[arm64] Clear the upper 32 bits after a TruncateDoubleToI

TruncateDoubleToI generated a 32-bit result but did not clear the upper
32 bits. This violated the invariant that the upper 32 bits should be
cleared when the result is 32 bits. This change fixes the bug mentioned
below. Clearing the upper 32 bits is also done on x64.

R=v8-arm-ports@googlegroups.com, titzer@chromium.org, martyn.capewell@arm.com

Bug: chromium:738952
Change-Id: I7e23e03fbed380ff08803db41fbae6382957ba08
Reviewed-on: https://chromium-review.googlesource.com/559671Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46440}

src/arm64/macro-assembler-arm64.cc

@@ -2772,6 +2772,8 @@ void MacroAssembler::TruncateDoubleToI(Register result,
   }
 
   Bind(&done);
+  // Keep our invariant that the upper 32 bits are zero.
+  Uxtw(result.W(), result.W());
 }
 
 

test/cctest/compiler/test-run-machops.cc

@@ -6843,6 +6843,19 @@ TEST(Regression5951_32bit) {
   CHECK_EQ(input, m.Call(input));
 }
 
+TEST(Regression738952) {
+  RawMachineAssemblerTester<int32_t> m;
+
+  int32_t sentinel = 1234;
+  // The index can be any value where the lower bits are 0 and the upper bits
+  // are not 0;
+  int64_t index = 3224;
+  index <<= 32;
+  double d = static_cast<double>(index);
+  m.Return(m.Load(MachineType::Int32(), m.PointerConstant(&sentinel),
+                  m.TruncateFloat64ToWord32(m.Float64Constant(d))));
+  CHECK_EQ(sentinel, m.Call());
+}
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8