[ic][ptr-compr] Fix CloneObjectIC for pointer compression mode

Bug: chromium:973045, v8:7611, v8:9114, v8:9183, v8:9343 Tbr: verwaest@chromium.org,tebbi@chromium.org Change-Id: I08b509368972956d1c7aedf53884d2590e4cfa27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660619 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62193}
2019-06-14 19:43:24 +02:00 · 2019-06-14 19:43:24 +02:00 · c5391e9dde
commit c5391e9dde
parent d7a8170d2d
2 changed files with 8 additions and 2 deletions
--- a/src/compiler/code-assembler.h
+++ b/src/compiler/code-assembler.h
@ -147,6 +147,12 @@ struct Float64T : UntaggedT {
  static constexpr MachineType kMachineType = MachineType::Float64();
 };

+#ifdef V8_COMPRESS_POINTERS
+using TaggedT = Int32T;
+#else
+using TaggedT = IntPtrT;
+#endif
+
 // Result of a comparison operation.
 struct BoolT : Word32T {};

--- a/src/ic/accessor-assembler.cc
+++ b/src/ic/accessor-assembler.cc
@ -3768,8 +3768,8 @@ void AccessorAssembler::GenerateCloneObjectIC() {
        [=](Node* field_index) {
          TNode<IntPtrT> field_offset =
              TimesTaggedSize(UncheckedCast<IntPtrT>(field_index));
-          TNode<IntPtrT> field =
-              LoadObjectField<IntPtrT>(CAST(source), field_offset);
+          TNode<TaggedT> field =
+              LoadObjectField<TaggedT>(CAST(source), field_offset);
          TNode<IntPtrT> result_offset =
              IntPtrAdd(field_offset, field_offset_difference);
          StoreObjectFieldNoWriteBarrier(object, result_offset, field);