nodejs · nodejs-github-bot · Nov 11, 2022 · Nov 8, 2022
diff --git a/common.gypi b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.18',
+    'v8_embedder_string': '-node.19',
 
     ##### V8 defaults for Node.js #####
 

diff --git a/deps/v8/src/execution/isolate.cc b/deps/v8/src/execution/isolate.cc
@@ -1949,6 +1949,15 @@ Object Isolate::UnwindAndFindHandler() {
   // Special handling of termination exceptions, uncatchable by JavaScript and
   // Wasm code, we unwind the handlers until the top ENTRY handler is found.
   bool catchable_by_js = is_catchable_by_javascript(exception);
+  if (!catchable_by_js && !context().is_null()) {
+    // Because the array join stack will not pop the elements when throwing the
+    // uncatchable terminate exception, we need to clear the array join stack to
+    // avoid leaving the stack in an invalid state.
+    // See also CycleProtectedArrayJoin.
+    raw_native_context().set_array_join_stack(
+        ReadOnlyRoots(this).undefined_value());
+  }
+
   int visited_frames = 0;
 
 #if V8_ENABLE_WEBASSEMBLY

diff --git a/deps/v8/test/inspector/runtime/evaluate-repl-mode-side-effecting-array-join-expected.txt b/deps/v8/test/inspector/runtime/evaluate-repl-mode-side-effecting-array-join-expected.txt
@@ -0,0 +1,48 @@
+Tests that Runtime.evaluate with REPL mode correctly handles Array.prototype.join.
+{
+    id : <messageId>
+    result : {
+        result : {
+            className : Array
+            description : Array(1)
+            objectId : <objectId>
+            subtype : array
+            type : object
+        }
+    }
+}
+{
+    id : <messageId>
+    result : {
+        exceptionDetails : {
+            columnNumber : -1
+            exception : {
+                className : EvalError
+                description : EvalError: Possible side-effect in debug-evaluate
+                objectId : <objectId>
+                subtype : error
+                type : object
+            }
+            exceptionId : <exceptionId>
+            lineNumber : -1
+            scriptId : <scriptId>
+            text : Uncaught
+        }
+        result : {
+            className : EvalError
+            description : EvalError: Possible side-effect in debug-evaluate
+            objectId : <objectId>
+            subtype : error
+            type : object
+        }
+    }
+}
+{
+    id : <messageId>
+    result : {
+        result : {
+            type : string
+            value : /a/
+        }
+    }
+}
diff --git a/deps/v8/test/inspector/runtime/evaluate-repl-mode-side-effecting-array-join.js b/deps/v8/test/inspector/runtime/evaluate-repl-mode-side-effecting-array-join.js
@@ -0,0 +1,32 @@
+// Copyright 2022 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+let {Protocol} = InspectorTest.start(
+  'Tests that Runtime.evaluate with REPL mode correctly handles \
+Array.prototype.join.');
+
+Protocol.Runtime.enable();
+(async function () {
+  await evaluateReplWithSideEffects('a=[/a/]')
+  await evaluateRepl('a.toString()');
+  await evaluateReplWithSideEffects('a.toString()');
+
+  InspectorTest.completeTest();
+})();
+
+async function evaluateRepl(expression) {
+  InspectorTest.logMessage(await Protocol.Runtime.evaluate({
+    expression: expression,
+    replMode: true,
+    throwOnSideEffect: true
+  }));
+}
+
+async function evaluateReplWithSideEffects(expression) {
+  InspectorTest.logMessage(await Protocol.Runtime.evaluate({
+    expression: expression,
+    replMode: true,
+    throwOnSideEffect: false
+  }));
+}
diff --git a/deps/v8/test/unittests/execution/thread-termination-unittest.cc b/deps/v8/test/unittests/execution/thread-termination-unittest.cc
@@ -33,6 +33,7 @@
 #include "src/init/v8.h"
 #include "src/objects/objects-inl.h"
 #include "test/unittests/test-utils.h"
+#include "testing/gmock-support.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace v8 {
@@ -889,6 +890,75 @@ TEST_F(ThreadTerminationTest, TerminateConsole) {
   CHECK(isolate()->IsExecutionTerminating());
 }
 
+TEST_F(ThreadTerminationTest, TerminationClearArrayJoinStack) {
+  internal::v8_flags.allow_natives_syntax = true;
+  HandleScope scope(isolate());
+  Local<ObjectTemplate> global_template =
+      CreateGlobalTemplate(isolate(), TerminateCurrentThread, DoLoopNoCall);
+  {
+    Local<Context> context = Context::New(isolate(), nullptr, global_template);
+    Context::Scope context_scope(context);
+    {
+      TryCatch try_catch(isolate());
+      TryRunJS(
+          "var error = false;"
+          "var a = [{toString(){if(error)loop()}}];"
+          "function Join(){ return a.join();}; "
+          "%PrepareFunctionForOptimization(Join);"
+          "Join();"
+          "%OptimizeFunctionOnNextCall(Join);"
+          "error = true;"
+          "Join();");
+      CHECK(try_catch.HasTerminated());
+      CHECK(isolate()->IsExecutionTerminating());
+    }
+    EXPECT_THAT(RunJS("a[0] = 1; Join();"), testing::IsString("1"));
+  }
+  {
+    Local<Context> context = Context::New(isolate(), nullptr, global_template);
+    Context::Scope context_scope(context);
+    {
+      TryCatch try_catch(isolate());
+      TryRunJS(
+          "var a = [{toString(){loop()}}];"
+          "function Join(){ return a.join();}; "
+          "Join();");
+      CHECK(try_catch.HasTerminated());
+      CHECK(isolate()->IsExecutionTerminating());
+    }
+    EXPECT_THAT(RunJS("a[0] = 1; Join();"), testing::IsString("1"));
+  }
+  {
+    ConsoleImpl console;
+    debug::SetConsoleDelegate(isolate(), &console);
+    HandleScope scope(isolate());
+    Local<Context> context = Context::New(isolate(), nullptr, global_template);
+    Context::Scope context_scope(context);
+    {
+      // setup console global.
+      HandleScope scope(isolate());
+      Local<String> name = String::NewFromUtf8Literal(
+          isolate(), "console", NewStringType::kInternalized);
+      Local<Value> console = context->GetExtrasBindingObject()
+                                 ->Get(context, name)
+                                 .ToLocalChecked();
+      context->Global()->Set(context, name, console).FromJust();
+    }
+    CHECK(!isolate()->IsExecutionTerminating());
+    {
+      TryCatch try_catch(isolate());
+      CHECK(!isolate()->IsExecutionTerminating());
+      CHECK(TryRunJS("var a = [{toString(){terminate();console.log();fail()}}];"
+                     "function Join() {return a.join();}"
+                     "Join();")
+                .IsEmpty());
+      CHECK(try_catch.HasCaught());
+      CHECK(isolate()->IsExecutionTerminating());
+    }
+    EXPECT_THAT(RunJS("a[0] = 1; Join();"), testing::IsString("1"));
+  }
+}
+
 class TerminatorSleeperThread : public base::Thread {
  public:
   explicit TerminatorSleeperThread(Isolate* isolate, int sleep_ms)