nodejs · cristiancavalli · Jun 28, 2016 · Jun 29, 2016 · Aug 9, 2016
diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 5
 #define V8_MINOR_VERSION 1
 #define V8_BUILD_NUMBER 281
-#define V8_PATCH_LEVEL 78
+#define V8_PATCH_LEVEL 79
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)

diff --git a/deps/v8/src/ia32/assembler-ia32.cc b/deps/v8/src/ia32/assembler-ia32.cc
@@ -787,14 +787,14 @@ void Assembler::cmpw(const Operand& op, Immediate imm16) {
 void Assembler::cmpw(Register reg, const Operand& op) {
  EnsureSpace ensure_space(this);
  EMIT(0x66);
- EMIT(0x39);
+ EMIT(0x3B);
  emit_operand(reg, op);
 }
 
 void Assembler::cmpw(const Operand& op, Register reg) {
  EnsureSpace ensure_space(this);
  EMIT(0x66);
- EMIT(0x3B);
+ EMIT(0x39);
  emit_operand(reg, op);
 }
 

diff --git a/deps/v8/src/ia32/disasm-ia32.cc b/deps/v8/src/ia32/disasm-ia32.cc
@@ -1602,18 +1602,31 @@ int DisassemblerIA32::InstructionDecode(v8::internal::Vector<char> out_buffer,
  while (*data == 0x66) data++;
  if (*data == 0xf && data[1] == 0x1f) {
  AppendToBuffer("nop"); // 0x66 prefix
- } else if (*data == 0x90) {
- AppendToBuffer("nop"); // 0x66 prefix
- } else if (*data == 0x8B) {
+ } else if (*data == 0x39) {
  data++;
- data += PrintOperands("mov_w", REG_OPER_OP_ORDER, data);
+ data += PrintOperands("cmpw", OPER_REG_OP_ORDER, data);
+ } else if (*data == 0x3B) {
+ data++;
+ data += PrintOperands("cmpw", REG_OPER_OP_ORDER, data);
+ } else if (*data == 0x81) {
+ data++;
+ AppendToBuffer("cmpw ");
+ data += PrintRightOperand(data);
+ int imm = *reinterpret_cast<int16_t*>(data);
+ AppendToBuffer(",0x%x", imm);
+ data += 2;
  } else if (*data == 0x89) {
  data++;
  int mod, regop, rm;
  get_modrm(*data, &mod, &regop, &rm);
  AppendToBuffer("mov_w ");
  data += PrintRightOperand(data);
  AppendToBuffer(",%s", NameOfCPURegister(regop));
+ } else if (*data == 0x8B) {
+ data++;
+ data += PrintOperands("mov_w", REG_OPER_OP_ORDER, data);
+ } else if (*data == 0x90) {
+ AppendToBuffer("nop"); // 0x66 prefix
  } else if (*data == 0xC7) {
  data++;
  AppendToBuffer("%s ", "mov_w");

diff --git a/deps/v8/test/cctest/test-assembler-ia32.cc b/deps/v8/test/cctest/test-assembler-ia32.cc
@@ -1497,4 +1497,45 @@ TEST(AssemblerIa32JumpTables2) {
  }
 }
 
+TEST(Regress621926) {
+ // Bug description:
+ // The opcodes for cmpw r/m16, r16 and cmpw r16, r/m16 were swapped.
+ // This was causing non-commutative comparisons to produce the wrong result.
+ CcTest::InitializeVM();
+ Isolate* isolate = reinterpret_cast<Isolate*>(CcTest::isolate());
+ HandleScope scope(isolate);
+ Assembler assm(isolate, nullptr, 0);
+
+ uint16_t a = 42;
+
+ Label fail;
+ __ push(ebx);
+ __ mov(ebx, Immediate(reinterpret_cast<intptr_t>(&a)));
+ __ mov(eax, Immediate(41));
+ __ cmpw(eax, Operand(ebx, 0));
+ __ j(above_equal, &fail);
+ __ cmpw(Operand(ebx, 0), eax);
+ __ j(below_equal, &fail);
+ __ mov(eax, 1);
+ __ pop(ebx);
+ __ ret(0);
+ __ bind(&fail);
+ __ mov(eax, 0);
+ __ pop(ebx);
+ __ ret(0);
+
+ CodeDesc desc;
+ assm.GetCode(&desc);
+ Handle<Code> code = isolate->factory()->NewCode(
+ desc, Code::ComputeFlags(Code::STUB), Handle<Code>());
+
+#ifdef OBJECT_PRINT
+ OFStream os(stdout);
+ code->Print(os);
+#endif
+
+ F0 f = FUNCTION_CAST<F0>(code->entry());
+ CHECK_EQ(f(), 1);
+}
+
 #undef __