-
Thibaud Michaud authored
In Liftoff, the result of table.grow was smi-untagged and sign-extended to a ptr-sized value. However the result is typed as i32, so the upper 32 bits should be cleared on 64 bit platforms. In particular this is observable when the value is used as an index for a memory operand, which leads to the repro in the attached issue. Match the TF behavior by untagging the value as a 32-bit int. R=clemensb@chromium.org CC=ahaas@chromium.org Bug: chromium:1251465 Change-Id: Ia57fd8a69ecb2787b42bbf8217e448976aa1dbd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173680Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#77044}
a0ace8a8
