Fixes word64-lowered BigInt in FrameState accumulator

Bug: chromium:1016450 Change-Id: I4801b5ffb0ebea92067aa5de37e11a4e75dcd3c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873692 Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#64469}
2019-10-22 14:07:18 +02:00 · 2019-10-22 14:07:18 +02:00 · b8bf5e5365
commit b8bf5e5365
parent cff862c036
1 changed files with 15 additions and 4 deletions
--- a/src/compiler/simplified-lowering.cc
+++ b/src/compiler/simplified-lowering.cc
@ -1197,7 +1197,7 @@ class RepresentationSelector {
        // TODO(nicohartmann): Remove, once the deoptimizer can rematerialize
        // truncated BigInts.
        if (TypeOf(input).Is(Type::BigInt())) {
-          ProcessInput(node, i, UseInfo::AnyTagged());
+          ConvertInput(node, i, UseInfo::AnyTagged());
        }

        (*types)[i] =
@ -1220,11 +1220,22 @@ class RepresentationSelector {
    // Accumulator is a special flower - we need to remember its type in
    // a singleton typed-state-values node (as if it was a singleton
    // state-values node).
+    Node* accumulator = node->InputAt(2);
    if (propagate()) {
-      EnqueueInput(node, 2, UseInfo::Any());
+      // TODO(nicohartmann): Remove, once the deoptimizer can rematerialize
+      // truncated BigInts.
+      if (TypeOf(accumulator).Is(Type::BigInt())) {
+        EnqueueInput(node, 2, UseInfo::AnyTagged());
+      } else {
+        EnqueueInput(node, 2, UseInfo::Any());
+      }
    } else if (lower()) {
+      // TODO(nicohartmann): Remove, once the deoptimizer can rematerialize
+      // truncated BigInts.
+      if (TypeOf(accumulator).Is(Type::BigInt())) {
+        ConvertInput(node, 2, UseInfo::AnyTagged());
+      }
      Zone* zone = jsgraph_->zone();
-      Node* accumulator = node->InputAt(2);
      if (accumulator == jsgraph_->OptimizedOutConstant()) {
        node->ReplaceInput(2, jsgraph_->SingleDeadTypedStateValues());
      } else {
@ -1237,7 +1248,7 @@ class RepresentationSelector {
        node->ReplaceInput(
            2, jsgraph_->graph()->NewNode(jsgraph_->common()->TypedStateValues(
                                              types, SparseInputMask::Dense()),
-                                          accumulator));
+                                          node->InputAt(2)));
      }
    }