources: 8ef Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=56533:56534 Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=58156:58157 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4818706422824960 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 11
ClusterFuzz testcase 4818706422824960 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Nov 16Owner: mvstan...@chromium.org
Status: Assigned (was: Untriaged)