From f4e42f9d31ea49644ccd8fe4b9f26980f556c557 Mon Sep 17 00:00:00 2001 From: Georg Neis Date: Wed, 7 Feb 2018 10:55:40 +0100 Subject: [PATCH] [bigint,compiler] Fix endianness issue in bitfield access. See https://chromium-review.googlesource.com/c/v8/v8/+/904725. Change-Id: I6b017c0a8d1c521a83e0c6b5315e1c9689bb4f19 Bug: v8:6791 Reviewed-on: https://chromium-review.googlesource.com/906422 Reviewed-by: Jaroslav Sevcik Commit-Queue: Georg Neis Cr-Commit-Position: refs/heads/master@{#51140} --- src/compiler/access-builder.cc | 2 +- src/compiler/effect-control-linearizer.cc | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/compiler/access-builder.cc b/src/compiler/access-builder.cc index 581b79e110..c28f0c31d2 100644 --- a/src/compiler/access-builder.cc +++ b/src/compiler/access-builder.cc @@ -56,7 +56,7 @@ FieldAccess AccessBuilder::ForHeapNumberValue() { FieldAccess AccessBuilder::ForBigIntBitfield() { FieldAccess access = { kTaggedBase, BigInt::kBitfieldOffset, MaybeHandle(), - MaybeHandle(), TypeCache::Get().kInt32, MachineType::Int32(), + MaybeHandle(), TypeCache::Get().kInt32, MachineType::IntPtr(), kNoWriteBarrier}; return access; } diff --git a/src/compiler/effect-control-linearizer.cc b/src/compiler/effect-control-linearizer.cc index b199bcf9e4..784ed1958e 100644 --- a/src/compiler/effect-control-linearizer.cc +++ b/src/compiler/effect-control-linearizer.cc @@ -1175,9 +1175,9 @@ void EffectControlLinearizer::TruncateTaggedPointerToBit( __ Bind(&if_bigint); { Node* bitfield = __ LoadField(AccessBuilder::ForBigIntBitfield(), value); - Node* length_is_zero = __ Word32Equal( - __ Word32And(bitfield, __ Int32Constant(BigInt::LengthBits::kMask)), - zero); + Node* length_is_zero = __ WordEqual( + __ WordAnd(bitfield, __ IntPtrConstant(BigInt::LengthBits::kMask)), + __ IntPtrConstant(0)); __ Goto(done, __ Word32Equal(length_is_zero, zero)); } }