From 71bf5130626a62dba5b2ecacf863827124a5d019 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Wed, 28 Dec 2022 08:07:51 +0000 Subject: [PATCH] deps: patch V8 to 10.8.168.25 Refs: https://github.com/v8/v8/compare/10.8.168.21...10.8.168.25 PR-URL: https://github.com/nodejs/node/pull/45996 Reviewed-By: Jiawen Geng Reviewed-By: Rafael Gonzaga --- deps/v8/include/v8-version.h | 2 +- deps/v8/src/ast/scopes.cc | 1 + deps/v8/src/codegen/arm/assembler-arm.cc | 19 +++++++++++++++---- .../backend/x64/code-generator-x64.cc | 17 ++++++++++++++++- .../src/sandbox/external-pointer-table-inl.h | 8 ++++++++ deps/v8/src/sandbox/external-pointer-table.cc | 12 ------------ deps/v8/src/wasm/graph-builder-interface.cc | 2 +- .../mjsunit/regress/regress-crbug-1394973.js | 7 +++++++ 8 files changed, 49 insertions(+), 19 deletions(-) create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-1394973.js diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index 1253f9ef0eecf3..b5b7a58e9fe88f 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 10 #define V8_MINOR_VERSION 8 #define V8_BUILD_NUMBER 168 -#define V8_PATCH_LEVEL 21 +#define V8_PATCH_LEVEL 25 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/ast/scopes.cc b/deps/v8/src/ast/scopes.cc index 7bf3bcc7796d60..0f4d8d44ebb6d0 100644 --- a/deps/v8/src/ast/scopes.cc +++ b/deps/v8/src/ast/scopes.cc @@ -929,6 +929,7 @@ void Scope::Snapshot::Reparent(DeclarationScope* new_parent) { // Move eval calls since Snapshot's creation into new_parent. if (outer_scope_->calls_eval_) { new_parent->RecordEvalCall(); + outer_scope_->calls_eval_ = false; declaration_scope_->sloppy_eval_can_extend_vars_ = false; } } diff --git a/deps/v8/src/codegen/arm/assembler-arm.cc b/deps/v8/src/codegen/arm/assembler-arm.cc index b2d7cad0963cd7..3fe769a0ecc7d2 100644 --- a/deps/v8/src/codegen/arm/assembler-arm.cc +++ b/deps/v8/src/codegen/arm/assembler-arm.cc @@ -1444,10 +1444,6 @@ int Assembler::branch_offset(Label* L) { L->link_to(pc_offset()); } - // Block the emission of the constant pool, since the branch instruction must - // be emitted at the pc offset recorded by the label. - if (!is_const_pool_blocked()) BlockConstPoolFor(1); - return target_pos - (pc_offset() + Instruction::kPcLoadDelta); } @@ -1458,6 +1454,11 @@ void Assembler::b(int branch_offset, Condition cond, RelocInfo::Mode rmode) { int imm24 = branch_offset >> 2; const bool b_imm_check = is_int24(imm24); CHECK(b_imm_check); + + // Block the emission of the constant pool before the next instruction. + // Otherwise the passed-in branch offset would be off. + BlockConstPoolFor(1); + emit(cond | B27 | B25 | (imm24 & kImm24Mask)); if (cond == al) { @@ -1472,6 +1473,11 @@ void Assembler::bl(int branch_offset, Condition cond, RelocInfo::Mode rmode) { int imm24 = branch_offset >> 2; const bool bl_imm_check = is_int24(imm24); CHECK(bl_imm_check); + + // Block the emission of the constant pool before the next instruction. + // Otherwise the passed-in branch offset would be off. + BlockConstPoolFor(1); + emit(cond | B27 | B25 | B24 | (imm24 & kImm24Mask)); } @@ -1481,6 +1487,11 @@ void Assembler::blx(int branch_offset) { int imm24 = branch_offset >> 2; const bool blx_imm_check = is_int24(imm24); CHECK(blx_imm_check); + + // Block the emission of the constant pool before the next instruction. + // Otherwise the passed-in branch offset would be off. + BlockConstPoolFor(1); + emit(kSpecialCondition | B27 | B25 | h | (imm24 & kImm24Mask)); } diff --git a/deps/v8/src/compiler/backend/x64/code-generator-x64.cc b/deps/v8/src/compiler/backend/x64/code-generator-x64.cc index 6a29cb308e593a..e3f759f570050c 100644 --- a/deps/v8/src/compiler/backend/x64/code-generator-x64.cc +++ b/deps/v8/src/compiler/backend/x64/code-generator-x64.cc @@ -5295,7 +5295,22 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case MoveType::kStackToRegister: { Operand src = g.ToOperand(source); if (source->IsStackSlot()) { - __ movq(g.ToRegister(destination), src); + MachineRepresentation mr = + LocationOperand::cast(source)->representation(); + const bool is_32_bit = mr == MachineRepresentation::kWord32 || + mr == MachineRepresentation::kCompressed || + mr == MachineRepresentation::kCompressedPointer; + // TODO(13581): Fix this for other code kinds (see + // https://crbug.com/1356461). + if (code_kind() == CodeKind::WASM_FUNCTION && is_32_bit) { + // When we need only 32 bits, move only 32 bits. Benefits: + // - Save a byte here and there (depending on the destination + // register; "movl eax, ..." is smaller than "movq rax, ..."). + // - Safeguard against accidental decompression of compressed slots. + __ movl(g.ToRegister(destination), src); + } else { + __ movq(g.ToRegister(destination), src); + } } else { DCHECK(source->IsFPStackSlot()); XMMRegister dst = g.ToDoubleRegister(destination); diff --git a/deps/v8/src/sandbox/external-pointer-table-inl.h b/deps/v8/src/sandbox/external-pointer-table-inl.h index 1e4ff34e6140d0..9295ddd3a3fa12 100644 --- a/deps/v8/src/sandbox/external-pointer-table-inl.h +++ b/deps/v8/src/sandbox/external-pointer-table-inl.h @@ -6,6 +6,7 @@ #define V8_SANDBOX_EXTERNAL_POINTER_TABLE_INL_H_ #include "src/base/atomicops.h" +#include "src/common/assert-scope.h" #include "src/sandbox/external-pointer-table.h" #include "src/sandbox/external-pointer.h" #include "src/utils/allocation.h" @@ -75,6 +76,13 @@ ExternalPointerHandle ExternalPointerTable::AllocateAndInitializeEntry( Isolate* isolate, Address initial_value, ExternalPointerTag tag) { DCHECK(is_initialized()); + // We currently don't want entry allocation to trigger garbage collection as + // this may cause seemingly harmless pointer field assignments to trigger + // garbage collection. This is especially true for lazily-initialized + // external pointer slots which will typically only allocate the external + // pointer table entry when the pointer is first set to a non-null value. + DisallowGarbageCollection no_gc; + Freelist freelist; bool success = false; while (!success) { diff --git a/deps/v8/src/sandbox/external-pointer-table.cc b/deps/v8/src/sandbox/external-pointer-table.cc index 95d8819dc5dde7..6a3d8aeb196195 100644 --- a/deps/v8/src/sandbox/external-pointer-table.cc +++ b/deps/v8/src/sandbox/external-pointer-table.cc @@ -315,18 +315,6 @@ ExternalPointerTable::Freelist ExternalPointerTable::Grow(Isolate* isolate) { set_capacity(new_capacity); - // Schedule GC when the table's utilization crosses one of these thresholds. - constexpr double kGCThresholds[] = {0.5, 0.75, 0.9, 0.95, 0.99}; - constexpr double kMaxCapacity = static_cast(kMaxExternalPointers); - double old_utilization = static_cast(old_capacity) / kMaxCapacity; - double new_utilization = static_cast(new_capacity) / kMaxCapacity; - for (double threshold : kGCThresholds) { - if (old_utilization < threshold && new_utilization >= threshold) { - isolate->heap()->ReportExternalMemoryPressure(); - break; - } - } - // Build freelist bottom to top, which might be more cache friendly. uint32_t start = std::max(old_capacity, 1); // Skip entry zero uint32_t last = new_capacity - 1; diff --git a/deps/v8/src/wasm/graph-builder-interface.cc b/deps/v8/src/wasm/graph-builder-interface.cc index fb1f19c2b13604..abf68f80dd7148 100644 --- a/deps/v8/src/wasm/graph-builder-interface.cc +++ b/deps/v8/src/wasm/graph-builder-interface.cc @@ -2106,7 +2106,7 @@ class WasmGraphBuildingInterface { } if (exception_value != nullptr) { *exception_value = builder_->LoopExitValue( - *exception_value, MachineRepresentation::kWord32); + *exception_value, MachineRepresentation::kTaggedPointer); } if (wrap_exit_values) { WrapLocalsAtLoopExit(decoder, control); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-1394973.js b/deps/v8/test/mjsunit/regress/regress-crbug-1394973.js new file mode 100644 index 00000000000000..c0b9ceebcc2278 --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-1394973.js @@ -0,0 +1,7 @@ +// Copyright 2022 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --stress-lazy-source-positions + +((__v_0 = ((__v_0 =eval()) => {})()) => {})()