diff --git a/common.gypi b/common.gypi index ee91fb1df6d913..36e5de56341a51 100644 --- a/common.gypi +++ b/common.gypi @@ -36,7 +36,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.16', + 'v8_embedder_string': '-node.17', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64.h b/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64.h index 549bbe7f10a9b8..bea5100ef3e9f8 100644 --- a/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64.h +++ b/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64.h @@ -133,10 +133,16 @@ inline MemOperand GetMemOp(LiftoffAssembler* assm, return i64_offset ? MemOperand(addr.X(), offset.X()) : MemOperand(addr.X(), offset.W(), UXTW); } - Register tmp = temps->AcquireX(); DCHECK_GE(kMaxUInt32, offset_imm); - assm->Add(tmp, offset.X(), offset_imm); - return MemOperand(addr.X(), tmp); + if (i64_offset) { + Register tmp = temps->AcquireX(); + assm->Add(tmp, offset.X(), offset_imm); + return MemOperand(addr.X(), tmp); + } else { + Register tmp = temps->AcquireW(); + assm->Add(tmp, offset.W(), offset_imm); + return MemOperand(addr.X(), tmp, UXTW); + } } return MemOperand(addr.X(), offset_imm); } diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-11809.js b/deps/v8/test/mjsunit/regress/wasm/regress-11809.js index 890e26c609e151..eef8c291f6e6db 100644 --- a/deps/v8/test/mjsunit/regress/wasm/regress-11809.js +++ b/deps/v8/test/mjsunit/regress/wasm/regress-11809.js @@ -2,11 +2,12 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // -// Flags: --enable-testing-opcode-in-wasm --nowasm-tier-up --wasm-tier-mask-for-testing=2 +// Flags: --enable-testing-opcode-in-wasm --nowasm-tier-up +// Flags: --wasm-tier-mask-for-testing=2 load("test/mjsunit/wasm/wasm-module-builder.js"); -var instance = (function () { +function InstanceMaker(offset) { var builder = new WasmModuleBuilder(); builder.addMemory(1, 1, false /* exported */); @@ -24,7 +25,7 @@ var instance = (function () { var two = builder.addFunction("two", kSig_v_i); var three = builder.addFunction("three", sig_three).addBody([]); - zero.addBody([kExprLocalGet, 0, kExprI32LoadMem, 0, 0]); + zero.addBody([kExprLocalGet, 0, kExprI32LoadMem, 0, offset]); one.addBody([ kExprLocalGet, 7, @@ -53,6 +54,11 @@ var instance = (function () { ]).exportFunc(); return builder.instantiate({}); -})(); +} -instance.exports.two() +var instance = InstanceMaker(0); +instance.exports.two(); + +// Regression test for crbug.com/1224882. +var instance_with_offset = InstanceMaker(4); +instance_with_offset.exports.two();