deps: V8: cherry-pick b2f3aea23a01

Original commit message:

    [wasm][exnref] Do not allow exnref at the wasm/JS boundary

    [email protected]

    Bug: v8:14398
    Change-Id: I5bb75a83e9de9f838d8e530c77c89aa031f473f9
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5381603
    Reviewed-by: Matthias Liedtke <[email protected]>
    Commit-Queue: Thibaud Michaud <[email protected]>
    Cr-Commit-Position: refs/heads/main@{#92944}

Refs: v8/v8@b2f3aea

Author: thibaudmichaud

common.gypi

@@ -38,7 +38,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.40',
+    'v8_embedder_string': '-node.41',
 
     ##### V8 defaults for Node.js #####
 

deps/v8/src/wasm/wasm-js.cc

@@ -2445,9 +2445,9 @@ void WebAssemblyTableGrowImpl(const v8::FunctionCallbackInfo<v8::Value>& info) {
 namespace {
 void WasmObjectToJSReturnValue(v8::ReturnValue<v8::Value>& return_value,
                                i::Handle<i::Object> value,
-                               i::wasm::HeapType type, i::Isolate* isolate,
+                               i::wasm::ValueType type, i::Isolate* isolate,
                                ErrorThrower* thrower) {
-  switch (type.representation()) {
+  switch (type.heap_type().representation()) {
     case internal::wasm::HeapType::kStringViewWtf8:
       thrower->TypeError("%s", "stringview_wtf8 has no JS representation");
       break;
@@ -2457,6 +2457,10 @@ void WasmObjectToJSReturnValue(v8::ReturnValue<v8::Value>& return_value,
     case internal::wasm::HeapType::kStringViewIter:
       thrower->TypeError("%s", "stringview_iter has no JS representation");
       break;
+    case internal::wasm::HeapType::kExn:
+    case internal::wasm::HeapType::kNoExn:
+      thrower->TypeError("invalid type %s", type.name().c_str());
+      break;
     default: {
       return_value.Set(Utils::ToLocal(i::wasm::WasmToJSObject(isolate, value)));
       break;
@@ -2490,8 +2494,8 @@ void WebAssemblyTableGetImpl(const v8::FunctionCallbackInfo<v8::Value>& info) {
       i::WasmTableObject::Get(i_isolate, receiver, index);
 
   v8::ReturnValue<v8::Value> return_value = info.GetReturnValue();
-  WasmObjectToJSReturnValue(return_value, result, receiver->type().heap_type(),
-                            i_isolate, &thrower);
+  WasmObjectToJSReturnValue(return_value, result, receiver->type(), i_isolate,
+                            &thrower);
 }
 
 // WebAssembly.Table.set(num, any)
@@ -2767,8 +2771,7 @@ void WebAssemblyExceptionGetArgImpl(
     case i::wasm::kRefNull: {
       i::Handle<i::Object> obj = handle(values->get(decode_index), i_isolate);
       ReturnValue<Value> return_value = info.GetReturnValue();
-      return WasmObjectToJSReturnValue(return_value, obj,
-                                       signature->get(index).heap_type(),
+      return WasmObjectToJSReturnValue(return_value, obj, signature->get(index),
                                        i_isolate, &thrower);
     }
     case i::wasm::kRtt:
@@ -2836,8 +2839,7 @@ void WebAssemblyGlobalGetValueCommon(
     case i::wasm::kRef:
     case i::wasm::kRefNull: {
       WasmObjectToJSReturnValue(return_value, receiver->GetRef(),
-                                receiver->type().heap_type(), i_isolate,
-                                &thrower);
+                                receiver->type(), i_isolate, &thrower);
       break;
     }
     case i::wasm::kRtt:

deps/v8/src/wasm/wasm-objects.cc

@@ -2547,6 +2547,12 @@ MaybeHandle<Object> JSToWasmObject(Isolate* isolate, Handle<Object> value,
       case HeapType::kStringViewIter:
         *error_message = "stringview_iter has no JS representation";
         return {};
+      case HeapType::kExn:
+        *error_message = "invalid type (ref null exn)";
+        return {};
+      case HeapType::kNoExn:
+        *error_message = "invalid type (ref null noexn)";
+        return {};
       default: {
         HeapType::Representation repr =
             expected_canonical.heap_representation_non_shared();
@@ -2589,8 +2595,7 @@ MaybeHandle<Object> JSToWasmObject(Isolate* isolate, Handle<Object> value,
       return {};
     }
     case HeapType::kExn:
-      if (!IsNull(*value, isolate)) return value;
-      *error_message = "null is not allowed for (ref exn)";
+      *error_message = "invalid type (ref exn)";
       return {};
     case HeapType::kStruct: {
       if (IsWasmStruct(*value)) {

deps/v8/src/wasm/wasm-opcodes.cc

@@ -33,6 +33,7 @@ bool IsJSCompatibleSignature(const FunctionSig* sig) {
     // Rtts are internal-only. They should never be part of a signature.
     DCHECK(!type.is_rtt());
     if (type == kWasmS128) return false;
+    if (type == kWasmExnRef) return false;
     if (type.is_object_reference()) {
       switch (type.heap_representation_non_shared()) {
         case HeapType::kStringViewWtf8:

deps/v8/test/mjsunit/wasm/exnref-global.js

@@ -28,12 +28,15 @@ let kSig_e_v = makeSig([], [kWasmExnRef]);
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
   let g = builder.addGlobal(kWasmExnRef, false, false);
-  builder.addFunction('push_and_return_exnref', kSig_e_v)
-      .addBody([kExprGlobalGet, g.index])
+  builder.addFunction('push_and_check_exnref', kSig_i_v)
+      .addBody([
+          kExprGlobalGet, g.index,
+          kExprRefIsNull, kExnRefCode,
+      ])
       .exportFunc();
   let instance = builder.instantiate();
 
-  assertEquals(null, instance.exports.push_and_return_exnref());
+  assertEquals(1, instance.exports.push_and_check_exnref());
 })();
 
 // Test custom initialization index for a global "exnref" variable.
@@ -44,8 +47,16 @@ let kSig_e_v = makeSig([], [kWasmExnRef]);
   builder.addFunction('push_and_return_exnref', kSig_e_v)
       .addBody([kExprGlobalGet, g_index])
       .exportFunc();
-  let exception = { x: "my fancy exception" };
-  let instance = builder.instantiate({ "m": { "exn": exception }});
+  assertThrows(() => builder.instantiate({ "m": { "exn": {} }}), WebAssembly.LinkError);
+  assertThrows(() => builder.instantiate({ "m": { "exn": null }}), WebAssembly.LinkError);
+})();
 
-  assertSame(exception, instance.exports.push_and_return_exnref());
+(function TestGlobalExnRefJsApi() {
+  print(arguments.callee.name);
+
+  let builder = new WasmModuleBuilder();
+  let g_index = builder.addGlobal(kWasmExnRef, true, false).exportAs('g');
+  let instance = builder.instantiate();
+  assertThrows(() => new WebAssembly.Global({value: "exnref", mutable: true}, null), TypeError);
+  assertThrows(() => { instance.exports.g.value; }, TypeError);
 })();

deps/v8/test/mjsunit/wasm/exnref.js

@@ -611,12 +611,11 @@ d8.file.execute("test/mjsunit/wasm/exceptions-utils.js");
           kExprEnd,
           kExprReturn,
         kExprEnd,
-        kExprGlobalSet, g.index,
+        kExprThrowRef
   ]).exportFunc();
   let instance = builder.instantiate();
 
-  instance.exports.catch_all_ref();
-  assertTrue(instance.exports.g.value instanceof WebAssembly.Exception);
+  assertThrows(instance.exports.catch_all_ref, WebAssembly.Exception);
 })();
 
 (function TestCatchRefTwoParams() {