From 45492bb6560b360d41672ee6dc25c81958a01497 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Fri, 24 Apr 2026 18:10:54 +0200 Subject: [PATCH 01/19] deps: update V8 to 14.8.178.9 --- deps/v8/.git-blame-ignore-revs | 3 + deps/v8/.gitignore | 1 + deps/v8/.gn | 6 +- deps/v8/AUTHORS | 7 +- deps/v8/BUILD.bazel | 60 +- deps/v8/BUILD.gn | 317 +- deps/v8/DEPS | 284 +- deps/v8/GEMINI.md | 62 - deps/v8/README.md | 2 +- deps/v8/RISCV_OWNERS | 2 +- deps/v8/agents/OWNERS | 1 + .../skills/port-to-heapobjectlayout/SKILL.md | 346 +++ deps/v8/agents/skills/torque/SKILL.md | 87 + deps/v8/bazel/defs.bzl | 3 +- deps/v8/docs/OWNERS | 2 +- deps/v8/docs/README.md | 2 +- deps/v8/docs/security/triaging.md | 111 + deps/v8/gni/cluster_build.gni | 221 ++ deps/v8/gni/v8.gni | 53 +- deps/v8/include/cppgc/heap.h | 19 +- deps/v8/include/v8-cppgc.h | 5 + deps/v8/include/v8-debug.h | 25 +- deps/v8/include/v8-external.h | 7 - deps/v8/include/v8-function-callback.h | 10 +- deps/v8/include/v8-initialization.h | 41 + deps/v8/include/v8-inspector.h | 14 +- deps/v8/include/v8-internal.h | 236 +- deps/v8/include/v8-isolate.h | 5 +- deps/v8/include/v8-message.h | 6 +- deps/v8/include/v8-object.h | 56 +- deps/v8/include/v8-persistent-handle.h | 12 +- deps/v8/include/v8-primitive-object.h | 2 +- deps/v8/include/v8-primitive.h | 48 +- deps/v8/include/v8-profiler.h | 32 +- deps/v8/include/v8-script.h | 17 +- deps/v8/include/v8-template.h | 285 +- deps/v8/include/v8-version.h | 6 +- deps/v8/include/v8-wasm.h | 4 + deps/v8/include/v8config.h | 4 - deps/v8/infra/mb/mb_config.pyl | 25 +- deps/v8/infra/testing/builders.pyl | 57 +- deps/v8/samples/hello-world.cc | 5 +- deps/v8/samples/process.cc | 17 +- deps/v8/samples/shell.cc | 5 +- deps/v8/src/DEPS | 1 + deps/v8/src/api/api-arguments-inl.h | 31 +- deps/v8/src/api/api-arguments.h | 7 + deps/v8/src/api/api.cc | 501 ++-- deps/v8/src/api/api.h | 1 + deps/v8/src/asmjs/asm-js.cc | 5 +- deps/v8/src/asmjs/asm-parser.cc | 1 + deps/v8/src/asmjs/asm-parser.h | 2 + deps/v8/src/ast/ast-value-factory.cc | 34 +- deps/v8/src/ast/ast-value-factory.h | 6 +- deps/v8/src/ast/ast.cc | 184 +- deps/v8/src/ast/ast.h | 77 +- deps/v8/src/ast/prettyprinter.cc | 57 +- deps/v8/src/ast/scopes.cc | 305 +- deps/v8/src/ast/scopes.h | 66 +- deps/v8/src/ast/variables.h | 4 +- deps/v8/src/base/cpu.cc | 1097 ------- deps/v8/src/base/cpu/cpu-arm.cc | 468 +++ deps/v8/src/base/cpu/cpu-helper.h | 44 + deps/v8/src/base/cpu/cpu-loong64.cc | 60 + deps/v8/src/base/cpu/cpu-mips64.cc | 43 + deps/v8/src/base/cpu/cpu-ppc.cc | 92 + deps/v8/src/base/cpu/cpu-riscv.cc | 81 + .../base/cpu/cpu-s390.cc} | 14 +- deps/v8/src/base/cpu/cpu-x86.cc | 246 ++ deps/v8/src/base/cpu/cpu.cc | 226 ++ deps/v8/src/base/{ => cpu}/cpu.h | 172 +- deps/v8/src/base/ieee754.cc | 59 - deps/v8/src/base/ieee754.h | 4 +- deps/v8/src/base/logging.cc | 33 +- deps/v8/src/base/logging.h | 72 +- deps/v8/src/base/macros.h | 53 + deps/v8/src/base/platform/platform-aix.cc | 44 +- deps/v8/src/base/platform/platform-posix.cc | 23 +- deps/v8/src/base/platform/platform-win32.cc | 49 + deps/v8/src/base/platform/platform.h | 11 + deps/v8/src/base/platform/time.cc | 2 +- deps/v8/src/base/sanitizer/asan.h | 10 + deps/v8/src/base/small-map.h | 28 +- deps/v8/src/base/small-vector.h | 57 +- deps/v8/src/base/timezone-cache.h | 4 +- deps/v8/src/base/vector.h | 122 +- .../baseline/arm/baseline-assembler-arm-inl.h | 39 +- .../arm64/baseline-assembler-arm64-inl.h | 37 +- deps/v8/src/baseline/baseline-assembler.h | 3 +- .../src/baseline/baseline-batch-compiler.cc | 4 +- .../v8/src/baseline/baseline-batch-compiler.h | 4 +- deps/v8/src/baseline/baseline-compiler.cc | 148 +- deps/v8/src/baseline/baseline-compiler.h | 1 + .../src/baseline/bytecode-offset-iterator.cc | 4 +- .../src/baseline/bytecode-offset-iterator.h | 9 +- .../ia32/baseline-assembler-ia32-inl.h | 31 +- .../loong64/baseline-assembler-loong64-inl.h | 39 +- .../mips64/baseline-assembler-mips64-inl.h | 39 +- .../baseline/ppc/baseline-assembler-ppc-inl.h | 39 +- .../riscv/baseline-assembler-riscv-inl.h | 39 +- .../s390/baseline-assembler-s390-inl.h | 48 +- .../baseline/x64/baseline-assembler-x64-inl.h | 38 +- deps/v8/src/bigint/DEPS | 4 + deps/v8/src/bigint/bigint-inl.h | 1355 +++++++++ deps/v8/src/bigint/bigint-internal.cc | 191 +- deps/v8/src/bigint/bigint-internal.h | 69 +- deps/v8/src/bigint/bigint.h | 471 +-- deps/v8/src/bigint/bitwise.cc | 346 --- deps/v8/src/bigint/digit-arithmetic.h | 197 -- deps/v8/src/bigint/div-barrett.cc | 36 +- deps/v8/src/bigint/div-burnikel.cc | 40 +- deps/v8/src/bigint/div-helpers-inl.h | 166 ++ deps/v8/src/bigint/div-helpers.cc | 68 - deps/v8/src/bigint/div-helpers.h | 82 - deps/v8/src/bigint/div-schoolbook.cc | 180 +- deps/v8/src/bigint/fromstring.cc | 7 +- deps/v8/src/bigint/mul-fft.cc | 120 +- deps/v8/src/bigint/mul-karatsuba.cc | 32 +- deps/v8/src/bigint/mul-schoolbook.cc | 97 - deps/v8/src/bigint/mul-toom.cc | 8 +- deps/v8/src/bigint/tostring.cc | 54 +- deps/v8/src/bigint/util.h | 36 - deps/v8/src/bigint/vector-arithmetic-inl.h | 63 + deps/v8/src/bigint/vector-arithmetic.cc | 144 - deps/v8/src/bigint/vector-arithmetic.h | 63 - deps/v8/src/builtins/accessors.cc | 58 +- deps/v8/src/builtins/accessors.h | 7 +- deps/v8/src/builtins/arm/builtins-arm.cc | 140 +- deps/v8/src/builtins/arm64/builtins-arm64.cc | 151 +- deps/v8/src/builtins/array-copywithin.tq | 2 +- deps/v8/src/builtins/array-every.tq | 2 +- deps/v8/src/builtins/array-filter.tq | 2 +- deps/v8/src/builtins/array-find.tq | 2 +- deps/v8/src/builtins/array-findindex.tq | 2 +- deps/v8/src/builtins/array-flat.tq | 342 ++- deps/v8/src/builtins/array-foreach.tq | 2 +- deps/v8/src/builtins/array-from.tq | 2 +- deps/v8/src/builtins/array-isarray.tq | 2 +- deps/v8/src/builtins/array-join.tq | 10 +- deps/v8/src/builtins/array-lastindexof.tq | 2 +- deps/v8/src/builtins/array-map.tq | 2 +- deps/v8/src/builtins/array-of.tq | 2 +- deps/v8/src/builtins/array-reduce-right.tq | 2 +- deps/v8/src/builtins/array-reduce.tq | 2 +- deps/v8/src/builtins/array-reverse.tq | 2 +- deps/v8/src/builtins/array-shift.tq | 2 +- deps/v8/src/builtins/array-slice.tq | 19 +- deps/v8/src/builtins/array-some.tq | 2 +- deps/v8/src/builtins/array-splice.tq | 2 +- deps/v8/src/builtins/array-unshift.tq | 2 +- deps/v8/src/builtins/arraybuffer.tq | 16 +- deps/v8/src/builtins/base.tq | 31 +- deps/v8/src/builtins/boolean.tq | 4 +- deps/v8/src/builtins/builtins-array-gen.cc | 38 +- deps/v8/src/builtins/builtins-array-gen.h | 2 +- deps/v8/src/builtins/builtins-array.cc | 149 +- deps/v8/src/builtins/builtins-arraybuffer.cc | 37 +- .../builtins/builtins-async-function-gen.cc | 66 +- deps/v8/src/builtins/builtins-async-gen.cc | 127 +- deps/v8/src/builtins/builtins-async-gen.h | 14 + .../builtins/builtins-async-generator-gen.cc | 114 +- .../builtins/builtins-async-iterator-gen.cc | 15 +- deps/v8/src/builtins/builtins-bigint-gen.cc | 8 +- deps/v8/src/builtins/builtins-bigint-gen.h | 62 +- deps/v8/src/builtins/builtins-bigint.tq | 69 +- deps/v8/src/builtins/builtins-call-gen.cc | 16 +- deps/v8/src/builtins/builtins-callsite.cc | 51 +- .../src/builtins/builtins-collections-gen.cc | 29 +- .../src/builtins/builtins-constructor-gen.cc | 35 +- deps/v8/src/builtins/builtins-dataview.cc | 4 +- deps/v8/src/builtins/builtins-date-gen.cc | 20 + deps/v8/src/builtins/builtins-date.cc | 10 +- deps/v8/src/builtins/builtins-definitions.h | 504 +--- deps/v8/src/builtins/builtins-function.cc | 3 +- .../v8/src/builtins/builtins-generator-gen.cc | 35 +- deps/v8/src/builtins/builtins-global-gen.cc | 4 +- deps/v8/src/builtins/builtins-internal-gen.cc | 128 +- deps/v8/src/builtins/builtins-intl-gen.cc | 4 + deps/v8/src/builtins/builtins-intl.cc | 107 +- deps/v8/src/builtins/builtins-iterator-gen.cc | 117 + deps/v8/src/builtins/builtins-iterator-gen.h | 16 +- deps/v8/src/builtins/builtins-iterator-inl.h | 213 +- deps/v8/src/builtins/builtins-iterator.h | 11 +- deps/v8/src/builtins/builtins-math.cc | 32 +- .../builtins/builtins-microtask-queue-gen.cc | 187 +- deps/v8/src/builtins/builtins-number-gen.cc | 384 +-- deps/v8/src/builtins/builtins-object-gen.cc | 48 +- deps/v8/src/builtins/builtins-object.cc | 11 +- deps/v8/src/builtins/builtins-regexp-gen.cc | 79 +- deps/v8/src/builtins/builtins-regexp-gen.h | 3 + deps/v8/src/builtins/builtins-regexp.cc | 8 +- .../src/builtins/builtins-shadow-realm-gen.cc | 6 +- deps/v8/src/builtins/builtins-shared-array.cc | 2 +- .../builtins-sharedarraybuffer-gen.cc | 21 +- .../builtins/builtins-sharedarraybuffer.cc | 2 +- deps/v8/src/builtins/builtins-string-gen.cc | 72 +- deps/v8/src/builtins/builtins-string-gen.h | 2 +- .../v8/src/builtins/builtins-string-tsa-inl.h | 7 +- deps/v8/src/builtins/builtins-string-tsa.cc | 2 +- deps/v8/src/builtins/builtins-string.cc | 9 +- deps/v8/src/builtins/builtins-string.tq | 22 +- deps/v8/src/builtins/builtins-symbol.cc | 8 +- deps/v8/src/builtins/builtins-temporal.cc | 520 +++- .../src/builtins/builtins-typed-array-gen.cc | 14 +- deps/v8/src/builtins/builtins-typed-array.cc | 7 +- deps/v8/src/builtins/builtins-wasm-gen.cc | 48 +- deps/v8/src/builtins/builtins.cc | 21 + deps/v8/src/builtins/builtins.h | 20 + deps/v8/src/builtins/cast.tq | 13 +- .../src/builtins/constants-table-builder.cc | 16 +- deps/v8/src/builtins/constructor.tq | 4 +- deps/v8/src/builtins/conversion.tq | 2 +- deps/v8/src/builtins/ia32/builtins-ia32.cc | 167 +- deps/v8/src/builtins/iterator-helpers.tq | 510 +++- deps/v8/src/builtins/iterator.tq | 25 + deps/v8/src/builtins/js-to-wasm.tq | 49 +- .../src/builtins/loong64/builtins-loong64.cc | 160 +- deps/v8/src/builtins/math.tq | 72 +- .../v8/src/builtins/mips64/builtins-mips64.cc | 87 +- deps/v8/src/builtins/number.tq | 16 +- deps/v8/src/builtins/object.tq | 6 +- deps/v8/src/builtins/ppc/builtins-ppc.cc | 168 +- deps/v8/src/builtins/profile-data-reader.cc | 27 +- deps/v8/src/builtins/profile-data-reader.h | 7 +- .../builtins/promise-abstract-operations.tq | 13 + deps/v8/src/builtins/promise-all.tq | 4 +- deps/v8/src/builtins/promise-misc.tq | 4 +- deps/v8/src/builtins/proxy-constructor.tq | 6 +- deps/v8/src/builtins/proxy-delete-property.tq | 2 +- deps/v8/src/builtins/proxy-get-property.tq | 4 +- .../v8/src/builtins/proxy-get-prototype-of.tq | 4 +- deps/v8/src/builtins/proxy-has-property.tq | 4 +- deps/v8/src/builtins/proxy-is-extensible.tq | 4 +- .../src/builtins/proxy-prevent-extensions.tq | 2 +- deps/v8/src/builtins/proxy-revocable.tq | 2 +- deps/v8/src/builtins/proxy-revoke.tq | 2 +- deps/v8/src/builtins/proxy-set-property.tq | 4 +- .../v8/src/builtins/proxy-set-prototype-of.tq | 2 +- deps/v8/src/builtins/reflect.tq | 2 +- deps/v8/src/builtins/regexp-exec.tq | 2 +- deps/v8/src/builtins/regexp-match-all.tq | 4 +- deps/v8/src/builtins/regexp-match.tq | 10 +- deps/v8/src/builtins/regexp-replace.tq | 4 +- deps/v8/src/builtins/regexp-search.tq | 2 +- deps/v8/src/builtins/regexp-source.tq | 2 +- deps/v8/src/builtins/regexp-split.tq | 2 +- deps/v8/src/builtins/regexp-test.tq | 2 +- deps/v8/src/builtins/regexp.tq | 26 +- deps/v8/src/builtins/riscv/builtins-riscv.cc | 229 +- deps/v8/src/builtins/s390/builtins-s390.cc | 148 +- .../src/builtins/setup-builtins-internal.cc | 4 +- deps/v8/src/builtins/string-endswith.tq | 2 +- deps/v8/src/builtins/string-html.tq | 28 +- deps/v8/src/builtins/string-iterator.tq | 4 +- deps/v8/src/builtins/string-pad.tq | 4 +- deps/v8/src/builtins/string-repeat.tq | 2 +- deps/v8/src/builtins/string-slice.tq | 4 +- deps/v8/src/builtins/string-startswith.tq | 2 +- deps/v8/src/builtins/string-substr.tq | 2 +- deps/v8/src/builtins/string-substring.tq | 2 +- deps/v8/src/builtins/string-trim.tq | 2 +- deps/v8/src/builtins/superspread.h | 39 + deps/v8/src/builtins/symbol.tq | 8 +- .../builtins/typed-array-createtypedarray.tq | 12 +- deps/v8/src/builtins/typed-array-entries.tq | 2 +- deps/v8/src/builtins/typed-array-every.tq | 4 +- deps/v8/src/builtins/typed-array-filter.tq | 4 +- deps/v8/src/builtins/typed-array-find.tq | 4 +- deps/v8/src/builtins/typed-array-findindex.tq | 2 +- deps/v8/src/builtins/typed-array-foreach.tq | 2 +- deps/v8/src/builtins/typed-array-from.tq | 2 +- deps/v8/src/builtins/typed-array-keys.tq | 2 +- deps/v8/src/builtins/typed-array-of.tq | 2 +- deps/v8/src/builtins/typed-array-reduce.tq | 2 +- .../src/builtins/typed-array-reduceright.tq | 4 +- deps/v8/src/builtins/typed-array-slice.tq | 2 +- deps/v8/src/builtins/typed-array-some.tq | 2 +- deps/v8/src/builtins/typed-array-sort.tq | 2 +- deps/v8/src/builtins/typed-array-values.tq | 2 +- deps/v8/src/builtins/typed-array-with.tq | 36 +- deps/v8/src/builtins/typed-array.tq | 2 +- deps/v8/src/builtins/wasm-strings.tq | 129 +- deps/v8/src/builtins/wasm-to-js.tq | 2 +- deps/v8/src/builtins/wasm.tq | 82 +- deps/v8/src/builtins/x64/builtins-x64.cc | 170 +- deps/v8/src/codegen/arm/assembler-arm.cc | 4 +- .../v8/src/codegen/arm/macro-assembler-arm.cc | 7 +- deps/v8/src/codegen/arm/reglist-arm.h | 2 + .../src/codegen/arm64/assembler-arm64-inl.h | 10 + deps/v8/src/codegen/arm64/assembler-arm64.cc | 31 +- deps/v8/src/codegen/arm64/assembler-arm64.h | 23 + deps/v8/src/codegen/arm64/constants-arm64.h | 16 + deps/v8/src/codegen/arm64/decoder-arm64-inl.h | 7 +- deps/v8/src/codegen/arm64/decoder-arm64.h | 1 + .../src/codegen/arm64/instructions-arm64.cc | 42 + .../v8/src/codegen/arm64/instructions-arm64.h | 17 + .../codegen/arm64/macro-assembler-arm64-inl.h | 50 +- .../codegen/arm64/macro-assembler-arm64.cc | 192 +- .../src/codegen/arm64/macro-assembler-arm64.h | 29 +- deps/v8/src/codegen/arm64/register-arm64.cc | 8 + deps/v8/src/codegen/arm64/register-arm64.h | 67 +- deps/v8/src/codegen/arm64/reglist-arm64.h | 2 + deps/v8/src/codegen/code-stub-assembler-inl.h | 26 + deps/v8/src/codegen/code-stub-assembler.cc | 916 ++++-- deps/v8/src/codegen/code-stub-assembler.h | 225 +- deps/v8/src/codegen/compilation-cache.cc | 20 +- deps/v8/src/codegen/compilation-cache.h | 10 +- deps/v8/src/codegen/compiler.cc | 89 +- deps/v8/src/codegen/compiler.h | 14 +- deps/v8/src/codegen/cpu-features.h | 2 + deps/v8/src/codegen/external-reference.cc | 120 +- deps/v8/src/codegen/external-reference.h | 34 +- deps/v8/src/codegen/handler-table.cc | 72 +- deps/v8/src/codegen/handler-table.h | 38 +- deps/v8/src/codegen/ia32/assembler-ia32.cc | 2 +- .../src/codegen/ia32/macro-assembler-ia32.cc | 15 +- .../src/codegen/ia32/macro-assembler-ia32.h | 3 + deps/v8/src/codegen/ia32/reglist-ia32.h | 2 + .../src/codegen/interface-descriptors-inl.h | 43 + deps/v8/src/codegen/interface-descriptors.h | 125 +- deps/v8/src/codegen/label.h | 9 +- .../src/codegen/loong64/assembler-loong64.cc | 2 +- .../src/codegen/loong64/assembler-loong64.h | 6 +- .../loong64/macro-assembler-loong64.cc | 120 +- .../codegen/loong64/macro-assembler-loong64.h | 28 +- deps/v8/src/codegen/loong64/reglist-loong64.h | 2 + deps/v8/src/codegen/maglev-safepoint-table.cc | 34 +- deps/v8/src/codegen/maglev-safepoint-table.h | 38 + .../v8/src/codegen/mips64/assembler-mips64.cc | 2 +- deps/v8/src/codegen/mips64/assembler-mips64.h | 6 +- deps/v8/src/codegen/mips64/constants-mips64.h | 2 +- .../codegen/mips64/macro-assembler-mips64.cc | 15 +- .../codegen/mips64/macro-assembler-mips64.h | 3 + deps/v8/src/codegen/mips64/reglist-mips64.h | 1 + deps/v8/src/codegen/ppc/assembler-ppc.cc | 2 +- deps/v8/src/codegen/ppc/assembler-ppc.h | 6 +- .../v8/src/codegen/ppc/macro-assembler-ppc.cc | 8 +- deps/v8/src/codegen/ppc/register-ppc.h | 9 - deps/v8/src/codegen/riscv/assembler-riscv.cc | 2 +- deps/v8/src/codegen/riscv/assembler-riscv.h | 21 +- .../src/codegen/riscv/base-assembler-riscv.cc | 2 +- .../src/codegen/riscv/base-constants-riscv.h | 15 - .../codegen/riscv/macro-assembler-riscv.cc | 182 +- .../src/codegen/riscv/macro-assembler-riscv.h | 35 +- deps/v8/src/codegen/riscv/register-riscv.h | 34 +- deps/v8/src/codegen/riscv/reglist-riscv.h | 4 +- deps/v8/src/codegen/s390/assembler-s390.cc | 12 +- deps/v8/src/codegen/s390/assembler-s390.h | 6 +- .../src/codegen/s390/macro-assembler-s390.cc | 315 +- .../src/codegen/s390/macro-assembler-s390.h | 35 - deps/v8/src/codegen/s390/reglist-s390.h | 2 + deps/v8/src/codegen/safepoint-table-base.h | 13 +- deps/v8/src/codegen/safepoint-table.cc | 742 +++-- deps/v8/src/codegen/safepoint-table.h | 364 ++- deps/v8/src/codegen/source-position-table.cc | 8 +- deps/v8/src/codegen/tnode.h | 10 +- .../turboshaft-builtins-assembler-inl.h | 203 +- deps/v8/src/codegen/x64/assembler-x64-inl.h | 2 +- deps/v8/src/codegen/x64/assembler-x64.cc | 389 ++- deps/v8/src/codegen/x64/assembler-x64.h | 247 +- .../v8/src/codegen/x64/macro-assembler-x64.cc | 43 +- deps/v8/src/codegen/x64/macro-assembler-x64.h | 11 +- deps/v8/src/codegen/x64/reglist-x64.h | 2 + deps/v8/src/common/assert-scope.h | 3 + deps/v8/src/common/globals.h | 63 +- deps/v8/src/common/message-template.h | 9 +- deps/v8/src/common/simd128.h | 2 +- .../lazy-compile-dispatcher.cc | 134 +- .../lazy-compile-dispatcher.h | 17 +- .../optimizing-compile-dispatcher.cc | 20 +- deps/v8/src/compiler/access-builder.cc | 36 +- deps/v8/src/compiler/access-builder.h | 3 - deps/v8/src/compiler/access-info.cc | 19 +- .../backend/arm/code-generator-arm.cc | 67 +- .../backend/arm/instruction-selector-arm.cc | 103 +- .../backend/arm64/code-generator-arm64.cc | 62 +- .../backend/arm64/instruction-codes-arm64.h | 8 +- .../arm64/instruction-scheduler-arm64.cc | 8 +- .../arm64/instruction-selector-arm64.cc | 417 ++- .../v8/src/compiler/backend/block-position.cc | 97 + deps/v8/src/compiler/backend/block-position.h | 41 + .../v8/src/compiler/backend/code-generator.cc | 82 +- deps/v8/src/compiler/backend/code-generator.h | 17 +- .../backend/ia32/code-generator-ia32.cc | 74 +- .../backend/ia32/instruction-selector-ia32.cc | 24 +- .../src/compiler/backend/instruction-codes.h | 7 +- .../compiler/backend/instruction-scheduler.cc | 2 + .../compiler/backend/instruction-selector.cc | 146 +- .../compiler/backend/instruction-selector.h | 50 +- deps/v8/src/compiler/backend/instruction.cc | 6 + deps/v8/src/compiler/backend/instruction.h | 116 +- .../backend/loong64/code-generator-loong64.cc | 17 +- .../loong64/instruction-selector-loong64.cc | 62 +- .../backend/mips64/code-generator-mips64.cc | 61 +- .../mips64/instruction-selector-mips64.cc | 15 +- .../backend/ppc/code-generator-ppc.cc | 98 +- .../backend/ppc/instruction-selector-ppc.cc | 8 +- .../backend/riscv/code-generator-riscv.cc | 190 +- .../backend/riscv/instruction-codes-riscv.h | 2 +- .../riscv/instruction-scheduler-riscv.cc | 4 +- .../riscv/instruction-selector-riscv.h | 50 +- .../riscv/instruction-selector-riscv32.cc | 12 +- .../riscv/instruction-selector-riscv64.cc | 86 +- .../backend/s390/code-generator-s390.cc | 206 +- .../backend/s390/instruction-selector-s390.cc | 78 +- .../backend/x64/code-generator-x64.cc | 125 +- .../backend/x64/instruction-codes-x64.h | 4 +- .../backend/x64/instruction-scheduler-x64.cc | 8 +- .../backend/x64/instruction-selector-x64.cc | 107 +- .../basic-block-call-graph-profiler.cc | 4 +- deps/v8/src/compiler/bytecode-analysis.cc | 5 +- .../v8/src/compiler/bytecode-graph-builder.cc | 127 +- deps/v8/src/compiler/code-assembler.cc | 1 - deps/v8/src/compiler/code-assembler.h | 80 +- .../src/compiler/compilation-dependencies.cc | 6 + .../src/compiler/compilation-dependencies.h | 1 + deps/v8/src/compiler/fast-api-calls.cc | 10 +- deps/v8/src/compiler/frame-states.cc | 19 +- deps/v8/src/compiler/frame-states.h | 4 + deps/v8/src/compiler/globals.h | 2 +- deps/v8/src/compiler/graph-assembler.cc | 16 +- deps/v8/src/compiler/graph-assembler.h | 6 +- deps/v8/src/compiler/heap-refs.cc | 316 +- deps/v8/src/compiler/heap-refs.h | 56 +- deps/v8/src/compiler/js-call-reducer.cc | 319 +- deps/v8/src/compiler/js-call-reducer.h | 1 + deps/v8/src/compiler/js-create-lowering.cc | 15 +- deps/v8/src/compiler/js-generic-lowering.cc | 4 + deps/v8/src/compiler/js-heap-broker.cc | 82 +- deps/v8/src/compiler/js-heap-broker.h | 4 +- deps/v8/src/compiler/js-inlining-heuristic.cc | 51 +- deps/v8/src/compiler/js-intrinsic-lowering.cc | 4 +- .../js-native-context-specialization.cc | 81 +- deps/v8/src/compiler/js-operator.cc | 9 +- deps/v8/src/compiler/js-operator.h | 13 +- deps/v8/src/compiler/js-typed-lowering.cc | 262 +- deps/v8/src/compiler/js-typed-lowering.h | 2 + .../v8/src/compiler/machine-graph-verifier.cc | 6 +- .../src/compiler/machine-operator-reducer.cc | 2 +- deps/v8/src/compiler/machine-operator.cc | 127 +- deps/v8/src/compiler/machine-operator.h | 4 +- deps/v8/src/compiler/memory-optimizer.cc | 32 +- deps/v8/src/compiler/memory-optimizer.h | 6 +- deps/v8/src/compiler/node-matchers.h | 4 +- deps/v8/src/compiler/node-properties.cc | 5 +- deps/v8/src/compiler/opcodes.h | 7 +- deps/v8/src/compiler/operator-properties.cc | 2 + .../src/compiler/pair-load-store-reducer.cc | 94 - .../v8/src/compiler/pair-load-store-reducer.h | 46 - deps/v8/src/compiler/pipeline.cc | 11 +- deps/v8/src/compiler/processed-feedback.h | 21 + deps/v8/src/compiler/representation-change.cc | 6 + deps/v8/src/compiler/revectorizer.cc | 38 +- .../compiler/simplified-lowering-verifier.cc | 7 +- deps/v8/src/compiler/simplified-lowering.cc | 45 +- .../compiler/simplified-operator-reducer.cc | 8 + deps/v8/src/compiler/simplified-operator.cc | 2 + deps/v8/src/compiler/simplified-operator.h | 2 + .../src/compiler/turbofan-graph-visualizer.cc | 23 +- deps/v8/src/compiler/turbofan-typer.cc | 8 +- deps/v8/src/compiler/turbofan-types.cc | 3 + deps/v8/src/compiler/turboshaft/assembler.h | 161 +- .../turboshaft/builtin-call-descriptors.h | 88 +- ...de-elimination-and-simplification-phase.cc | 8 +- .../src/compiler/turboshaft/copying-phase.h | 25 +- .../turboshaft/csa-effects-computation.cc | 3 +- .../turboshaft/decompression-optimization.cc | 2 +- .../turboshaft/define-assembler-macros.inc | 11 +- .../duplication-optimization-reducer.h | 23 +- .../src/compiler/turboshaft/graph-builder.cc | 39 +- deps/v8/src/compiler/turboshaft/graph.cc | 9 + deps/v8/src/compiler/turboshaft/graph.h | 28 + deps/v8/src/compiler/turboshaft/index.h | 21 +- ...truction-selection-normalization-reducer.h | 2 +- .../turboshaft/instruction-selection-phase.cc | 38 + .../turboshaft/int64-lowering-reducer.h | 51 +- .../late-escape-analysis-reducer.cc | 2 +- .../late-load-elimination-reducer.cc | 15 +- ...ion-phase.cc => load-elimination-phase.cc} | 13 +- ...imize-phase.h => load-elimination-phase.h} | 10 +- .../load-store-simplification-reducer.h | 13 +- .../load-store-verification-reducer.h | 14 +- .../turboshaft/loop-unrolling-reducer.cc | 33 +- .../turboshaft/loop-unrolling-reducer.h | 1 + .../turboshaft/machine-lowering-reducer-inl.h | 39 +- .../turboshaft/machine-optimization-reducer.h | 193 +- .../turboshaft/maglev-assert-types-reducer.h | 7 +- ...-phase.cc => memory-optimization-phase.cc} | 4 +- ...on-phase.h => memory-optimization-phase.h} | 10 +- .../turboshaft/memory-optimization-reducer.h | 16 +- .../compiler/turboshaft/operation-matcher.h | 8 + deps/v8/src/compiler/turboshaft/operations.cc | 59 +- deps/v8/src/compiler/turboshaft/operations.h | 297 +- deps/v8/src/compiler/turboshaft/opmasks.h | 3 + deps/v8/src/compiler/turboshaft/phase.cc | 3 +- deps/v8/src/compiler/turboshaft/phase.h | 22 +- deps/v8/src/compiler/turboshaft/pipelines.cc | 4 +- deps/v8/src/compiler/turboshaft/pipelines.h | 24 +- .../turboshaft/register-allocation-phase.h | 18 + .../store-store-elimination-reducer-inl.h | 58 +- deps/v8/src/compiler/turboshaft/string-view.h | 4 +- .../turbolev-early-lowering-reducer-inl.h | 7 +- .../turboshaft/turbolev-frontend-pipeline.cc | 10 +- .../turboshaft/turbolev-graph-builder.cc | 193 +- .../turboshaft/type-inference-analysis.h | 1 + deps/v8/src/compiler/turboshaft/typeswitch.h | 60 +- .../turboshaft/undef-assembler-macros.inc | 6 +- deps/v8/src/compiler/turboshaft/use-map.cc | 5 +- .../turboshaft/value-numbering-reducer.h | 40 +- .../wasm-gc-typed-optimization-reducer.h | 25 +- .../wasm-in-js-inlining-reducer-inl.h | 420 ++- .../turboshaft/wasm-js-lowering-reducer.h | 32 +- .../wasm-load-elimination-reducer.h | 18 +- .../turboshaft/wasm-lowering-reducer.h | 200 +- .../compiler/turboshaft/wasm-revec-reducer.cc | 50 +- .../compiler/turboshaft/wasm-revec-reducer.h | 3 +- .../turboshaft/wasm-shuffle-reducer.cc | 494 ++-- .../turboshaft/wasm-shuffle-reducer.h | 231 +- .../turboshaft/wasm-turboshaft-compiler.cc | 7 - deps/v8/src/compiler/verifier.cc | 11 +- .../compiler/wasm-address-reassociation.cc | 20 +- .../src/compiler/wasm-address-reassociation.h | 2 +- .../src/compiler/wasm-compiler-definitions.cc | 20 +- .../src/compiler/wasm-compiler-definitions.h | 4 + deps/v8/src/compiler/wasm-compiler.cc | 40 +- deps/v8/src/compiler/wasm-compiler.h | 2 - deps/v8/src/compiler/wasm-gc-lowering.cc | 1 - deps/v8/src/compiler/wasm-graph-assembler.cc | 26 +- deps/v8/src/compiler/wasm-graph-assembler.h | 4 +- deps/v8/src/compiler/wasm-inlining-into-js.cc | 9 +- deps/v8/src/d8/OWNERS | 1 + deps/v8/src/d8/d8-console.cc | 22 +- deps/v8/src/d8/d8-posix.cc | 17 +- deps/v8/src/d8/d8-windows.cc | 4 +- deps/v8/src/d8/d8.cc | 264 +- deps/v8/src/d8/d8.h | 10 +- deps/v8/src/d8/hardware-watchpoints.cc | 357 ++- deps/v8/src/date/date.cc | 2 +- deps/v8/src/date/date.h | 8 +- deps/v8/src/date/dateparser-inl.h | 5 +- deps/v8/src/debug/debug-coverage.cc | 6 +- deps/v8/src/debug/debug-evaluate.cc | 3 +- deps/v8/src/debug/debug-interface.cc | 50 +- deps/v8/src/debug/debug-property-iterator.cc | 11 +- deps/v8/src/debug/debug-scopes.cc | 19 +- deps/v8/src/debug/debug-wasm-objects-inl.h | 2 - deps/v8/src/debug/debug-wasm-objects.cc | 54 +- deps/v8/src/debug/debug-wasm-objects.h | 4 - deps/v8/src/debug/debug.cc | 95 +- deps/v8/src/debug/liveedit.cc | 40 +- .../src/debug/wasm/gdb-server/gdb-server.cc | 2 +- deps/v8/src/debug/wasm/gdb-server/target.cc | 2 + .../wasm/gdb-server/wasm-module-debug.cc | 10 +- deps/v8/src/deoptimizer/deoptimizer.cc | 65 +- .../deoptimizer/frame-translation-builder.cc | 15 +- .../deoptimizer/frame-translation-builder.h | 8 +- .../deoptimizer/materialized-object-store.cc | 50 +- .../deoptimizer/materialized-object-store.h | 6 +- deps/v8/src/deoptimizer/translated-state.cc | 161 +- deps/v8/src/deoptimizer/translated-state.h | 41 +- deps/v8/src/diagnostics/arm64/disasm-arm64.cc | 56 +- deps/v8/src/diagnostics/arm64/disasm-arm64.h | 1 + .../src/diagnostics/basic-block-profiler.cc | 59 +- deps/v8/src/diagnostics/code-tracer.h | 2 +- deps/v8/src/diagnostics/disasm.h | 8 +- deps/v8/src/diagnostics/disassembler.cc | 4 +- deps/v8/src/diagnostics/objects-debug.cc | 411 ++- deps/v8/src/diagnostics/objects-printer.cc | 420 ++- deps/v8/src/diagnostics/perf-jit.cc | 15 +- deps/v8/src/diagnostics/x64/disasm-x64.cc | 567 +++- deps/v8/src/dumpling/dumpling-manager.cc | 39 +- deps/v8/src/dumpling/dumpling-manager.h | 42 +- deps/v8/src/dumpling/object-dumping.cc | 457 +-- deps/v8/src/dumpling/object-dumping.h | 8 +- .../src/execution/arm/frame-constants-arm.h | 1 + .../execution/arm64/frame-constants-arm64.h | 5 + .../v8/src/execution/arm64/simulator-arm64.cc | 42 +- deps/v8/src/execution/arm64/simulator-arm64.h | 24 +- .../execution/arm64/simulator-logic-arm64.cc | 54 + deps/v8/src/execution/execution.cc | 41 +- deps/v8/src/execution/frame-constants.h | 4 +- deps/v8/src/execution/frames-inl.h | 91 +- deps/v8/src/execution/frames.cc | 490 ++-- deps/v8/src/execution/frames.h | 37 +- deps/v8/src/execution/futex-emulation.cc | 267 +- deps/v8/src/execution/futex-emulation.h | 90 +- .../src/execution/ia32/frame-constants-ia32.h | 1 + deps/v8/src/execution/isolate-data-fields.h | 3 + deps/v8/src/execution/isolate-data.h | 13 + deps/v8/src/execution/isolate.cc | 562 +++- deps/v8/src/execution/isolate.h | 62 +- deps/v8/src/execution/local-isolate-inl.h | 4 + deps/v8/src/execution/local-isolate.cc | 30 +- deps/v8/src/execution/local-isolate.h | 2 + .../loong64/frame-constants-loong64.h | 5 + .../src/execution/loong64/simulator-loong64.h | 2 +- deps/v8/src/execution/messages.cc | 52 +- .../execution/mips64/frame-constants-mips64.h | 5 + .../src/execution/ppc/frame-constants-ppc.h | 4 +- deps/v8/src/execution/protectors.h | 2 + .../execution/riscv/frame-constants-riscv.h | 13 +- .../v8/src/execution/riscv/simulator-riscv.cc | 15 +- deps/v8/src/execution/riscv/simulator-riscv.h | 12 +- .../src/execution/s390/frame-constants-s390.h | 1 + deps/v8/src/execution/s390/simulator-s390.cc | 6 - deps/v8/src/execution/v8threads.cc | 2 +- .../src/execution/x64/frame-constants-x64.h | 1 + .../externalize-string-extension.cc | 19 +- deps/v8/src/extensions/gc-extension.cc | 15 +- .../v8/src/extensions/statistics-extension.cc | 14 +- deps/v8/src/flags/flag-definitions.h | 218 +- deps/v8/src/flags/flags.cc | 22 +- deps/v8/src/fuzzilli/cov.cc | 122 +- deps/v8/src/fuzzilli/cov.h | 1 + deps/v8/src/fuzzilli/fuzzilli.cc | 2 + deps/v8/src/handles/maybe-handles-inl.h | 71 +- deps/v8/src/handles/maybe-handles.h | 12 +- deps/v8/src/handles/traced-handles.cc | 50 +- deps/v8/src/handles/traced-handles.h | 16 +- deps/v8/src/heap/WRITE_BARRIER.md | 22 +- deps/v8/src/heap/base/bytes.h | 30 +- deps/v8/src/heap/base/memory-tagging.cc | 2 +- deps/v8/src/heap/base/stack.h | 8 +- deps/v8/src/heap/code-range.cc | 1 + .../src/heap/conservative-stack-visitor-inl.h | 7 +- deps/v8/src/heap/cppgc-js/cpp-heap.cc | 19 +- deps/v8/src/heap/cppgc-js/cpp-heap.h | 3 +- deps/v8/src/heap/cppgc-js/cpp-snapshot.cc | 102 +- deps/v8/src/heap/cppgc-js/cpp-snapshot.h | 5 +- deps/v8/src/heap/cppgc/caged-heap.cc | 26 +- deps/v8/src/heap/cppgc/heap-base.cc | 14 +- deps/v8/src/heap/cppgc/heap-base.h | 7 +- deps/v8/src/heap/cppgc/heap.cc | 3 +- deps/v8/src/heap/cppgc/logging.cc | 11 +- deps/v8/src/heap/cppgc/page-memory.cc | 61 +- deps/v8/src/heap/cppgc/page-memory.h | 13 +- deps/v8/src/heap/cppgc/platform.cc | 13 +- deps/v8/src/heap/evacuation-allocator-inl.h | 21 +- deps/v8/src/heap/factory-base.cc | 98 +- deps/v8/src/heap/factory-base.h | 66 +- deps/v8/src/heap/factory-inl.h | 6 +- deps/v8/src/heap/factory.cc | 652 +++-- deps/v8/src/heap/factory.h | 146 +- deps/v8/src/heap/gc-tracer.cc | 1 + deps/v8/src/heap/gc-tracer.h | 22 +- deps/v8/src/heap/heap-allocator-inl.h | 21 +- deps/v8/src/heap/heap-allocator.cc | 47 +- deps/v8/src/heap/heap-allocator.h | 15 +- deps/v8/src/heap/heap-controller.cc | 109 +- deps/v8/src/heap/heap-controller.h | 40 +- deps/v8/src/heap/heap-inl.h | 8 + deps/v8/src/heap/heap-verifier.cc | 33 +- deps/v8/src/heap/heap-visitor.h | 1 + deps/v8/src/heap/heap-write-barrier-inl.h | 7 + deps/v8/src/heap/heap-write-barrier.h | 3 + deps/v8/src/heap/heap.cc | 369 +-- deps/v8/src/heap/heap.h | 37 +- deps/v8/src/heap/incremental-marking.cc | 63 +- deps/v8/src/heap/main-allocator-inl.h | 26 +- deps/v8/src/heap/main-allocator.cc | 57 +- deps/v8/src/heap/main-allocator.h | 28 +- deps/v8/src/heap/mark-compact.cc | 276 +- deps/v8/src/heap/mark-compact.h | 32 +- deps/v8/src/heap/marking-inl.h | 2 - deps/v8/src/heap/marking-visitor-inl.h | 36 +- deps/v8/src/heap/marking-visitor.h | 2 + deps/v8/src/heap/memory-measurement.cc | 20 +- deps/v8/src/heap/minor-gc-job.cc | 4 +- deps/v8/src/heap/object-stats.cc | 31 +- deps/v8/src/heap/pretenuring-handler.cc | 59 +- deps/v8/src/heap/read-only-heap.cc | 20 + deps/v8/src/heap/read-only-heap.h | 4 + deps/v8/src/heap/read-only-promotion.cc | 23 +- deps/v8/src/heap/read-only-spaces.cc | 2 +- deps/v8/src/heap/read-only-spaces.h | 2 +- deps/v8/src/heap/safepoint.cc | 40 +- deps/v8/src/heap/safepoint.h | 4 - deps/v8/src/heap/setup-heap-internal.cc | 71 +- .../heap/traced-handles-marking-visitor.cc | 16 +- .../src/heap/traced-handles-marking-visitor.h | 2 +- deps/v8/src/heap/weak-object-worklists.h | 2 +- deps/v8/src/ic/accessor-assembler.cc | 422 ++- deps/v8/src/ic/accessor-assembler.h | 6 + deps/v8/src/ic/handler-configuration-inl.h | 60 +- deps/v8/src/ic/handler-configuration.cc | 16 +- deps/v8/src/ic/handler-configuration.h | 55 +- deps/v8/src/ic/ic.cc | 142 +- deps/v8/src/ic/ic.h | 2 + deps/v8/src/ic/stub-cache.h | 4 +- deps/v8/src/init/bootstrapper.cc | 343 ++- deps/v8/src/init/bootstrapper.h | 5 + deps/v8/src/init/icu_util.cc | 5 + deps/v8/src/init/icu_util.h | 8 +- deps/v8/src/init/isolate-group.cc | 39 + deps/v8/src/init/isolate-group.h | 4 + deps/v8/src/inspector/custom-preview.cc | 2 +- deps/v8/src/inspector/injected-script.cc | 4 +- deps/v8/src/inspector/injected-script.h | 9 + deps/v8/src/inspector/v8-console-message.cc | 4 +- deps/v8/src/inspector/v8-console.cc | 37 +- deps/v8/src/inspector/v8-console.h | 6 +- .../src/inspector/v8-debugger-agent-impl.cc | 34 +- .../v8/src/inspector/v8-debugger-agent-impl.h | 2 +- deps/v8/src/inspector/v8-debugger-script.cc | 4 +- deps/v8/src/inspector/v8-debugger-script.h | 6 +- deps/v8/src/inspector/v8-debugger.cc | 25 +- .../inspector/v8-heap-profiler-agent-impl.cc | 5 +- deps/v8/src/inspector/v8-inspector-impl.cc | 21 +- deps/v8/src/inspector/v8-inspector-impl.h | 10 +- .../inspector/v8-inspector-session-impl.cc | 2 +- .../src/inspector/v8-inspector-session-impl.h | 3 + .../src/inspector/v8-profiler-agent-impl.cc | 12 +- .../v8/src/inspector/v8-runtime-agent-impl.cc | 4 +- deps/v8/src/inspector/value-mirror.cc | 68 +- .../src/interpreter/bytecode-array-builder.cc | 32 +- .../src/interpreter/bytecode-array-builder.h | 17 +- .../interpreter/bytecode-array-iterator.cc | 8 +- .../src/interpreter/bytecode-array-iterator.h | 4 +- deps/v8/src/interpreter/bytecode-generator.cc | 123 +- deps/v8/src/interpreter/bytecode-generator.h | 32 +- deps/v8/src/interpreter/bytecodes.h | 6 + .../src/interpreter/constant-array-builder.cc | 14 +- .../src/interpreter/handler-table-builder.cc | 6 +- .../src/interpreter/interpreter-assembler.cc | 19 +- .../src/interpreter/interpreter-generator.cc | 47 +- .../prototype-assignment-sequence-builder.cc | 7 +- deps/v8/src/json/json-parser.cc | 681 +---- deps/v8/src/json/json-parser.h | 5 + deps/v8/src/json/json-stringifier.cc | 56 +- deps/v8/src/logging/code-events.h | 9 +- deps/v8/src/logging/counters-definitions.h | 6 +- deps/v8/src/logging/log-file.cc | 2 - deps/v8/src/logging/log.cc | 45 +- deps/v8/src/logging/log.h | 12 +- deps/v8/src/logging/runtime-call-stats.h | 5 +- .../src/maglev/arm/maglev-assembler-arm-inl.h | 35 + deps/v8/src/maglev/arm/maglev-ir-arm.cc | 30 +- .../maglev/arm64/maglev-assembler-arm64-inl.h | 37 + deps/v8/src/maglev/arm64/maglev-ir-arm64.cc | 34 +- .../loong64/maglev-assembler-loong64-inl.h | 36 + .../src/maglev/loong64/maglev-ir-loong64.cc | 33 +- deps/v8/src/maglev/maglev-assembler.cc | 57 +- deps/v8/src/maglev/maglev-assembler.h | 12 +- deps/v8/src/maglev/maglev-code-generator.cc | 11 +- deps/v8/src/maglev/maglev-compilation-info.cc | 11 +- deps/v8/src/maglev/maglev-compilation-info.h | 11 +- deps/v8/src/maglev/maglev-graph-builder.cc | 2303 ++++++++------- deps/v8/src/maglev/maglev-graph-builder.h | 203 +- deps/v8/src/maglev/maglev-graph-optimizer.cc | 173 +- deps/v8/src/maglev/maglev-graph-optimizer.h | 8 +- deps/v8/src/maglev/maglev-graph-printer.cc | 9 +- deps/v8/src/maglev/maglev-graph.cc | 72 +- deps/v8/src/maglev/maglev-graph.h | 24 +- deps/v8/src/maglev/maglev-inlining.cc | 157 +- deps/v8/src/maglev/maglev-inlining.h | 6 +- .../maglev/maglev-interpreter-frame-state.cc | 231 +- .../maglev/maglev-interpreter-frame-state.h | 74 +- deps/v8/src/maglev/maglev-ir-inl.h | 2 +- deps/v8/src/maglev/maglev-ir.cc | 262 +- deps/v8/src/maglev/maglev-ir.h | 306 +- deps/v8/src/maglev/maglev-kna-processor.h | 29 +- .../src/maglev/maglev-known-node-aspects.cc | 248 +- .../v8/src/maglev/maglev-known-node-aspects.h | 216 +- deps/v8/src/maglev/maglev-map-inference.h | 121 + deps/v8/src/maglev/maglev-node-type.h | 6 + .../maglev-phi-representation-selector.cc | 167 +- .../maglev-phi-representation-selector.h | 15 +- ...maglev-post-hoc-optimizations-processors.h | 2 +- deps/v8/src/maglev/maglev-range-analysis.h | 20 + deps/v8/src/maglev/maglev-reducer-inl.h | 744 ++++- deps/v8/src/maglev/maglev-reducer.h | 138 +- .../v8/src/maglev/maglev-regalloc-node-info.h | 23 +- deps/v8/src/maglev/maglev-regalloc.cc | 7 - deps/v8/src/maglev/maglev-tracer.h | 234 ++ deps/v8/src/maglev/maglev-truncation.h | 18 +- .../src/maglev/ppc/maglev-assembler-ppc-inl.h | 43 + deps/v8/src/maglev/ppc/maglev-ir-ppc.cc | 30 +- .../maglev/riscv/maglev-assembler-riscv-inl.h | 41 + deps/v8/src/maglev/riscv/maglev-ir-riscv.cc | 29 +- .../maglev/s390/maglev-assembler-s390-inl.h | 48 + deps/v8/src/maglev/s390/maglev-ir-s390.cc | 49 +- .../src/maglev/x64/maglev-assembler-x64-inl.h | 61 + deps/v8/src/maglev/x64/maglev-ir-x64.cc | 15 +- deps/v8/src/numbers/conversions-inl.h | 4 +- deps/v8/src/numbers/conversions.cc | 12 +- deps/v8/src/numbers/conversions.h | 2 +- deps/v8/src/objects/abstract-code-inl.h | 12 +- deps/v8/src/objects/abstract-code.h | 1 + deps/v8/src/objects/api-callbacks-inl.h | 12 +- deps/v8/src/objects/api-callbacks.h | 30 +- deps/v8/src/objects/api-callbacks.tq | 2 + deps/v8/src/objects/arguments-inl.h | 14 +- deps/v8/src/objects/arguments.h | 26 +- deps/v8/src/objects/arguments.tq | 1 + deps/v8/src/objects/backing-store.cc | 54 +- deps/v8/src/objects/backing-store.h | 4 +- deps/v8/src/objects/bigint.cc | 281 +- deps/v8/src/objects/bigint.h | 47 +- deps/v8/src/objects/bytecode-array-inl.h | 42 +- deps/v8/src/objects/bytecode-array.cc | 20 +- deps/v8/src/objects/bytecode-array.h | 21 +- deps/v8/src/objects/bytecode-array.tq | 3 +- deps/v8/src/objects/call-site-info-inl.h | 17 +- deps/v8/src/objects/call-site-info.cc | 70 +- deps/v8/src/objects/call-site-info.h | 28 +- deps/v8/src/objects/call-site-info.tq | 6 +- deps/v8/src/objects/casting.h | 42 +- deps/v8/src/objects/cell-inl.h | 32 +- deps/v8/src/objects/cell.h | 34 +- deps/v8/src/objects/cell.tq | 1 + deps/v8/src/objects/code-inl.h | 29 +- deps/v8/src/objects/code.cc | 17 +- deps/v8/src/objects/code.h | 20 +- .../src/objects/compilation-cache-table-inl.h | 6 +- .../v8/src/objects/compilation-cache-table.cc | 46 +- deps/v8/src/objects/contexts-inl.h | 9 +- deps/v8/src/objects/contexts.cc | 14 +- deps/v8/src/objects/contexts.h | 49 +- deps/v8/src/objects/contexts.tq | 1 + .../objects/cpp-heap-external-object-inl.h | 7 - deps/v8/src/objects/debug-objects-inl.h | 25 +- deps/v8/src/objects/debug-objects.cc | 68 +- deps/v8/src/objects/debug-objects.h | 8 +- deps/v8/src/objects/debug-objects.tq | 8 +- deps/v8/src/objects/deoptimization-data-inl.h | 16 +- deps/v8/src/objects/deoptimization-data.cc | 26 +- deps/v8/src/objects/deoptimization-data.h | 2 +- deps/v8/src/objects/dependent-code-inl.h | 2 - deps/v8/src/objects/dependent-code.cc | 5 +- deps/v8/src/objects/dependent-code.h | 2 - deps/v8/src/objects/descriptor-array-inl.h | 25 +- deps/v8/src/objects/descriptor-array.h | 7 +- deps/v8/src/objects/dictionary-inl.h | 5 +- deps/v8/src/objects/elements.cc | 256 +- deps/v8/src/objects/elements.h | 5 +- deps/v8/src/objects/embedder-data-array-inl.h | 2 - deps/v8/src/objects/feedback-cell-inl.h | 60 +- deps/v8/src/objects/feedback-cell.h | 35 +- deps/v8/src/objects/feedback-cell.tq | 1 + deps/v8/src/objects/feedback-vector-inl.h | 13 +- deps/v8/src/objects/feedback-vector.cc | 96 +- deps/v8/src/objects/feedback-vector.h | 21 +- deps/v8/src/objects/field-index-inl.h | 55 +- deps/v8/src/objects/field-index.h | 56 +- deps/v8/src/objects/fixed-array-inl.h | 380 +-- deps/v8/src/objects/fixed-array.cc | 133 +- deps/v8/src/objects/fixed-array.h | 297 +- deps/v8/src/objects/fixed-array.tq | 10 +- deps/v8/src/objects/foreign-inl.h | 36 +- deps/v8/src/objects/foreign.h | 49 +- deps/v8/src/objects/foreign.tq | 1 + deps/v8/src/objects/hash-table-inl.h | 4 +- deps/v8/src/objects/heap-object.h | 24 +- deps/v8/src/objects/instance-type.h | 34 +- deps/v8/src/objects/instruction-stream-inl.h | 14 +- deps/v8/src/objects/instruction-stream.h | 2 +- deps/v8/src/objects/internal-index.h | 5 + deps/v8/src/objects/intl-objects.cc | 121 +- deps/v8/src/objects/intl-objects.h | 55 +- deps/v8/src/objects/intl-objects.tq | 158 +- deps/v8/src/objects/js-array-buffer-inl.h | 8 - deps/v8/src/objects/js-array-buffer.cc | 30 +- deps/v8/src/objects/js-array-buffer.h | 2 + deps/v8/src/objects/js-array-buffer.tq | 2 +- deps/v8/src/objects/js-array-inl.h | 14 +- deps/v8/src/objects/js-array.h | 2 +- deps/v8/src/objects/js-array.tq | 6 +- .../objects/js-atomics-synchronization-inl.h | 6 - .../src/objects/js-atomics-synchronization.cc | 15 +- deps/v8/src/objects/js-break-iterator-inl.h | 10 +- deps/v8/src/objects/js-break-iterator.cc | 47 +- deps/v8/src/objects/js-break-iterator.h | 4 +- deps/v8/src/objects/js-break-iterator.tq | 3 +- deps/v8/src/objects/js-collator-inl.h | 4 +- deps/v8/src/objects/js-collator.cc | 8 +- deps/v8/src/objects/js-collator.h | 4 +- deps/v8/src/objects/js-collection-inl.h | 25 - .../src/objects/js-collection-iterator-inl.h | 4 +- .../src/objects/js-data-object-builder-inl.h | 634 ++++ deps/v8/src/objects/js-data-object-builder.cc | 88 + deps/v8/src/objects/js-data-object-builder.h | 190 ++ deps/v8/src/objects/js-date-time-format-inl.h | 2 - deps/v8/src/objects/js-date-time-format.cc | 313 +- deps/v8/src/objects/js-date-time-format.h | 10 +- deps/v8/src/objects/js-display-names-inl.h | 1 - deps/v8/src/objects/js-display-names.cc | 16 +- deps/v8/src/objects/js-display-names.h | 4 +- deps/v8/src/objects/js-disposable-stack-inl.h | 8 +- deps/v8/src/objects/js-duration-format-inl.h | 2 - deps/v8/src/objects/js-duration-format.cc | 12 +- deps/v8/src/objects/js-function-inl.h | 48 +- deps/v8/src/objects/js-function.cc | 63 +- deps/v8/src/objects/js-function.h | 66 +- deps/v8/src/objects/js-function.tq | 27 +- deps/v8/src/objects/js-generator-inl.h | 37 +- deps/v8/src/objects/js-generator.h | 27 +- deps/v8/src/objects/js-generator.tq | 1 + deps/v8/src/objects/js-iterator-helpers-inl.h | 11 +- deps/v8/src/objects/js-iterator-helpers.h | 19 + deps/v8/src/objects/js-iterator-helpers.tq | 13 + deps/v8/src/objects/js-list-format-inl.h | 2 - deps/v8/src/objects/js-list-format.cc | 12 +- deps/v8/src/objects/js-list-format.h | 8 +- deps/v8/src/objects/js-locale-inl.h | 2 - deps/v8/src/objects/js-locale.cc | 40 +- deps/v8/src/objects/js-number-format-inl.h | 2 - deps/v8/src/objects/js-number-format.cc | 92 +- deps/v8/src/objects/js-number-format.h | 18 +- deps/v8/src/objects/js-objects-inl.h | 63 +- deps/v8/src/objects/js-objects.cc | 224 +- deps/v8/src/objects/js-objects.h | 45 +- deps/v8/src/objects/js-objects.tq | 2 +- deps/v8/src/objects/js-plural-rules-inl.h | 2 - deps/v8/src/objects/js-plural-rules.cc | 19 +- deps/v8/src/objects/js-promise-inl.h | 5 +- deps/v8/src/objects/js-promise.h | 20 +- deps/v8/src/objects/js-promise.tq | 2 +- deps/v8/src/objects/js-proxy-inl.h | 6 +- deps/v8/src/objects/js-proxy.h | 9 +- deps/v8/src/objects/js-raw-json-inl.h | 2 - deps/v8/src/objects/js-raw-json.cc | 2 +- deps/v8/src/objects/js-raw-json.h | 6 +- deps/v8/src/objects/js-regexp-inl.h | 26 +- .../objects/js-regexp-string-iterator-inl.h | 4 +- deps/v8/src/objects/js-regexp.cc | 207 +- deps/v8/src/objects/js-regexp.h | 81 +- deps/v8/src/objects/js-regexp.tq | 20 +- .../src/objects/js-relative-time-format-inl.h | 2 - .../v8/src/objects/js-relative-time-format.cc | 9 +- deps/v8/src/objects/js-relative-time-format.h | 6 +- deps/v8/src/objects/js-segment-iterator-inl.h | 10 +- deps/v8/src/objects/js-segment-iterator.cc | 38 +- deps/v8/src/objects/js-segment-iterator.h | 16 +- deps/v8/src/objects/js-segment-iterator.tq | 3 +- deps/v8/src/objects/js-segmenter-inl.h | 2 - deps/v8/src/objects/js-segmenter.cc | 2 +- deps/v8/src/objects/js-segmenter.h | 2 +- deps/v8/src/objects/js-segments-inl.h | 8 +- deps/v8/src/objects/js-segments.cc | 41 +- deps/v8/src/objects/js-segments.h | 12 +- deps/v8/src/objects/js-segments.tq | 3 +- deps/v8/src/objects/js-shadow-realm-inl.h | 2 - deps/v8/src/objects/js-shared-array-inl.h | 2 - deps/v8/src/objects/js-struct-inl.h | 4 - deps/v8/src/objects/js-struct.cc | 59 +- deps/v8/src/objects/js-temporal-helpers.cc | 12 +- deps/v8/src/objects/js-temporal-helpers.h | 10 +- deps/v8/src/objects/js-temporal-objects-inl.h | 14 +- deps/v8/src/objects/js-temporal-objects.cc | 448 ++- deps/v8/src/objects/js-temporal-objects.h | 288 +- deps/v8/src/objects/js-weak-refs-inl.h | 3 - deps/v8/src/objects/js-weak-refs.cc | 2 +- deps/v8/src/objects/keys.cc | 92 +- deps/v8/src/objects/literal-objects-inl.h | 68 +- deps/v8/src/objects/literal-objects.cc | 12 +- deps/v8/src/objects/literal-objects.h | 42 +- deps/v8/src/objects/literal-objects.tq | 2 +- deps/v8/src/objects/lookup.cc | 79 +- deps/v8/src/objects/lookup.h | 10 +- deps/v8/src/objects/managed-inl.h | 19 +- deps/v8/src/objects/managed.cc | 29 +- deps/v8/src/objects/managed.h | 127 +- deps/v8/src/objects/map-inl.h | 37 +- deps/v8/src/objects/map-updater.cc | 54 +- deps/v8/src/objects/map.cc | 103 +- deps/v8/src/objects/map.h | 30 +- deps/v8/src/objects/map.tq | 2 +- deps/v8/src/objects/megadom-handler-inl.h | 4 +- deps/v8/src/objects/microtask-inl.h | 24 +- deps/v8/src/objects/microtask.h | 54 +- deps/v8/src/objects/microtask.tq | 12 +- deps/v8/src/objects/module-inl.h | 61 +- deps/v8/src/objects/module.cc | 27 +- deps/v8/src/objects/module.h | 60 +- deps/v8/src/objects/module.tq | 1 + deps/v8/src/objects/name-inl.h | 3 +- deps/v8/src/objects/number-string-cache-inl.h | 6 +- deps/v8/src/objects/number-string-cache.h | 9 +- deps/v8/src/objects/object-list-macros.h | 11 +- deps/v8/src/objects/object-macros-undef.h | 2 - deps/v8/src/objects/object-macros.h | 14 +- .../objects/objects-body-descriptors-inl.h | 147 +- .../v8/src/objects/objects-body-descriptors.h | 12 + deps/v8/src/objects/objects-definitions.h | 1 + deps/v8/src/objects/objects-inl.h | 75 +- deps/v8/src/objects/objects.cc | 243 +- deps/v8/src/objects/objects.h | 2 +- deps/v8/src/objects/option-utils.cc | 10 +- deps/v8/src/objects/option-utils.h | 16 +- deps/v8/src/objects/ordered-hash-table-inl.h | 11 - deps/v8/src/objects/ordered-hash-table.cc | 15 +- deps/v8/src/objects/ordered-hash-table.h | 4 +- deps/v8/src/objects/property-array-inl.h | 37 +- deps/v8/src/objects/property-array.h | 14 +- deps/v8/src/objects/property-cell-inl.h | 2 - deps/v8/src/objects/property-descriptor.cc | 40 +- deps/v8/src/objects/property-details.h | 85 +- deps/v8/src/objects/property.cc | 39 +- deps/v8/src/objects/property.h | 37 +- deps/v8/src/objects/prototype-info-inl.h | 99 +- deps/v8/src/objects/prototype-info.h | 67 +- deps/v8/src/objects/prototype-info.tq | 1 + deps/v8/src/objects/regexp-match-info.cc | 13 +- deps/v8/src/objects/regexp-match-info.h | 2 +- deps/v8/src/objects/scope-info-inl.h | 6 +- deps/v8/src/objects/scope-info.cc | 183 +- deps/v8/src/objects/scope-info.h | 19 +- deps/v8/src/objects/scope-info.tq | 5 +- deps/v8/src/objects/script-inl.h | 15 +- deps/v8/src/objects/script.cc | 39 +- deps/v8/src/objects/script.h | 8 +- deps/v8/src/objects/script.tq | 1 + .../v8/src/objects/shared-function-info-inl.h | 49 +- deps/v8/src/objects/shared-function-info.cc | 82 +- deps/v8/src/objects/shared-function-info.h | 14 +- deps/v8/src/objects/shared-function-info.tq | 1 + deps/v8/src/objects/simd.cc | 2 +- deps/v8/src/objects/slots.h | 26 +- deps/v8/src/objects/smi.h | 2 +- deps/v8/src/objects/source-text-module-inl.h | 161 +- deps/v8/src/objects/source-text-module.cc | 94 +- deps/v8/src/objects/source-text-module.h | 174 +- deps/v8/src/objects/source-text-module.tq | 3 + .../src/objects/string-forwarding-table-inl.h | 13 +- .../v8/src/objects/string-forwarding-table.cc | 10 +- deps/v8/src/objects/string-forwarding-table.h | 8 +- deps/v8/src/objects/string-inl.h | 83 +- deps/v8/src/objects/string-table.cc | 81 +- deps/v8/src/objects/string-table.h | 11 +- deps/v8/src/objects/string.cc | 93 +- deps/v8/src/objects/string.h | 65 +- deps/v8/src/objects/struct-inl.h | 2 - .../src/objects/swiss-name-dictionary-inl.h | 14 +- deps/v8/src/objects/synthetic-module-inl.h | 22 +- deps/v8/src/objects/synthetic-module.cc | 3 +- deps/v8/src/objects/synthetic-module.h | 31 +- deps/v8/src/objects/synthetic-module.tq | 1 + deps/v8/src/objects/tagged.h | 474 ++- deps/v8/src/objects/template-objects.cc | 6 +- deps/v8/src/objects/templates-inl.h | 90 +- deps/v8/src/objects/templates.cc | 27 +- deps/v8/src/objects/templates.h | 88 +- deps/v8/src/objects/templates.tq | 1 + deps/v8/src/objects/transitions-inl.h | 29 +- deps/v8/src/objects/transitions.cc | 69 +- deps/v8/src/objects/transitions.h | 20 +- deps/v8/src/objects/trusted-object-inl.h | 25 +- deps/v8/src/objects/trusted-object.h | 6 + deps/v8/src/objects/trusted-pointer-inl.h | 74 +- deps/v8/src/objects/trusted-pointer.h | 34 +- deps/v8/src/objects/turboshaft-types-inl.h | 14 - deps/v8/src/objects/union.h | 14 +- deps/v8/src/objects/value-serializer.cc | 128 +- deps/v8/src/objects/visitors.h | 4 + deps/v8/src/parsing/parse-info.cc | 12 +- deps/v8/src/parsing/parse-info.h | 11 +- deps/v8/src/parsing/parser-base.h | 145 +- deps/v8/src/parsing/parser.cc | 82 +- deps/v8/src/parsing/parser.h | 4 +- .../pending-compilation-error-handler.cc | 8 + deps/v8/src/parsing/preparser.cc | 9 +- deps/v8/src/parsing/preparser.h | 5 +- deps/v8/src/parsing/scanner.cc | 10 +- deps/v8/src/parsing/scanner.h | 6 +- deps/v8/src/profiler/allocation-tracker.cc | 6 +- deps/v8/src/profiler/cpu-profiler.cc | 3 +- deps/v8/src/profiler/heap-profiler.cc | 50 +- deps/v8/src/profiler/heap-profiler.h | 21 +- deps/v8/src/profiler/heap-snapshot-common.h | 10 +- .../profiler/heap-snapshot-generator-inl.h | 75 - .../src/profiler/heap-snapshot-generator.cc | 541 ++-- .../v8/src/profiler/heap-snapshot-generator.h | 79 +- deps/v8/src/profiler/output-stream-writer.h | 4 +- deps/v8/src/profiler/profiler-listener.cc | 13 +- deps/v8/src/profiler/profiler-listener.h | 4 +- .../v8/src/profiler/sampling-heap-profiler.cc | 3 +- .../regexp/arm/regexp-macro-assembler-arm.cc | 70 +- .../regexp/arm/regexp-macro-assembler-arm.h | 6 +- .../arm64/regexp-macro-assembler-arm64.cc | 98 +- .../arm64/regexp-macro-assembler-arm64.h | 6 +- .../experimental/experimental-bytecode.cc | 64 +- .../experimental/experimental-bytecode.h | 117 +- .../experimental/experimental-compiler.cc | 296 +- .../experimental/experimental-compiler.h | 14 +- .../experimental/experimental-interpreter.cc | 154 +- .../experimental/experimental-interpreter.h | 5 +- .../src/regexp/experimental/experimental.cc | 71 +- .../v8/src/regexp/experimental/experimental.h | 11 +- deps/v8/src/regexp/gen-regexp-special-case.cc | 18 +- .../ia32/regexp-macro-assembler-ia32.cc | 75 +- .../regexp/ia32/regexp-macro-assembler-ia32.h | 6 +- .../loong64/regexp-macro-assembler-loong64.cc | 13 +- .../loong64/regexp-macro-assembler-loong64.h | 6 +- .../mips64/regexp-macro-assembler-mips64.cc | 51 +- .../mips64/regexp-macro-assembler-mips64.h | 6 +- .../regexp/ppc/regexp-macro-assembler-ppc.cc | 42 +- .../regexp/ppc/regexp-macro-assembler-ppc.h | 6 +- deps/v8/src/regexp/regexp-ast-printer.cc | 81 +- deps/v8/src/regexp/regexp-ast-printer.h | 39 +- deps/v8/src/regexp/regexp-ast.cc | 186 +- deps/v8/src/regexp/regexp-ast.h | 329 ++- .../v8/src/regexp/regexp-bytecode-analysis.cc | 154 +- deps/v8/src/regexp/regexp-bytecode-analysis.h | 47 +- .../regexp/regexp-bytecode-generator-inl.h | 20 +- .../src/regexp/regexp-bytecode-generator.cc | 400 ++- .../v8/src/regexp/regexp-bytecode-generator.h | 49 +- .../src/regexp/regexp-bytecode-iterator-inl.h | 26 +- .../v8/src/regexp/regexp-bytecode-iterator.cc | 22 +- deps/v8/src/regexp/regexp-bytecode-iterator.h | 17 +- .../v8/src/regexp/regexp-bytecode-peephole.cc | 205 +- deps/v8/src/regexp/regexp-bytecode-peephole.h | 15 +- deps/v8/src/regexp/regexp-bytecodes-inl.h | 137 +- deps/v8/src/regexp/regexp-bytecodes.cc | 43 +- deps/v8/src/regexp/regexp-bytecodes.h | 85 +- deps/v8/src/regexp/regexp-code-generator.cc | 80 +- deps/v8/src/regexp/regexp-code-generator.h | 24 +- deps/v8/src/regexp/regexp-compiler-tonode.cc | 487 ++-- deps/v8/src/regexp/regexp-compiler.cc | 421 ++- deps/v8/src/regexp/regexp-compiler.h | 66 +- deps/v8/src/regexp/regexp-dotprinter.cc | 26 +- deps/v8/src/regexp/regexp-dotprinter.h | 6 +- deps/v8/src/regexp/regexp-error.cc | 10 +- deps/v8/src/regexp/regexp-error.h | 12 +- deps/v8/src/regexp/regexp-flags.h | 32 +- deps/v8/src/regexp/regexp-graph-printer.cc | 158 +- deps/v8/src/regexp/regexp-graph-printer.h | 62 +- deps/v8/src/regexp/regexp-interpreter.cc | 60 +- deps/v8/src/regexp/regexp-interpreter.h | 3 + .../regexp/regexp-macro-assembler-tracer.cc | 61 +- .../regexp/regexp-macro-assembler-tracer.h | 8 +- deps/v8/src/regexp/regexp-macro-assembler.cc | 57 +- deps/v8/src/regexp/regexp-macro-assembler.h | 12 +- deps/v8/src/regexp/regexp-node-printer.cc | 40 +- deps/v8/src/regexp/regexp-node-printer.h | 25 +- deps/v8/src/regexp/regexp-nodes.h | 271 +- deps/v8/src/regexp/regexp-parser.cc | 860 +++--- deps/v8/src/regexp/regexp-parser.h | 14 +- deps/v8/src/regexp/regexp-printer.cc | 22 +- deps/v8/src/regexp/regexp-printer.h | 83 +- deps/v8/src/regexp/regexp-result-vector.cc | 19 +- deps/v8/src/regexp/regexp-result-vector.h | 12 +- deps/v8/src/regexp/regexp-stack.cc | 44 +- deps/v8/src/regexp/regexp-stack.h | 42 +- deps/v8/src/regexp/regexp-utils.cc | 38 +- deps/v8/src/regexp/regexp-utils.h | 9 +- deps/v8/src/regexp/regexp.cc | 884 +++--- deps/v8/src/regexp/regexp.h | 74 +- .../riscv/regexp-macro-assembler-riscv.cc | 15 +- .../riscv/regexp-macro-assembler-riscv.h | 6 +- .../s390/regexp-macro-assembler-s390.cc | 16 +- .../regexp/s390/regexp-macro-assembler-s390.h | 6 +- deps/v8/src/regexp/special-case.h | 4 +- .../regexp/x64/regexp-macro-assembler-x64.cc | 106 +- .../regexp/x64/regexp-macro-assembler-x64.h | 6 +- deps/v8/src/roots/roots.h | 13 +- deps/v8/src/roots/static-roots-intl-nowasm.h | 1950 ++++++------- deps/v8/src/roots/static-roots-intl-wasm.h | 1988 ++++++------- .../v8/src/roots/static-roots-nointl-nowasm.h | 1666 +++++------ deps/v8/src/roots/static-roots-nointl-wasm.h | 1704 +++++------ deps/v8/src/runtime/runtime-array.cc | 40 +- deps/v8/src/runtime/runtime-atomics.cc | 14 +- deps/v8/src/runtime/runtime-classes.cc | 22 +- deps/v8/src/runtime/runtime-compiler.cc | 136 +- deps/v8/src/runtime/runtime-debug.cc | 20 +- deps/v8/src/runtime/runtime-forin.cc | 12 +- deps/v8/src/runtime/runtime-internal.cc | 40 +- deps/v8/src/runtime/runtime-intl.cc | 4 +- deps/v8/src/runtime/runtime-literals.cc | 280 +- deps/v8/src/runtime/runtime-object.cc | 85 +- deps/v8/src/runtime/runtime-operators.cc | 19 +- deps/v8/src/runtime/runtime-promise.cc | 26 +- deps/v8/src/runtime/runtime-proxy.cc | 7 +- deps/v8/src/runtime/runtime-regexp.cc | 150 +- deps/v8/src/runtime/runtime-scopes.cc | 35 +- deps/v8/src/runtime/runtime-strings.cc | 90 +- deps/v8/src/runtime/runtime-test-wasm.cc | 119 +- deps/v8/src/runtime/runtime-test.cc | 55 +- deps/v8/src/runtime/runtime-trace.cc | 2 +- deps/v8/src/runtime/runtime-typedarray.cc | 5 +- deps/v8/src/runtime/runtime-wasm.cc | 292 +- deps/v8/src/runtime/runtime.cc | 3 + deps/v8/src/runtime/runtime.h | 21 +- deps/v8/src/sandbox/bytecode-verifier.cc | 8 +- deps/v8/src/sandbox/code-pointer-table-inl.h | 12 + deps/v8/src/sandbox/code-pointer-table.cc | 22 + deps/v8/src/sandbox/code-pointer-table.h | 14 + deps/v8/src/sandbox/cppheap-pointer-table.cc | 21 + deps/v8/src/sandbox/cppheap-pointer-table.h | 8 + .../src/sandbox/external-entity-table-inl.h | 2 + deps/v8/src/sandbox/external-pointer-inl.h | 34 +- deps/v8/src/sandbox/external-pointer-table.cc | 21 + deps/v8/src/sandbox/external-pointer-table.h | 8 + deps/v8/src/sandbox/external-pointer.h | 19 +- deps/v8/src/sandbox/indirect-pointer-tag.h | 14 +- deps/v8/src/sandbox/isolate-inl.h | 7 +- deps/v8/src/sandbox/isolate.h | 3 +- deps/v8/src/sandbox/js-dispatch-table-inl.h | 15 - deps/v8/src/sandbox/js-dispatch-table.cc | 20 + deps/v8/src/sandbox/js-dispatch-table.h | 23 +- deps/v8/src/sandbox/sandbox.cc | 23 +- deps/v8/src/sandbox/sandbox.h | 11 +- deps/v8/src/sandbox/testing.cc | 53 +- .../src/sandbox/trusted-pointer-table-inl.h | 23 +- deps/v8/src/sandbox/trusted-pointer-table.cc | 33 + deps/v8/src/sandbox/trusted-pointer-table.h | 18 + deps/v8/src/snapshot/context-serializer.cc | 9 +- deps/v8/src/snapshot/deserializer.cc | 35 +- deps/v8/src/snapshot/deserializer.h | 8 +- deps/v8/src/snapshot/mksnapshot.cc | 5 +- .../v8/src/snapshot/read-only-deserializer.cc | 32 +- deps/v8/src/snapshot/read-only-serializer.cc | 30 +- deps/v8/src/snapshot/serializer.cc | 16 +- .../src/snapshot/shared-heap-deserializer.cc | 4 +- deps/v8/src/snapshot/snapshot-data.cc | 5 +- deps/v8/src/snapshot/snapshot-source-sink.cc | 4 +- deps/v8/src/snapshot/snapshot-source-sink.h | 18 +- deps/v8/src/snapshot/snapshot.cc | 6 +- deps/v8/src/snapshot/startup-deserializer.cc | 4 +- deps/v8/src/snapshot/startup-serializer.cc | 4 +- deps/v8/src/strings/char-predicates-inl.h | 16 +- deps/v8/src/strings/char-predicates.cc | 6 +- deps/v8/src/strings/char-predicates.h | 7 +- deps/v8/src/strings/string-builder-inl.h | 2 +- deps/v8/src/strings/string-builder.cc | 45 +- deps/v8/src/strings/string-builder.h | 19 +- deps/v8/src/strings/string-stream.cc | 16 +- deps/v8/src/strings/unicode.h | 2 +- deps/v8/src/torque/implementation-visitor.cc | 36 +- deps/v8/src/torque/torque-compiler.cc | 3 + deps/v8/src/torque/torque.cc | 2 - deps/v8/src/torque/tsa-generator.cc | 587 +++- deps/v8/src/torque/type-visitor.cc | 17 + deps/v8/src/torque/types.h | 1 + deps/v8/src/torque/utils.h | 2 +- deps/v8/src/tracing/perfetto-logger.cc | 54 +- deps/v8/src/tracing/perfetto-logger.h | 13 +- deps/v8/src/trap-handler/handler-inside.cc | 22 +- deps/v8/src/trap-handler/handler-outside.cc | 94 +- deps/v8/src/trap-handler/handler-shared.cc | 19 + .../src/trap-handler/trap-handler-internal.h | 28 +- .../src/trap-handler/trap-handler-simulator.h | 2 +- deps/v8/src/trap-handler/trap-handler.h | 16 +- deps/v8/src/utils/bit-vector.h | 190 +- deps/v8/src/utils/boxed-float.h | 15 + deps/v8/src/utils/utils.cc | 4 +- deps/v8/src/wasm/DEPS | 7 + .../baseline/arm/liftoff-assembler-arm-inl.h | 127 +- .../arm64/liftoff-assembler-arm64-inl.h | 195 +- .../ia32/liftoff-assembler-ia32-inl.h | 107 +- .../wasm/baseline/liftoff-assembler-defs.h | 30 +- .../src/wasm/baseline/liftoff-assembler-inl.h | 7 - .../v8/src/wasm/baseline/liftoff-assembler.cc | 9 + deps/v8/src/wasm/baseline/liftoff-assembler.h | 88 +- deps/v8/src/wasm/baseline/liftoff-compiler.cc | 973 ++++--- deps/v8/src/wasm/baseline/liftoff-register.h | 290 +- deps/v8/src/wasm/baseline/liftoff-varstate.h | 1 + .../loong64/liftoff-assembler-loong64-inl.h | 306 +- .../mips64/liftoff-assembler-mips64-inl.h | 135 +- deps/v8/src/wasm/baseline/parallel-move.h | 8 +- .../baseline/ppc/liftoff-assembler-ppc-inl.h | 359 ++- .../riscv/liftoff-assembler-riscv-inl.h | 730 ++--- .../riscv/liftoff-assembler-riscv32-inl.h | 180 +- .../riscv/liftoff-assembler-riscv64-inl.h | 299 +- .../s390/liftoff-assembler-s390-inl.h | 147 +- .../baseline/x64/liftoff-assembler-x64-inl.h | 152 +- deps/v8/src/wasm/c-api.cc | 65 +- deps/v8/src/wasm/c-api.h | 11 +- deps/v8/src/wasm/canonical-types.cc | 89 +- deps/v8/src/wasm/canonical-types.h | 76 +- .../v8/src/wasm/compilation-environment-inl.h | 4 - deps/v8/src/wasm/compilation-environment.h | 18 +- .../src/wasm/compilation-hints-generation.cc | 8 +- .../src/wasm/constant-expression-interface.cc | 178 +- .../src/wasm/constant-expression-interface.h | 5 + deps/v8/src/wasm/constant-expression.cc | 10 +- deps/v8/src/wasm/decoder.h | 20 - deps/v8/src/wasm/effect-handler.h | 33 + deps/v8/src/wasm/function-body-decoder-impl.h | 452 +-- deps/v8/src/wasm/function-body-decoder.cc | 19 +- deps/v8/src/wasm/function-body-decoder.h | 12 +- deps/v8/src/wasm/function-compiler.cc | 10 +- deps/v8/src/wasm/function-compiler.h | 16 +- .../wasm/fuzzing/random-module-generation.cc | 366 +-- deps/v8/src/wasm/inlining-tree.h | 13 +- deps/v8/src/wasm/interpreter/OWNERS | 4 + .../arm64/interpreter-builtins-arm64.cc | 1519 ++++++++++ .../wasm/interpreter/instruction-handlers.h | 2553 +++++++++-------- .../wasm/interpreter/wasm-interpreter-inl.h | 8 + .../wasm-interpreter-runtime-inl.h | 92 +- .../interpreter/wasm-interpreter-runtime.cc | 155 +- .../interpreter/wasm-interpreter-runtime.h | 61 +- .../wasm/interpreter/wasm-interpreter-simd.cc | 10 +- .../src/wasm/interpreter/wasm-interpreter.cc | 1712 ++++++----- .../src/wasm/interpreter/wasm-interpreter.h | 37 +- deps/v8/src/wasm/leb-helper.h | 34 +- deps/v8/src/wasm/local-decl-encoder.cc | 37 +- deps/v8/src/wasm/local-decl-encoder.h | 17 +- deps/v8/src/wasm/module-compiler.cc | 115 +- deps/v8/src/wasm/module-compiler.h | 8 +- deps/v8/src/wasm/module-decoder-impl.h | 548 ++-- deps/v8/src/wasm/module-decoder.cc | 4 +- deps/v8/src/wasm/module-decoder.h | 3 - deps/v8/src/wasm/module-instantiate.cc | 533 ++-- deps/v8/src/wasm/names-provider.cc | 13 - deps/v8/src/wasm/names-provider.h | 2 - deps/v8/src/wasm/object-access.h | 32 - deps/v8/src/wasm/signature-hashing.h | 4 +- deps/v8/src/wasm/simd-shuffle.cc | 12 +- deps/v8/src/wasm/simd-shuffle.h | 5 +- deps/v8/src/wasm/stacks.cc | 33 +- deps/v8/src/wasm/stacks.h | 4 + deps/v8/src/wasm/streaming-decoder.h | 2 +- deps/v8/src/wasm/struct-types.h | 23 +- .../src/wasm/turboshaft-graph-interface-inl.h | 16 +- .../v8/src/wasm/turboshaft-graph-interface.cc | 1708 ++++++----- deps/v8/src/wasm/value-type.cc | 34 +- deps/v8/src/wasm/value-type.h | 118 +- deps/v8/src/wasm/wasm-builtin-list.h | 13 + deps/v8/src/wasm/wasm-code-manager.cc | 127 +- deps/v8/src/wasm/wasm-code-manager.h | 132 +- .../v8/src/wasm/wasm-code-pointer-table-inl.h | 20 - deps/v8/src/wasm/wasm-code-pointer-table.h | 14 +- deps/v8/src/wasm/wasm-constants.h | 10 +- deps/v8/src/wasm/wasm-debug.cc | 65 +- deps/v8/src/wasm/wasm-debug.h | 2 +- deps/v8/src/wasm/wasm-disassembler-impl.h | 2 +- deps/v8/src/wasm/wasm-disassembler.cc | 25 +- deps/v8/src/wasm/wasm-engine-globals.h | 37 + deps/v8/src/wasm/wasm-engine.cc | 29 +- deps/v8/src/wasm/wasm-engine.h | 17 +- deps/v8/src/wasm/wasm-export-wrapper-cache.cc | 34 +- deps/v8/src/wasm/wasm-export-wrapper-cache.h | 4 +- deps/v8/src/wasm/wasm-external-refs.cc | 268 +- deps/v8/src/wasm/wasm-external-refs.h | 8 +- deps/v8/src/wasm/wasm-feature-flags.h | 60 +- deps/v8/src/wasm/wasm-features.h | 8 +- deps/v8/src/wasm/wasm-init-expr.h | 3 +- deps/v8/src/wasm/wasm-js.cc | 109 +- deps/v8/src/wasm/wasm-js.h | 5 +- deps/v8/src/wasm/wasm-limits.h | 9 + deps/v8/src/wasm/wasm-linkage.h | 72 +- deps/v8/src/wasm/wasm-module-builder.cc | 8 +- deps/v8/src/wasm/wasm-module-builder.h | 8 +- deps/v8/src/wasm/wasm-module.cc | 35 +- deps/v8/src/wasm/wasm-module.h | 83 +- deps/v8/src/wasm/wasm-objects-inl.h | 195 +- deps/v8/src/wasm/wasm-objects.cc | 666 ++--- deps/v8/src/wasm/wasm-objects.h | 150 +- deps/v8/src/wasm/wasm-objects.tq | 16 +- deps/v8/src/wasm/wasm-opcodes-inl.h | 106 +- deps/v8/src/wasm/wasm-opcodes.cc | 3 + deps/v8/src/wasm/wasm-opcodes.h | 30 +- deps/v8/src/wasm/wasm-result.h | 2 - deps/v8/src/wasm/wasm-serialization.cc | 67 +- deps/v8/src/wasm/wasm-subtyping.cc | 9 +- deps/v8/src/wasm/wasm-tracing.h | 7 - deps/v8/src/wasm/wasm-value.h | 24 +- deps/v8/src/wasm/wasm-wrapper-cache-inl.h | 2 +- deps/v8/src/wasm/wasm-wrapper-cache.cc | 2 +- deps/v8/src/wasm/well-known-imports.cc | 17 + deps/v8/src/wasm/well-known-imports.h | 17 + deps/v8/src/wasm/wrappers-inl.h | 70 +- deps/v8/src/wasm/wrappers.cc | 10 +- deps/v8/src/wasm/wrappers.h | 129 +- deps/v8/test/benchmarks/cpp/benchmark-main.cc | 3 +- deps/v8/test/benchmarks/csuite/benchmark.py | 10 +- deps/v8/test/bigint/BUILD.gn | 2 + deps/v8/test/bigint/DEPS | 1 + deps/v8/test/bigint/bigint-shell.cc | 641 ++++- deps/v8/test/cctest/BUILD.gn | 15 +- deps/v8/test/cctest/cctest.cc | 2 +- deps/v8/test/cctest/cctest.status | 28 +- .../cctest/compiler/test-code-generator.cc | 29 +- .../test-run-calls-to-external-references.cc | 6 + .../cctest/compiler/test-run-native-calls.cc | 6 +- .../compiler/turboshaft-codegen-tester.h | 2 + deps/v8/test/cctest/heap/heap-tester.h | 4 +- deps/v8/test/cctest/heap/test-compaction.cc | 2 +- .../cctest/heap/test-concurrent-allocation.cc | 24 +- deps/v8/test/cctest/heap/test-heap.cc | 306 +- deps/v8/test/cctest/heap/test-mark-compact.cc | 6 +- deps/v8/test/cctest/heap/test-spaces.cc | 36 +- .../test/cctest/heap/test-weak-references.cc | 50 +- deps/v8/test/cctest/test-accessors.cc | 25 +- deps/v8/test/cctest/test-api-array-buffer.cc | 7 +- deps/v8/test/cctest/test-api-incumbent.cc | 16 +- deps/v8/test/cctest/test-api-interceptors.cc | 515 ++-- deps/v8/test/cctest/test-api-stack-traces.cc | 547 +++- deps/v8/test/cctest/test-api-typed-array.cc | 22 +- deps/v8/test/cctest/test-api.cc | 289 +- deps/v8/test/cctest/test-api.h | 6 +- .../test/cctest/test-code-stub-assembler.cc | 30 +- deps/v8/test/cctest/test-cpu-profiler.cc | 14 +- deps/v8/test/cctest/test-debug.cc | 147 +- deps/v8/test/cctest/test-heap-profiler.cc | 258 +- deps/v8/test/cctest/test-sampler-api.cc | 24 +- deps/v8/test/cctest/test-serialize.cc | 8 +- deps/v8/test/cctest/test-shared-strings.cc | 45 +- deps/v8/test/cctest/test-transitions.cc | 111 - .../test-unscopables-hidden-prototype.cc | 2 +- deps/v8/test/cctest/test-usecounters.cc | 51 +- deps/v8/test/cctest/test-verifiers.cc | 2 +- deps/v8/test/cctest/torque/test-torque.cc | 2 + .../v8/test/cctest/wasm/test-backing-store.cc | 4 +- deps/v8/test/cctest/wasm/test-gc.cc | 35 +- deps/v8/test/cctest/wasm/test-grow-memory.cc | 4 +- .../cctest/wasm/test-liftoff-inspection.cc | 2 +- deps/v8/test/cctest/wasm/test-run-wasm-64.cc | 10 +- .../test/cctest/wasm/test-run-wasm-atomics.cc | 6 +- .../cctest/wasm/test-run-wasm-atomics64.cc | 6 +- deps/v8/test/cctest/wasm/test-run-wasm-f16.cc | 99 +- .../cctest/wasm/test-run-wasm-memory64.cc | 2 +- .../cctest/wasm/test-run-wasm-relaxed-simd.cc | 81 +- .../cctest/wasm/test-run-wasm-simd-liftoff.cc | 43 +- .../v8/test/cctest/wasm/test-run-wasm-simd.cc | 935 ++++-- .../cctest/wasm/test-run-wasm-wrappers.cc | 4 +- deps/v8/test/cctest/wasm/test-run-wasm.cc | 85 +- .../cctest/wasm/test-streaming-compilation.cc | 18 +- .../test/cctest/wasm/test-wasm-breakpoints.cc | 25 +- deps/v8/test/cctest/wasm/test-wasm-metrics.cc | 48 +- .../cctest/wasm/test-wasm-serialization.cc | 16 +- deps/v8/test/cctest/wasm/test-wasm-stack.cc | 2 +- .../cctest/wasm/test-wasm-trap-position.cc | 2 +- deps/v8/test/cctest/wasm/wasm-simd-utils.cc | 159 +- deps/v8/test/cctest/wasm/wasm-simd-utils.h | 5 + deps/v8/test/common/wasm/fuzzer-common.cc | 15 +- deps/v8/test/common/wasm/wasm-macro-gen.h | 10 +- .../v8/test/common/wasm/wasm-module-runner.cc | 1 + deps/v8/test/common/wasm/wasm-run-utils.cc | 103 +- deps/v8/test/common/wasm/wasm-run-utils.h | 59 +- deps/v8/test/debugger/debugger.status | 3 + .../debugger/regress/regress-483851884.js | 30 + .../debugger/regress/regress-485683107.js | 17 + .../debugger/regress/regress-486383560.js | 10 + .../debugger/regress/regress-488130830.js | 9 + deps/v8/test/filecheck/filecheck.status | 24 + .../js-wasm-wrapper-inlining-eager-deopt.js | 116 + .../js-wasm-wrapper-inlining-lazy-deopt.js | 2 +- .../wasm-in-js-inlining-turboshaft.js | 538 ++++ .../wasm-turbolev-inlined-wrapper.js | 9 +- .../filecheck/wasm/crash/regress-481074858.js | 220 ++ deps/v8/test/fuzzer/fuzzer-support.cc | 2 +- deps/v8/test/fuzzer/inspector-fuzzer.cc | 4 +- .../interpreter/interpreter-fuzzer-common.cc | 8 +- deps/v8/test/inspector/BUILD.gn | 2 + ...point-by-url-in-broken-script-expected.txt | 21 + .../set-breakpoint-by-url-in-broken-script.js | 20 + .../debugger/wasm-gc-anyref-expected.txt | 6 +- .../test/inspector/debugger/wasm-gc-anyref.js | 2 +- .../debugger/wasm-gc-breakpoints-expected.txt | 2 +- .../inspector/debugger/wasm-gc-breakpoints.js | 2 +- .../wasm-gc-multi-module-expected.txt | 8 +- .../debugger/wasm-gc-multi-module.js | 4 +- .../debugger/wasm-jspi-async-stack.js | 3 +- .../inspector/debugger/wasm-scope-info.js | 2 +- deps/v8/test/inspector/devtools-session.cc | 66 + deps/v8/test/inspector/devtools-session.h | 65 + deps/v8/test/inspector/frontend-channel.h | 38 +- deps/v8/test/inspector/inspector-test.cc | 12 +- deps/v8/test/inspector/isolate-data.cc | 86 +- deps/v8/test/inspector/isolate-data.h | 28 +- .../regress-crbug-486927780-expected.txt | 1 + .../regress/regress-crbug-486927780.js | 25 + .../regress-crbug-488754138-expected.txt | 3 + .../regress/regress-crbug-488754138.js | 29 + .../runtime/command-line-api-expected.txt | 56 + .../inspector/runtime/command-line-api.js | 16 + .../runtime/get-properties-expected.txt | 11 - .../test/inspector/runtime/get-properties.js | 14 +- .../runtime/regress-488790217-expected.txt | 396 +++ .../inspector/runtime/regress-488790217.js | 39 + .../test/intl/date-format/check-nu-option.js | 2 +- .../date-format/check-numbering-system.js | 2 +- .../date-format/en-format-range-to-parts.js | 4 +- deps/v8/test/intl/date-format/format-range.js | 24 +- .../property-override-date-style.js | 2 +- .../property-override-date-time-style.js | 2 +- .../property-override-time-style.js | 2 +- .../intl/date-format/property-override.js | 2 +- .../intl/number-format/check-nu-option.js | 2 +- .../number-format/check-numbering-system.js | 2 +- .../intl/number-format/comma-compat-off.js | 22 - .../intl/number-format/comma-compat-on.js | 22 - .../intl/number-format/italian-compat-off.js | 15 - .../intl/number-format/italian-compat-on.js | 15 - deps/v8/test/intl/regress-7481.js | 2 +- deps/v8/test/intl/regress-9912.js | 6 +- .../check-numbering-system.js | 2 +- .../segment-iterator-ownPropertyDescriptor.js | 2 +- .../test/js-perf-test/BigInt/bigint-util.js | 2 +- deps/v8/test/js-perf-test/JSTests5.json | 2 +- .../TurboFan/wasm-inlining-loop-array.js | 2 +- .../message/fail/iterator-zip-return-error.js | 16 + .../fail/iterator-zip-return-error.out | 7 + .../js-wasm-wrapper-inlining-turbolev-32.js | 1 + .../js-wasm-wrapper-inlining-turbolev-32.out | 13 +- .../js-wasm-wrapper-inlining-turbolev-64.js | 1 + .../js-wasm-wrapper-inlining-turbolev-64.out | 14 +- deps/v8/test/message/message.status | 12 +- .../wasm-compilation-hints-inlining.out | 1 - .../message/wasm-in-js-inlining-turboshaft.js | 288 -- .../wasm-in-js-inlining-turboshaft.out | 329 --- deps/v8/test/message/wasm-inlining-into-js.js | 2 +- .../v8/test/message/wasm-recognize-imports.js | 8 +- .../test/mjsunit/arbitrary-length-varargs.js | 126 + .../test/mjsunit/array-flat-elements-kind.js | 48 + .../v8/test/mjsunit/call-intrinsic-fuzzing.js | 11 + .../compiler/bigint-add-no-deopt-loop.js | 5 +- .../mjsunit/compiler/fast-api-calls-wasm.js | 2 +- deps/v8/test/mjsunit/compiler/no-fma.js | 25 + .../mjsunit/compiler/regress-488078904.js | 21 + .../mjsunit/compiler/regress-488925413.js | 28 + .../mjsunit/d8-builtins-not-constructors.js | 21 + deps/v8/test/mjsunit/d8/d8-realm-onerror.js | 26 + .../mjsunit/d8/d8-worker-onerror-arguments.js | 52 + .../mjsunit/d8/d8-worker-onerror-exception.js | 32 + .../d8/d8-worker-onerror-settimeout.js | 28 + deps/v8/test/mjsunit/d8/d8-worker-onerror.js | 32 + .../mjsunit/es6/block-eval-var-over-let.js | 2 +- ...of-array-iterator-optimization-baseline.js | 38 +- ...of-array-iterator-optimization-ignition.js | 32 +- ...ization-maglev-eager-check-missing-done.js | 69 + ...terator-optimization-maglev-eager-check.js | 66 + ...tor-optimization-maglev-eager-next-call.js | 59 + ...r-optimization-maglev-eager-value-check.js | 90 + ...iterator-optimization-maglev-lazy-check.js | 64 + ...ator-optimization-maglev-lazy-next-call.js | 52 + ...or-optimization-maglev-lazy-value-check.js | 64 + ...r-of-array-iterator-optimization-maglev.js | 40 +- ...of-array-iterator-optimization-turbofan.js | 40 +- .../es6/for-of-iterator-protocol-integrity.js | 108 + .../es6/sloppy-restrictive-block-function.js | 2 +- .../test/mjsunit/es6/weak-map-chain-linear.js | 34 + .../es6/weak-map-chain-nested-linear.js | 61 + deps/v8/test/mjsunit/es8/async-await-basic.js | 2 +- .../harmony/async-from-sync-iterator.js | 4 +- .../mjsunit/harmony/async-generators-basic.js | 2 +- deps/v8/test/mjsunit/harmony/iterator-zip.js | 205 ++ deps/v8/test/mjsunit/harmony/map-groupby.js | 2 +- .../harmony/modules-import-defer-asm.mjs | 22 + .../modules-import-defer-no-trigger.mjs | 29 +- ...efer-prototype-swap-for-in-that-throws.mjs | 30 + ...les-import-defer-prototype-swap-for-in.mjs | 23 + ...port-defer-super-property-set-exported.mjs | 25 + ...-defer-super-property-set-not-exported.mjs | 25 + .../mjsunit/harmony/modules-namespace-asm.mjs | 23 + deps/v8/test/mjsunit/iterator-join.js | 408 +++ deps/v8/test/mjsunit/json-simd-strings.js | 136 + deps/v8/test/mjsunit/linecontinuation.js | 2 +- .../mjsunit/maglev/array-push-int32-phi.js | 33 + .../mjsunit/maglev/boolean-constructor.js | 23 + .../maglev/context-inverted-generator.js | 28 + .../maglev/context-inverted-generator2.js | 30 + deps/v8/test/mjsunit/maglev/reflect-apply.js | 72 + deps/v8/test/mjsunit/maglev/reflect-get.js | 42 + deps/v8/test/mjsunit/maglev/reflect-has.js | 54 + .../test/mjsunit/maglev/regress-470566252.js | 58 + .../test/mjsunit/maglev/regress-482545639.js | 18 + .../test/mjsunit/maglev/regress-482810539.js | 25 + .../test/mjsunit/maglev/regress-483423907.js | 24 + .../test/mjsunit/maglev/regress-484393248.js | 33 + .../test/mjsunit/maglev/regress-484911060.js | 16 + .../test/mjsunit/maglev/regress-485843940.js | 17 + .../test/mjsunit/maglev/regress-486530209.js | 26 + .../test/mjsunit/maglev/regress-489362238.js | 21 + .../test/mjsunit/maglev/regress-489369253.js | 25 + .../test/mjsunit/maglev/regress-490353576.js | 21 + .../test/mjsunit/maglev/regress-492245079.js | 30 + .../test/mjsunit/maglev/regress-494492520.js | 23 + .../test/mjsunit/maglev/regress-495041650.js | 26 + .../test/mjsunit/maglev/regress-495751197.js | 47 + .../test/mjsunit/maglev/regress-495888361.js | 26 + .../test/mjsunit/maglev/regress-495923720.js | 15 + .../test/mjsunit/maglev/regress-496074718.js | 27 + .../test/mjsunit/maglev/regress-496272034.js | 28 + .../test/mjsunit/maglev/regress-496627235.js | 24 + .../test/mjsunit/maglev/regress-497112471.js | 27 + .../maglev/regress/regress-489605205.js | 29 + .../maglev/regress/regress-500880819.js | 31 + .../maglev/regress/regress-501789186.js | 26 + .../mjsunit/maglev/string-indexof-includes.js | 54 + .../v8/test/mjsunit/maglev/unused-loop-phi.js | 25 + .../v8/test/mjsunit/math-sum-precise/basic.js | 3 + .../test/mjsunit/math-sum-precise/closing.js | 26 + .../v8/test/mjsunit/math-sum-precise/holey.js | 15 + .../test/mjsunit/math-sum-precise/holey2.js | 33 + .../math-sum-precise/regress-494013010.js | 14 + .../mjsunit/math-sum-precise/set-regress.js | 15 + .../mjsunit/math-sum-precise/set-regress2.js | 11 + deps/v8/test/mjsunit/mjsunit.status | 292 +- deps/v8/test/mjsunit/modules-eval-await.mjs | 9 + .../modules-namespace-super-access-tdz.mjs | 17 + .../modules-namespace-super-property-set.mjs | 17 + ...-namespace-super-set-tdz-with-accessor.mjs | 23 + .../proto-seq-opt-object-entries.js | 4 +- .../opt-proto-seq/proto-seq-opt-spreading.js | 8 +- .../private_fields/test_private_fields.js | 145 + ...k-cross-realm-callback-report-exception.js | 30 + deps/v8/test/mjsunit/queue-microtask.js | 42 + deps/v8/test/mjsunit/regexp-fallback.js | 2 +- deps/v8/test/mjsunit/regress-478205262.js | 17 + deps/v8/test/mjsunit/regress-491935269.js | 24 + deps/v8/test/mjsunit/regress-493787228.js | 20 + deps/v8/test/mjsunit/regress-494876356.js | 20 + .../mjsunit/regress/asm/regress-490629397.js | 79 + .../mjsunit/regress/immutable-ab-regress.js | 85 + .../regress/redeclaration-error-types.js | 24 +- .../test/mjsunit/regress/regexp-489358153.js | 31 + .../test/mjsunit/regress/regress-1000635.js | 15 - .../test/mjsunit/regress/regress-1447383.js | 2 +- .../test/mjsunit/regress/regress-372298921.js | 2 +- .../test/mjsunit/regress/regress-447206453.js | 2 +- .../test/mjsunit/regress/regress-476509600.js | 9 + .../test/mjsunit/regress/regress-481519344.js | 21 + .../test/mjsunit/regress/regress-484904778.js | 15 + .../test/mjsunit/regress/regress-486655252.js | 17 + .../mjsunit/regress/regress-486945364-1.js | 32 + .../test/mjsunit/regress/regress-486945364.js | 39 + .../test/mjsunit/regress/regress-487468464.js | 15 + .../test/mjsunit/regress/regress-487857171.js | 17 + .../test/mjsunit/regress/regress-488042855.js | 19 + .../test/mjsunit/regress/regress-489356185.js | 26 + .../test/mjsunit/regress/regress-489941769.js | 16 + .../test/mjsunit/regress/regress-490446682.js | 11 + .../test/mjsunit/regress/regress-490485402.js | 32 + .../test/mjsunit/regress/regress-490515529.js | 23 + .../test/mjsunit/regress/regress-491053452.js | 18 + .../test/mjsunit/regress/regress-491461591.js | 16 + .../test/mjsunit/regress/regress-491881374.js | 70 + .../test/mjsunit/regress/regress-492014648.js | 29 + .../test/mjsunit/regress/regress-493176399.js | 23 + .../test/mjsunit/regress/regress-493269623.js | 12 + .../mjsunit/regress/regress-493591676.mjs | 5 + .../test/mjsunit/regress/regress-493787222.js | 17 + .../test/mjsunit/regress/regress-494583765.js | 7 + .../test/mjsunit/regress/regress-494690599.js | 15 + .../mjsunit/regress/regress-495503057.mjs | 5 + .../test/mjsunit/regress/regress-495503781.js | 19 + .../mjsunit/regress/regress-498089319-2.js | 28 + .../test/mjsunit/regress/regress-498089319.js | 38 + .../test/mjsunit/regress/regress-498464176.js | 17 + .../test/mjsunit/regress/regress-499667401.js | 44 + .../test/mjsunit/regress/regress-7558019.js | 16 + .../v8/test/mjsunit/regress/regress-786573.js | 2 +- .../regress/regress-crbug-335704358.js | 53 - .../regress/regress-crbug-488366773.js | 14 + .../regress/regress-crbug-488426618.js | 20 + .../regress/regress-crbug-489893167.js | 20 + .../regress/regress-crbug-490058830.js | 20 + .../mjsunit/regress/regress-crbug-596394.js | 2 +- .../mjsunit/regress/regress-crbug-909614.js | 8 +- .../regress/regress-temporal-zoneinfo.js | 11 + .../test/mjsunit/regress/regress-v8-12671.js | 14 +- .../regress/wasm/i32-lowering-inlining.js | 2 +- .../regress/wasm/inline-call-to-reexport.js | 3 +- .../mjsunit/regress/wasm/regress-1010272.js | 2 - .../mjsunit/regress/wasm/regress-1029642.js | 6 - .../mjsunit/regress/wasm/regress-1045225.js | 2 - .../mjsunit/regress/wasm/regress-1045737.js | 2 - .../mjsunit/regress/wasm/regress-1046472.js | 2 - .../mjsunit/regress/wasm/regress-1048241.js | 2 - .../mjsunit/regress/wasm/regress-1074586-b.js | 2 - .../mjsunit/regress/wasm/regress-1074586.js | 2 - .../mjsunit/regress/wasm/regress-1075953.js | 2 - .../mjsunit/regress/wasm/regress-1079449.js | 2 - .../mjsunit/regress/wasm/regress-10898.js | 2 - .../mjsunit/regress/wasm/regress-1125951.js | 2 +- .../mjsunit/regress/wasm/regress-1132461.js | 2 - .../mjsunit/regress/wasm/regress-1140549.js | 2 - .../mjsunit/regress/wasm/regress-1145135.js | 2 - .../mjsunit/regress/wasm/regress-1161654.js | 4 +- .../mjsunit/regress/wasm/regress-1161954.js | 2 - .../mjsunit/regress/wasm/regress-1165966.js | 2 - .../mjsunit/regress/wasm/regress-1168116.js | 2 - .../mjsunit/regress/wasm/regress-1171788.js | 2 - .../mjsunit/regress/wasm/regress-1179025.js | 2 - .../mjsunit/regress/wasm/regress-1179065.js | 2 +- .../mjsunit/regress/wasm/regress-1179182.js | 2 - .../mjsunit/regress/wasm/regress-11809.js | 3 +- .../mjsunit/regress/wasm/regress-1187831.js | 2 - .../mjsunit/regress/wasm/regress-1196837.js | 2 - .../mjsunit/regress/wasm/regress-1197393.js | 2 - .../mjsunit/regress/wasm/regress-1199662.js | 2 - .../mjsunit/regress/wasm/regress-1202736.js | 2 - .../mjsunit/regress/wasm/regress-1220855.js | 2 - .../mjsunit/regress/wasm/regress-12270.js | 2 - .../mjsunit/regress/wasm/regress-1227351.js | 2 - .../mjsunit/regress/wasm/regress-1228720.js | 2 - .../mjsunit/regress/wasm/regress-1236958.js | 2 +- .../mjsunit/regress/wasm/regress-1237024.js | 2 +- .../mjsunit/regress/wasm/regress-1239954.js | 2 +- .../mjsunit/regress/wasm/regress-1248024.js | 2 +- .../mjsunit/regress/wasm/regress-1251465.js | 2 - .../mjsunit/regress/wasm/regress-1255354.js | 3 +- .../mjsunit/regress/wasm/regress-12624.js | 2 - .../mjsunit/regress/wasm/regress-1264462.js | 2 - .../mjsunit/regress/wasm/regress-12874.js | 2 +- .../mjsunit/regress/wasm/regress-1294384.js | 2 - .../mjsunit/regress/wasm/regress-12945.js | 8 +- .../mjsunit/regress/wasm/regress-1296876.js | 2 - .../mjsunit/regress/wasm/regress-1299183.js | 2 - .../mjsunit/regress/wasm/regress-13061.js | 2 - .../mjsunit/regress/wasm/regress-1308333.js | 2 - .../mjsunit/regress/wasm/regress-1339153.js | 2 - .../mjsunit/regress/wasm/regress-13700.js | 2 - .../mjsunit/regress/wasm/regress-1374535.js | 2 +- .../mjsunit/regress/wasm/regress-1380646.js | 2 - .../mjsunit/regress/wasm/regress-13939.js | 2 - .../mjsunit/regress/wasm/regress-13946.js | 2 +- .../mjsunit/regress/wasm/regress-13956.js | 2 +- .../mjsunit/regress/wasm/regress-1408337.js | 2 - .../mjsunit/regress/wasm/regress-14113.js | 2 - .../mjsunit/regress/wasm/regress-14116.js | 2 - .../mjsunit/regress/wasm/regress-14118.js | 2 - .../mjsunit/regress/wasm/regress-14167.js | 10 +- .../mjsunit/regress/wasm/regress-14171.js | 2 - .../mjsunit/regress/wasm/regress-14270.js | 2 +- .../mjsunit/regress/wasm/regress-14356.js | 2 - .../mjsunit/regress/wasm/regress-1447367.js | 2 +- .../mjsunit/regress/wasm/regress-1458941.js | 4 +- .../mjsunit/regress/wasm/regress-14600.js | 11 +- .../mjsunit/regress/wasm/regress-14689.js | 2 - .../mjsunit/regress/wasm/regress-14700.js | 2 +- .../mjsunit/regress/wasm/regress-1478848.js | 4 +- .../mjsunit/regress/wasm/regress-1478913.js | 2 - .../mjsunit/regress/wasm/regress-1479926.js | 14 +- .../mjsunit/regress/wasm/regress-1480117.js | 2 - .../mjsunit/regress/wasm/regress-1484393.js | 2 - .../mjsunit/regress/wasm/regress-1486237.js | 4 +- .../mjsunit/regress/wasm/regress-1487077.js | 2 - .../mjsunit/regress/wasm/regress-1490847-2.js | 6 +- .../mjsunit/regress/wasm/regress-1490847.js | 2 +- .../mjsunit/regress/wasm/regress-1491415.js | 7 +- .../mjsunit/regress/wasm/regress-1492772.js | 2 - .../mjsunit/regress/wasm/regress-1497018.js | 2 - .../mjsunit/regress/wasm/regress-1502837.js | 2 - .../mjsunit/regress/wasm/regress-1507743.js | 4 +- .../mjsunit/regress/wasm/regress-1507779.js | 2 +- .../mjsunit/regress/wasm/regress-1508999.js | 2 - .../mjsunit/regress/wasm/regress-1514072.js | 2 +- .../mjsunit/regress/wasm/regress-1517219.js | 2 - .../mjsunit/regress/wasm/regress-1517243.js | 4 +- .../mjsunit/regress/wasm/regress-1519091.js | 2 - .../mjsunit/regress/wasm/regress-1520362.js | 2 +- .../mjsunit/regress/wasm/regress-1521371.js | 4 +- .../mjsunit/regress/wasm/regress-1523313.js | 2 - .../mjsunit/regress/wasm/regress-1523316.js | 4 +- .../mjsunit/regress/wasm/regress-1523407.js | 4 +- .../mjsunit/regress/wasm/regress-1523414.js | 2 +- .../mjsunit/regress/wasm/regress-324475066.js | 2 +- .../mjsunit/regress/wasm/regress-324690505.js | 4 +- .../mjsunit/regress/wasm/regress-324747822.js | 2 +- .../mjsunit/regress/wasm/regress-325756545.js | 8 +- .../mjsunit/regress/wasm/regress-326156493.js | 8 +- .../mjsunit/regress/wasm/regress-326260438.js | 4 +- .../mjsunit/regress/wasm/regress-326273468.js | 2 - .../mjsunit/regress/wasm/regress-326894018.js | 96 +- .../mjsunit/regress/wasm/regress-326904344.js | 6 +- .../mjsunit/regress/wasm/regress-327517308.js | 2 - .../mjsunit/regress/wasm/regress-327643791.js | 6 +- .../mjsunit/regress/wasm/regress-328499555.js | 9 +- .../mjsunit/regress/wasm/regress-329464129.js | 2 - .../mjsunit/regress/wasm/regress-330580823.js | 5 +- .../mjsunit/regress/wasm/regress-330767273.js | 23 +- .../mjsunit/regress/wasm/regress-333457544.js | 2 - .../mjsunit/regress/wasm/regress-336007398.js | 2 +- .../mjsunit/regress/wasm/regress-336214779.js | 5 +- .../mjsunit/regress/wasm/regress-336358915.js | 5 - .../mjsunit/regress/wasm/regress-336852356.js | 2 +- .../mjsunit/regress/wasm/regress-342602616.js | 12 +- .../mjsunit/regress/wasm/regress-343035068.js | 2 +- .../mjsunit/regress/wasm/regress-343917751.js | 2 +- .../mjsunit/regress/wasm/regress-344014332.js | 2 +- .../mjsunit/regress/wasm/regress-346197738.js | 2 +- .../mjsunit/regress/wasm/regress-346505953.js | 2 +- .../mjsunit/regress/wasm/regress-347914831.js | 3 +- .../mjsunit/regress/wasm/regress-349402547.js | 2 - .../mjsunit/regress/wasm/regress-349640002.js | 3 +- .../mjsunit/regress/wasm/regress-350779988.js | 4 +- .../regress/wasm/regress-352720899-2.js | 3 +- .../mjsunit/regress/wasm/regress-353582136.js | 2 +- .../mjsunit/regress/wasm/regress-353913485.js | 4 +- .../mjsunit/regress/wasm/regress-360044696.js | 6 +- .../mjsunit/regress/wasm/regress-360052650.js | 4 +- .../mjsunit/regress/wasm/regress-360700873.js | 2 +- .../mjsunit/regress/wasm/regress-361123483.js | 2 - .../mjsunit/regress/wasm/regress-361611472.js | 2 +- .../mjsunit/regress/wasm/regress-361717714.js | 2 - .../mjsunit/regress/wasm/regress-361862737.js | 2 +- .../mjsunit/regress/wasm/regress-363072477.js | 4 +- .../mjsunit/regress/wasm/regress-364312793.js | 5 +- .../mjsunit/regress/wasm/regress-364667545.js | 2 +- .../mjsunit/regress/wasm/regress-365376497.js | 2 - .../mjsunit/regress/wasm/regress-365802567.js | 15 +- .../mjsunit/regress/wasm/regress-368086282.js | 2 +- .../mjsunit/regress/wasm/regress-369533086.js | 2 - .../mjsunit/regress/wasm/regress-369652650.js | 3 +- .../mjsunit/regress/wasm/regress-372067240.js | 6 +- .../mjsunit/regress/wasm/regress-372261626.js | 2 +- .../mjsunit/regress/wasm/regress-373702823.js | 2 +- .../mjsunit/regress/wasm/regress-375270509.js | 2 +- .../mjsunit/regress/wasm/regress-377620832.js | 2 +- .../mjsunit/regress/wasm/regress-379414135.js | 2 +- .../mjsunit/regress/wasm/regress-380397544.js | 4 +- .../mjsunit/regress/wasm/regress-381696874.js | 6 +- .../mjsunit/regress/wasm/regress-381917890.js | 2 +- .../mjsunit/regress/wasm/regress-382291459.js | 10 +- .../mjsunit/regress/wasm/regress-383356864.js | 4 +- .../mjsunit/regress/wasm/regress-384549252.js | 4 +- .../mjsunit/regress/wasm/regress-387055479.js | 2 +- .../mjsunit/regress/wasm/regress-390467420.js | 2 +- .../mjsunit/regress/wasm/regress-392928805.js | 2 +- .../mjsunit/regress/wasm/regress-399497254.js | 2 +- .../mjsunit/regress/wasm/regress-400852655.js | 5 +- .../mjsunit/regress/wasm/regress-40258436.js | 5 +- .../mjsunit/regress/wasm/regress-406043349.js | 2 - .../mjsunit/regress/wasm/regress-407298298.js | 2 - .../mjsunit/regress/wasm/regress-407797300.js | 2 +- .../mjsunit/regress/wasm/regress-408254017.js | 1 - .../mjsunit/regress/wasm/regress-413963387.js | 2 +- .../mjsunit/regress/wasm/regress-433984397.js | 4 +- .../mjsunit/regress/wasm/regress-434008619.js | 9 +- .../mjsunit/regress/wasm/regress-438770394.js | 2 +- .../mjsunit/regress/wasm/regress-445870128.js | 2 +- .../mjsunit/regress/wasm/regress-447613211.js | 2 +- .../mjsunit/regress/wasm/regress-451144692.js | 2 - .../mjsunit/regress/wasm/regress-452079540.js | 2 +- .../mjsunit/regress/wasm/regress-452541294.js | 2 +- .../mjsunit/regress/wasm/regress-454276076.js | 2 +- .../mjsunit/regress/wasm/regress-454363539.js | 2 +- .../mjsunit/regress/wasm/regress-455711115.js | 3 +- .../mjsunit/regress/wasm/regress-470127856.js | 7 +- .../mjsunit/regress/wasm/regress-471380636.js | 9 +- .../mjsunit/regress/wasm/regress-474491347.js | 7 +- .../mjsunit/regress/wasm/regress-482759504.js | 22 + .../mjsunit/regress/wasm/regress-483269968.js | 42 + .../mjsunit/regress/wasm/regress-483643012.js | 13 + .../mjsunit/regress/wasm/regress-484405356.js | 22 + .../mjsunit/regress/wasm/regress-484499097.js | 15 + .../mjsunit/regress/wasm/regress-487444465.js | 17 + .../mjsunit/regress/wasm/regress-487750545.js | 16 + .../mjsunit/regress/wasm/regress-488089242.js | 45 + .../mjsunit/regress/wasm/regress-488790214.js | 59 + .../mjsunit/regress/wasm/regress-488943662.js | 26 + .../mjsunit/regress/wasm/regress-489029655.js | 11 + .../mjsunit/regress/wasm/regress-489109716.js | 67 + .../mjsunit/regress/wasm/regress-489349562.js | 60 + .../mjsunit/regress/wasm/regress-490877756.js | 35 + .../mjsunit/regress/wasm/regress-490877757.js | 35 + .../mjsunit/regress/wasm/regress-490877758.js | 28 + .../mjsunit/regress/wasm/regress-490970052.js | 9 + .../mjsunit/regress/wasm/regress-491696923.js | 90 + .../mjsunit/regress/wasm/regress-493088266.js | 24 + .../mjsunit/regress/wasm/regress-493099941.js | 78 + .../mjsunit/regress/wasm/regress-493171989.js | 34 + .../mjsunit/regress/wasm/regress-493307331.js | 8 + .../mjsunit/regress/wasm/regress-493314948.js | 50 + .../mjsunit/regress/wasm/regress-493319628.js | 36 + .../mjsunit/regress/wasm/regress-493430818.js | 40 + .../mjsunit/regress/wasm/regress-493521637.js | 18 + .../mjsunit/regress/wasm/regress-493521807.js | 75 + .../mjsunit/regress/wasm/regress-493529579.js | 32 + .../mjsunit/regress/wasm/regress-493646648.js | 18 + .../mjsunit/regress/wasm/regress-493905761.js | 52 + .../mjsunit/regress/wasm/regress-495503265.js | 19 + .../mjsunit/regress/wasm/regress-496628168.js | 14 + .../mjsunit/regress/wasm/regress-497330272.js | 25 + .../mjsunit/regress/wasm/regress-497404188.js | 92 + .../mjsunit/regress/wasm/regress-502030575.js | 50 + .../mjsunit/regress/wasm/regress-863810.js | 2 +- .../test/mjsunit/regress/wasm/regress-9017.js | 2 - .../test/mjsunit/regress/wasm/regress-9759.js | 2 +- .../regress/wasm/regress-crbug-1339321.js | 2 +- .../regress/wasm/regress-crbug-1463232.js | 14 +- .../regress/wasm/regress-crbug-1464604.js | 2 - .../regress/wasm/regress-crbug-1465386.js | 2 - .../regress/wasm/regress-crbug-1466312.js | 8 +- .../regress/wasm/regress-crbug-1491815.js | 2 - .../regress/wasm/regress-crbug-1520130.js | 2 - .../regress/wasm/regress-inlining-throw.js | 6 +- .../regress/wasm/regress-simd-391916477.js | 2 - .../regress/wasm/regress-simd-396460489.js | 2 +- .../regress/wasm/regress-simd-458024245.js | 2 +- .../regress-struct-set-into-unreachable.js | 10 +- .../mjsunit/regress/wasm/regress-v8-14710.js | 2 +- .../wasm/wasm-typer-incompatible-ref-cast.js | 6 +- .../basic-hardware-watchpoints.js | 2 +- .../hardware-watchpoints/regress-486705321.js | 9 + .../sandbox/liftoff-wasmarray-i64-indexing.js | 6 +- .../test/mjsunit/sandbox/regress-488362583.js | 60 + .../test/mjsunit/sandbox/regress-488651088.js | 28 + .../test/mjsunit/sandbox/regress-488927521.js | 75 + .../test/mjsunit/sandbox/regress-490769268.js | 40 + .../test/mjsunit/sandbox/regress-496618662.js | 33 + .../test/mjsunit/sandbox/regress-496807861.js | 24 + .../test/mjsunit/sandbox/regress-501147587.js | 71 + .../sandbox/regress/regress-392180065.js | 2 +- .../sandbox/regress/regress-454734141.js | 2 +- .../sandbox/regress/regress-469759459.js | 2 +- .../shared-memory/regress-488754149.js | 30 + .../v8/test/mjsunit/string-external-cached.js | 4 +- .../mjsunit/tools/foozzie_arch_specific.js | 3 + .../phi-untagging-conversions-truncation.js | 12 +- .../mjsunit/turbolev/regress-479549166.js | 22 + .../mjsunit/turbolev/regress-482084211.js | 20 + .../mjsunit/turbolev/regress-484527367.js | 28 + .../mjsunit/turbolev/regress-485478594.js | 20 + .../mjsunit/turbolev/regress-485535276.js | 26 + .../mjsunit/turbolev/regress-487646536.js | 26 + .../mjsunit/turbolev/regress-488090094.js | 23 + .../mjsunit/turbolev/regress-488790215.js | 27 + .../mjsunit/turbolev/regress-489193276.js | 18 + .../mjsunit/turbolev/regress-489689984.js | 21 + .../mjsunit/turbolev/regress-490450922-1.js | 20 + .../mjsunit/turbolev/regress-490450922-2.js | 31 + .../mjsunit/turbolev/regress-490450922-3.js | 35 + .../mjsunit/turbolev/regress-491466705.js | 93 + .../mjsunit/turbolev/regress-492046462.js | 17 + .../mjsunit/turbolev/regress-493319584.js | 32 + .../mjsunit/turbolev/regress-494058284.js | 89 + .../mjsunit/turbolev/regress-499934837.js | 26 + .../super-try-catch-derived-constructor.js | 17 + .../typedarray-with-resizable-buffer.js | 119 + .../mjsunit/wasm/array-bulk-operations.js | 20 +- .../test/mjsunit/wasm/array-copy-benchmark.js | 8 +- .../v8/test/mjsunit/wasm/array-copy-errors.js | 2 +- deps/v8/test/mjsunit/wasm/array-fill-gc.js | 2 +- .../mjsunit/wasm/array-init-from-segment.js | 16 +- deps/v8/test/mjsunit/wasm/bigint-opt.js | 2 +- .../mjsunit/wasm/call-indirect-null-check.js | 25 + deps/v8/test/mjsunit/wasm/call-ref.js | 6 +- deps/v8/test/mjsunit/wasm/call_indirect.js | 2 +- deps/v8/test/mjsunit/wasm/compact-imports.js | 168 ++ .../wasm/compiled-module-serialization.js | 49 + .../wasm/custom-descriptors-inlining.js | 15 +- .../mjsunit/wasm/custom-descriptors-oom.js | 85 + .../wasm/deopt/deopt-many-params-tagged.js | 4 +- .../mjsunit/wasm/deopt/deopt-many-results.js | 2 +- .../deopt/deopt-untagged-parameters-s128.js | 2 +- .../wasm/deopt/deopt-untagged-parameters.js | 3 +- deps/v8/test/mjsunit/wasm/exceptions-api.js | 10 + deps/v8/test/mjsunit/wasm/exceptions-gc.js | 4 +- deps/v8/test/mjsunit/wasm/exnref-api.js | 4 +- deps/v8/test/mjsunit/wasm/exnref-global.js | 2 - deps/v8/test/mjsunit/wasm/exnref-rethrow.js | 4 +- deps/v8/test/mjsunit/wasm/exnref.js | 2 +- deps/v8/test/mjsunit/wasm/gc-casts-exnref.js | 2 +- .../v8/test/mjsunit/wasm/gc-casts-from-any.js | 7 +- deps/v8/test/mjsunit/wasm/gc-casts-invalid.js | 15 +- .../v8/test/mjsunit/wasm/gc-casts-subtypes.js | 13 +- .../mjsunit/wasm/gc-js-interop-helpers.js | 2 +- deps/v8/test/mjsunit/wasm/gc-nominal.js | 9 +- deps/v8/test/mjsunit/wasm/gc-null-traps.js | 4 +- .../mjsunit/wasm/gc-optimization-array-get.js | 5 +- deps/v8/test/mjsunit/wasm/gc-optimizations.js | 58 +- deps/v8/test/mjsunit/wasm/gc-ref-eq.js | 2 +- .../test/mjsunit/wasm/gc-typecheck-reducer.js | 2 - .../wasm/grow-huge-memory-resizable-buffer.js | 2 +- .../grow-memory-detaching-resizable-buffer.js | 2 - .../grow-memory-in-branch-resizable-buffer.js | 2 +- .../grow-memory-in-call-resizable-buffer.js | 2 +- .../grow-memory-in-loop-resizable-buffer.js | 2 +- .../wasm/grow-memory-resizable-buffer.js | 2 +- deps/v8/test/mjsunit/wasm/grow-memory.js | 21 + .../grow-shared-memory-resizable-buffer.js | 59 +- .../test/mjsunit/wasm/grow-shared-memory.js | 48 + deps/v8/test/mjsunit/wasm/growable-stacks.js | 2 +- deps/v8/test/mjsunit/wasm/half-shuffles.js | 2 - .../mjsunit/wasm/imported-strings-invalid.js | 18 +- .../mjsunit/wasm/imported-strings-utf8.js | 6 +- deps/v8/test/mjsunit/wasm/imported-strings.js | 2 +- .../wasm/indirect-call-non-zero-table.js | 4 +- deps/v8/test/mjsunit/wasm/indirect-calls.js | 4 +- deps/v8/test/mjsunit/wasm/indirect-tables.js | 11 +- .../v8/test/mjsunit/wasm/interleaved-loads.js | 1 - .../mjsunit/wasm/js-wrapper-typechecks.js | 2 - deps/v8/test/mjsunit/wasm/jspi-export.js | 1 - deps/v8/test/mjsunit/wasm/jspi-no-stress.js | 5 +- deps/v8/test/mjsunit/wasm/jspi-notraps.js | 2 - deps/v8/test/mjsunit/wasm/liftoff-debug.js | 2 +- deps/v8/test/mjsunit/wasm/load-immutable.js | 4 +- deps/v8/test/mjsunit/wasm/load-shift32.js | 79 + .../wasm/log-wasm-to-js-wrapper-callref.js | 29 +- .../wasm/log-wasm-to-js-wrapper-indirect.js | 29 +- deps/v8/test/mjsunit/wasm/loop-rotation.js | 2 +- deps/v8/test/mjsunit/wasm/loop-unrolling.js | 1 - .../test/mjsunit/wasm/memory-copy-inline.js | 2 - ...ble-buffer-array-concat-dictionary-mode.js | 1 - .../memory-resizable-buffer-array-concat.js | 1 - .../memory-resizable-buffer-array-filter.js | 1 - ...esizable-buffer-array-flat-flatmap-from.js | 1 - ...izable-buffer-array-flat-grows-detaches.js | 1 - ...ble-buffer-array-flatmap-grows-detaches.js | 1 - ...y-resizable-buffer-array-foreach-reduce.js | 1 - ...izable-buffer-array-from-grows-detaches.js | 1 - ...memory-resizable-buffer-array-pop-shift.js | 1 - ...izable-buffer-array-push-unshift-splice.js | 1 - .../memory-resizable-buffer-array-slice.js | 1 - .../wasm/memory-resizable-buffer-errors.js | 2 - .../memory-toresizable-max-byte-length.js | 2 - .../wasm/memory-toresizable-tofixedlength.js | 1 - deps/v8/test/mjsunit/wasm/memory64.js | 29 + deps/v8/test/mjsunit/wasm/mixed-eh-invalid.js | 2 - .../mjsunit/wasm/prototype-setup-builder.js | 6 +- deps/v8/test/mjsunit/wasm/quarter-shuffles.js | 268 ++ .../v8/test/mjsunit/wasm/recognize-imports.js | 2 +- .../mjsunit/wasm/redundant-shuffle-lanes.js | 316 ++ .../mjsunit/wasm/reference-globals-import.js | 28 +- .../v8/test/mjsunit/wasm/reference-globals.js | 12 +- .../wasm/reference-table-js-interop.js | 6 +- deps/v8/test/mjsunit/wasm/reference-tables.js | 22 +- .../v8/test/mjsunit/wasm/regress-367818758.js | 2 +- .../v8/test/mjsunit/wasm/regress-450652935.js | 3 +- .../v8/test/mjsunit/wasm/regress-474141354.js | 1 - .../v8/test/mjsunit/wasm/regress-488803413.js | 2 - .../v8/test/mjsunit/wasm/regress-496645739.js | 58 + .../v8/test/mjsunit/wasm/regress-497667917.js | 44 + deps/v8/test/mjsunit/wasm/resume-throw.js | 117 +- ...tructions.js => acq-rel-load-and-store.js} | 0 .../acq-rel-rmw-operations.js | 246 ++ .../array-atomic-rmw-load-elimination.js | 2 +- .../wasm/shared-everything/array-new-elem.js | 2 +- .../shared-everything/atomic-instructions.js | 27 +- .../mjsunit/wasm/shared-everything/basic.js | 36 +- .../gc-casts-shared-to-unshared.js | 6 +- .../gc-casts-subtypes-shared.js | 16 +- .../wasm/shared-everything/post-message.js | 30 +- .../shared-extended-instructions.js | 6 +- .../shared-type-with-unshared-elem.js | 6 +- .../wasm/shared-everything/spin-lock.js | 8 +- .../shared-everything/string-builtins-utf8.js | 389 +++ .../wasm/shared-everything/string-builtins.js | 564 ++++ .../mjsunit/wasm/shared-everything/strings.js | 92 + .../wasm/shared-everything/wait-queue.js | 245 ++ .../shared-everything/wrapper-type-checks.js | 9 +- ...ed-memory-resizable-buffer-array-concat.js | 1 - ...esizable-buffer-array-flat-flatmap-from.js | 1 - ...emory-resizable-buffer-array-flat-grows.js | 1 - ...ry-resizable-buffer-array-flatmap-grows.js | 1 - ...emory-resizable-buffer-array-from-grows.js | 1 - ...memory-resizable-buffer-array-pop-shift.js | 1 - ...izable-buffer-array-push-unshift-splice.js | 1 - ...red-memory-resizable-buffer-array-slice.js | 1 - .../shared-memory-resizable-buffer-errors.js | 2 - deps/v8/test/mjsunit/wasm/shuffles.js | 2 - .../test/mjsunit/wasm/simd-extract-replace.js | 18 + deps/v8/test/mjsunit/wasm/simd-reduce.js | 41 + .../mjsunit/wasm/simd-replace-lane-zero.js | 141 + .../v8/test/mjsunit/wasm/simd-rot64-no-xor.js | 96 + deps/v8/test/mjsunit/wasm/simd-xor-rot64.js | 98 + .../wasm/stack-switching-no-cont-leak.js | 83 + .../mjsunit/wasm/stack-switching-params.js | 52 + .../wasm/stack-switching-switch-loop.js | 83 + .../mjsunit/wasm/stack-switching-switch.js | 208 ++ deps/v8/test/mjsunit/wasm/stack-switching.js | 35 + .../mjsunit/wasm/stringref-array-nonetype.js | 2 +- .../mjsunit/wasm/stringref-instance-type.js | 2 +- .../test/mjsunit/wasm/stringref-memory64.js | 2 +- .../test/mjsunit/wasm/stringrefs-exec-gc.js | 12 +- deps/v8/test/mjsunit/wasm/stringrefs-exec.js | 2 +- .../test/mjsunit/wasm/stringrefs-invalid.js | 2 +- deps/v8/test/mjsunit/wasm/stringrefs-js.js | 2 +- .../mjsunit/wasm/stringrefs-regressions.js | 9 +- deps/v8/test/mjsunit/wasm/stringrefs-valid.js | 16 +- .../mjsunit/wasm/stringview-valuestack.js | 2 +- .../v8/test/mjsunit/wasm/subtyping-invalid.js | 122 +- deps/v8/test/mjsunit/wasm/table-fill.js | 2 +- .../test/mjsunit/wasm/table-grow-from-wasm.js | 4 +- .../v8/test/mjsunit/wasm/table-numeric-ops.js | 38 +- .../test/mjsunit/wasm/table64-callindirect.js | 4 +- .../wasm/turboshaft/array-new-unreachable.js | 6 +- deps/v8/test/mjsunit/wasm/turboshaft/basic.js | 3 +- .../wasm/turboshaft/br-table-analysis.js | 3 +- .../wasm/turboshaft/instruction-selection.js | 6 +- .../mjsunit/wasm/turboshaft/int64-lowering.js | 3 +- .../turboshaft/load-elimination-revisits.js | 4 +- .../wasm/turboshaft/reduction-shuffle.js | 3 +- .../wasm/turboshaft/regress-crbug-1513580.js | 2 - .../turboshaft/regress-crbug-420998402.js | 2 - .../mjsunit/wasm/type-based-optimizations.js | 28 +- .../mjsunit/wasm/type-reflection-exnref.js | 2 +- .../wasm/type-reflection-with-externref.js | 2 +- deps/v8/test/mjsunit/wasm/type-reflection.js | 2 +- .../test/mjsunit/wasm/wasm-code-coverage.js | 4 +- .../wasm/wasm-gc-externalize-internalize.js | 2 +- .../wasm/wasm-gc-inlining-load-elimination.js | 2 +- .../mjsunit/wasm/wasm-gc-inlining-nested.js | 2 +- deps/v8/test/mjsunit/wasm/wasm-gc-inlining.js | 10 +- .../test/mjsunit/wasm/wasm-gc-js-roundtrip.js | 2 +- .../wasm/wasm-inlining-catch-unreachable.js | 5 +- .../mjsunit/wasm/wasm-interpreter-memory64.js | 2 +- deps/v8/test/mjsunit/wasm/wasm-interpreter.js | 43 +- .../test/mjsunit/wasm/wasm-module-builder.js | 383 ++- .../mjsunit/wasm/wasmfx-load-elimination.js | 57 + deps/v8/test/mjsunit/wasm/wide-arithmetic.js | 150 + .../wasm/wrapper-inlining-lazy-deopt.js | 2 +- .../built-ins/RegExp/escape/surrogate-pair.js | 9 - .../local-tests/test/staging/features.txt | 29 +- deps/v8/test/test262/test262.status | 165 +- deps/v8/test/test262/testcfg.py | 4 +- deps/v8/test/unittests/BUILD.gn | 59 +- .../test/unittests/api/api-wasm-unittest.cc | 40 +- .../unittests/api/deserialize-unittest.cc | 42 +- .../api/dictionary-template-unittest.cc | 8 +- .../unittests/api/interceptor-unittest.cc | 8 +- .../test/unittests/api/v8-object-unittest.cc | 2 +- .../assembler/assembler-arm64-unittest.cc | 34 + .../assembler/assembler-x64-unittest.cc | 180 +- .../assembler/disasm-arm64-unittest.cc | 50 +- .../assembler/disasm-x64-unittest.cc | 192 ++ .../assembler/simple-riscv64-unittest.cc | 1 + deps/v8/test/unittests/base/cpu-unittest.cc | 5 +- .../test/unittests/base/logging-unittest.cc | 6 +- .../codegen/code-stub-assembler-unittest.cc | 26 +- .../codegen/safepoint-table-unittest.cc | 403 +++ ...aft-instruction-selector-arm64-unittest.cc | 356 ++- ...turboshaft-instruction-selector-unittest.h | 14 + .../unittests/compiler/compiler-unittest.cc | 2 +- .../test/unittests/compiler/revec-unittest.cc | 80 +- ...t-instruction-selector-riscv64-unittest.cc | 88 +- .../run-bytecode-graph-builder-unittest.cc | 315 +- .../load-store-address-hoisting-unittest.cc | 18 +- .../compiler/turboshaft/reducer-test.h | 31 +- .../turboshaft/typeswitch-unittest.cc | 3 + .../wasm-shuffle-reducer-unittest.cc | 353 ++- .../compiler/turboshaft/wasm-simd-unittest.cc | 177 ++ .../wasm-address-reassociation-unittest.cc | 72 +- ...shaft-instruction-selector-x64-unittest.cc | 104 +- .../debug/debug-property-iterator-unittest.cc | 2 +- .../unittests/dumpling/dumpling-unittest.cc | 842 +++++- .../execution/thread-termination-unittest.cc | 20 +- .../unittests/heap/base/bytes-unittest.cc | 5 +- .../conservative-stack-visitor-unittest.cc | 10 +- .../cpp-heap-stack-start-marker-unittest.cc | 68 + .../unified-heap-snapshot-unittest.cc | 201 +- .../heap/cppgc/allocation-unittest.cc | 10 +- .../heap/cppgc/page-memory-unittest.cc | 20 +- .../heap/cppgc/stack-start-marker-unittest.cc | 48 + .../unittests/heap/cppgc/stack-unittest.cc | 4 +- .../test/unittests/heap/gc-tracer-unittest.cc | 27 + .../unittests/heap/heap-allocator-unittest.cc | 11 +- .../heap/heap-controller-unittest.cc | 50 +- deps/v8/test/unittests/heap/heap-unittest.cc | 32 +- .../heap/inner-pointer-resolution-unittest.cc | 3 +- .../unittests/heap/local-factory-unittest.cc | 3 +- .../unittests/heap/minimal-stack-unittest.cc | 100 + .../unittests/heap/shared-heap-unittest.cc | 48 +- .../v8/test/unittests/heap/spaces-unittest.cc | 15 +- .../bytecode-array-builder-unittest.cc | 47 +- .../bytecode-expectations-printer.cc | 8 +- .../ConstVariableContextSlot.golden | 2 +- .../PrivateAccessorAccess.golden | 8 +- .../PrivateFieldSpecializedBytecode.golden | 78 + .../PrivateMethodAccess.golden | 10 +- .../StaticPrivateMethodAccess.golden | 48 +- .../constant-array-builder-unittest.cc | 54 +- .../generate-bytecode-expectations.cc | 2 +- .../interpreter/interpreter-unittest.cc | 8 +- .../unittests/numbers/conversions-unittest.cc | 18 +- .../unittests/objects/array-list-unittest.cc | 8 +- .../objects/elements-kind-unittest.cc | 30 +- .../objects/global-object-unittest.cc | 8 +- .../unittests/objects/hashcode-unittest.cc | 18 +- .../unittests/objects/managed-unittest.cc | 58 +- .../objects/module-request-unittest.cc | 33 + .../test/unittests/objects/object-unittest.cc | 22 +- .../objects/value-serializer-unittest.cc | 13 +- .../objects/wasm-backing-store-unittest.cc | 10 +- .../objects/weakarraylist-unittest.cc | 22 +- .../test/unittests/parser/parsing-unittest.cc | 70 +- .../unittests/parser/preparser-unittest.cc | 4 +- .../profiler/heap-snapshot-unittest.cc | 76 +- .../unittests/profiler/heap-snapshot-utils.cc | 50 + .../unittests/profiler/heap-snapshot-utils.h | 20 + .../v8/test/unittests/regexp/regexp-fuzzer.cc | 12 +- .../test/unittests/regexp/regexp-unittest.cc | 830 +++--- deps/v8/test/unittests/run-all-unittests.cc | 3 +- .../runtime/runtime-debug-unittest.cc | 4 +- .../sandbox/libcxx-hardening-unittest.cc | 48 + deps/v8/test/unittests/unittests.status | 7 + .../unittests/utils/bit-vector-unittest.cc | 40 + .../v8/test/unittests/utils/utils-unittest.cc | 11 +- .../wasm/compilation-hints-unittest.cc | 2 +- .../wasm/function-body-decoder-unittest.cc | 413 ++- .../unittests/wasm/leb-helper-unittest.cc | 3 - .../wasm/liftoff-register-unittests.cc | 5 +- .../unittests/wasm/module-decoder-unittest.cc | 34 +- .../wasm/signature-hashing-unittest.cc | 5 + ...imd-cross-compiler-determinism-fuzztest.cc | 541 +++- .../unittests/wasm/struct-types-unittest.cc | 21 +- .../test/unittests/wasm/subtyping-unittest.cc | 144 +- .../wasm/trap-handler-native-unittest.cc | 32 +- .../wasm/trap-handler-simulator-unittest.cc | 81 +- .../wasm/type-canonicalization-fuzztest.cc | 13 +- .../unittests/wasm/wasm-compiler-unittest.cc | 8 +- .../unittests/wasm/wasm-tracing-unittest.cc | 18 +- deps/v8/test/wasm-js/report.js | 46 +- deps/v8/test/wasm-js/testcfg.py | 10 +- deps/v8/test/wasm-js/tests.tar.gz.sha1 | 2 +- deps/v8/test/wasm-js/wasm-js.status | 13 +- deps/v8/test/wasm-spec-tests/testcfg.py | 95 +- .../v8/test/wasm-spec-tests/tests.tar.gz.sha1 | 2 +- .../wasm-spec-tests/wasm-spec-tests.status | 11 +- .../fast/js/nested-object-gc-expected.txt | 32 + .../test/webkit/fast/js/nested-object-gc.js | 38 + deps/v8/third_party/abseil-cpp/BUILD.gn | 12 + .../abseil-cpp/CMake/AbseilDll.cmake | 153 +- deps/v8/third_party/abseil-cpp/CMakeLists.txt | 2 +- deps/v8/third_party/abseil-cpp/FAQ.md | 209 +- deps/v8/third_party/abseil-cpp/MODULE.bazel | 4 +- .../v8/third_party/abseil-cpp/README.chromium | 2 +- .../third_party/abseil-cpp/absl/BUILD.bazel | 6 + .../abseil-cpp/absl/base/BUILD.bazel | 58 +- .../third_party/abseil-cpp/absl/base/BUILD.gn | 28 +- .../abseil-cpp/absl/base/CMakeLists.txt | 33 +- .../abseil-cpp/absl/base/attributes.h | 84 +- .../abseil-cpp/absl/base/call_once.h | 1 + .../third_party/abseil-cpp/absl/base/casts.h | 8 +- .../abseil-cpp/absl/base/casts_test.cc | 9 +- .../third_party/abseil-cpp/absl/base/config.h | 46 +- .../abseil-cpp/absl/base/fast_type_id.h | 32 +- .../abseil-cpp/absl/base/fast_type_id_test.cc | 3 + .../absl/base/internal/hardening.cc | 46 + .../abseil-cpp/absl/base/internal/hardening.h | 63 + .../absl/base/internal/hardening_test.cc | 35 + .../abseil-cpp/absl/base/optimization.h | 2 +- .../abseil-cpp/absl/base/optimization_test.cc | 7 +- .../abseil-cpp/absl/base/options.h | 28 + .../base/{internal => }/throw_delegate.cc | 16 +- .../absl/base/{internal => }/throw_delegate.h | 18 +- .../absl/base/throw_delegate_test.cc | 47 +- .../absl/cleanup/internal/cleanup.h | 2 +- .../abseil-cpp/absl/container/BUILD.bazel | 21 +- .../abseil-cpp/absl/container/BUILD.gn | 12 +- .../abseil-cpp/absl/container/CMakeLists.txt | 6 +- .../abseil-cpp/absl/container/btree_test.cc | 6 +- .../abseil-cpp/absl/container/fixed_array.h | 6 +- .../abseil-cpp/absl/container/flat_hash_map.h | 5 + .../absl/container/flat_hash_map_test.cc | 35 +- .../abseil-cpp/absl/container/flat_hash_set.h | 5 + .../absl/container/flat_hash_set_test.cc | 32 + .../absl/container/inlined_vector.h | 7 +- .../absl/container/internal/btree_container.h | 8 +- .../absl/container/internal/common.h | 5 +- .../internal/compressed_tuple_test.cc | 20 +- .../internal/hashtable_control_bytes.h | 46 +- .../container/internal/hashtablez_sampler.cc | 1 - .../container/internal/hashtablez_sampler.h | 17 - .../internal/hashtablez_sampler_test.cc | 22 - .../absl/container/internal/raw_hash_map.h | 8 +- .../absl/container/internal/raw_hash_set.cc | 23 +- .../absl/container/internal/raw_hash_set.h | 245 +- .../internal/raw_hash_set_benchmark.cc | 3 +- .../internal/raw_hash_set_probe_benchmark.cc | 8 +- .../container/internal/raw_hash_set_test.cc | 351 ++- .../absl/container/linked_hash_map.h | 31 +- .../absl/container/linked_hash_map_test.cc | 23 + .../absl/container/linked_hash_set.h | 25 +- .../absl/container/linked_hash_set_test.cc | 30 + .../abseil-cpp/absl/container/node_hash_map.h | 5 + .../absl/container/node_hash_map_test.cc | 34 + .../abseil-cpp/absl/container/node_hash_set.h | 5 + .../absl/container/node_hash_set_test.cc | 32 + .../abseil-cpp/absl/crc/BUILD.bazel | 1 - .../third_party/abseil-cpp/absl/crc/BUILD.gn | 1 - .../abseil-cpp/absl/crc/CMakeLists.txt | 5 +- .../absl/crc/internal/cpu_detect.cc | 12 +- .../abseil-cpp/absl/crc/internal/crc.cc | 10 +- .../absl/crc/internal/crc_internal.h | 16 - .../abseil-cpp/absl/debugging/BUILD.bazel | 40 +- .../abseil-cpp/absl/debugging/BUILD.gn | 23 +- .../abseil-cpp/absl/debugging/CMakeLists.txt | 36 +- .../internal/borrowed_fixup_buffer.cc | 118 - .../internal/borrowed_fixup_buffer.h | 71 - .../internal/borrowed_fixup_buffer_test.cc | 97 - .../absl/debugging/internal/examine_stack.cc | 14 +- .../absl/debugging/internal/examine_stack.h | 5 +- .../absl/debugging/internal/symbolize.h | 56 +- .../abseil-cpp/absl/debugging/stacktrace.cc | 76 +- .../abseil-cpp/absl/debugging/stacktrace.h | 53 +- .../absl/debugging/stacktrace_test.cc | 124 - .../abseil-cpp/absl/debugging/symbolize.cc | 22 +- .../absl/debugging/symbolize_elf.inc | 98 +- .../absl/debugging/symbolize_test.cc | 43 + .../debugging/symbolize_unimplemented.inc | 8 +- .../abseil-cpp/absl/flags/BUILD.bazel | 9 +- .../abseil-cpp/absl/flags/BUILD.gn | 2 +- .../abseil-cpp/absl/flags/CMakeLists.txt | 2 +- .../abseil-cpp/absl/flags/commandlineflag.h | 14 +- .../abseil-cpp/absl/flags/flag_benchmark.cc | 10 +- .../abseil-cpp/absl/flags/flag_test.cc | 60 +- .../abseil-cpp/absl/flags/internal/flag.h | 6 +- .../abseil-cpp/absl/flags/marshalling.h | 30 +- .../abseil-cpp/absl/flags/marshalling_test.cc | 23 +- .../abseil-cpp/absl/functional/BUILD.bazel | 1 - .../abseil-cpp/absl/functional/BUILD.gn | 1 - .../abseil-cpp/absl/functional/CMakeLists.txt | 1 - .../abseil-cpp/absl/functional/bind_front.h | 6 + .../absl/functional/overload_test.cc | 26 +- .../abseil-cpp/absl/hash/BUILD.bazel | 3 +- .../third_party/abseil-cpp/absl/hash/BUILD.gn | 3 +- .../abseil-cpp/absl/hash/CMakeLists.txt | 3 +- .../abseil-cpp/absl/hash/hash_test.cc | 18 +- .../abseil-cpp/absl/hash/hash_testing.h | 11 +- .../abseil-cpp/absl/hash/internal/city.cc | 90 +- .../abseil-cpp/absl/hash/internal/hash.cc | 212 +- .../abseil-cpp/absl/hash/internal/hash.h | 66 +- .../absl/hash/internal/low_level_hash_test.cc | 37 +- .../absl/hash/internal/spy_hash_state.h | 10 +- .../abseil-cpp/absl/log/BUILD.bazel | 2 - .../third_party/abseil-cpp/absl/log/BUILD.gn | 2 - .../abseil-cpp/absl/log/CMakeLists.txt | 3 - .../abseil-cpp/absl/log/internal/BUILD.bazel | 9 +- .../abseil-cpp/absl/log/internal/BUILD.gn | 1 - .../absl/log/internal/log_message.cc | 3 +- .../absl/log/internal/structured_proto.cc | 10 +- .../absl/log/internal/structured_proto.h | 11 +- .../absl/log/internal/vlog_config.cc | 4 +- .../abseil-cpp/absl/log/log_format_test.cc | 5 +- .../abseil-cpp/absl/log/log_streamer.h | 3 +- .../abseil-cpp/absl/log/vlog_is_on_test.cc | 11 +- .../abseil-cpp/absl/memory/memory.h | 47 + .../abseil-cpp/absl/memory/memory_test.cc | 38 + .../abseil-cpp/absl/meta/BUILD.bazel | 2 + .../abseil-cpp/absl/meta/internal/requires.h | 2 +- .../abseil-cpp/absl/meta/type_traits.h | 15 - .../abseil-cpp/absl/profiling/BUILD.bazel | 4 +- .../abseil-cpp/absl/profiling/hashtable.cc | 4 - .../profiling/internal/profile_builder.cc | 65 +- .../absl/profiling/internal/profile_builder.h | 27 +- .../abseil-cpp/absl/random/CMakeLists.txt | 1 - .../absl/random/internal/BUILD.bazel | 2 +- .../abseil-cpp/absl/random/internal/BUILD.gn | 1 - .../absl/random/internal/mock_helpers.h | 13 +- .../absl/random/internal/randen_detect.cc | 12 +- .../absl/random/internal/salted_seed_seq.h | 1 + .../absl/random/internal/seed_material.cc | 8 +- .../absl/random/internal/seed_material.h | 3 +- .../abseil-cpp/absl/status/BUILD.bazel | 1 + .../abseil-cpp/absl/status/BUILD.gn | 1 + .../abseil-cpp/absl/status/CMakeLists.txt | 1 + .../absl/status/internal/status_internal.cc | 22 +- .../absl/status/internal/status_internal.h | 4 +- .../absl/status/internal/status_matchers.h | 30 +- .../abseil-cpp/absl/status/status.cc | 1 - .../abseil-cpp/absl/status/status.h | 7 +- .../abseil-cpp/absl/status/status_matchers.h | 3 +- .../absl/status/status_matchers_test.cc | 7 +- .../absl/status/status_payload_printer.h | 5 +- .../abseil-cpp/absl/status/statusor.h | 1 + .../abseil-cpp/absl/status/statusor_test.cc | 44 +- .../abseil-cpp/absl/strings/BUILD.bazel | 8 +- .../abseil-cpp/absl/strings/BUILD.gn | 12 +- .../abseil-cpp/absl/strings/CMakeLists.txt | 3 - .../abseil-cpp/absl/strings/ascii.h | 3 +- .../absl/strings/atod_manual_test.cc | 10 +- .../abseil-cpp/absl/strings/cord.cc | 8 +- .../abseil-cpp/absl/strings/cord.h | 13 +- .../abseil-cpp/absl/strings/cord_test.cc | 46 +- .../abseil-cpp/absl/strings/escaping.cc | 42 +- .../abseil-cpp/absl/strings/escaping.h | 10 +- .../absl/strings/escaping_benchmark.cc | 4 +- .../abseil-cpp/absl/strings/escaping_test.cc | 40 +- .../absl/strings/has_absl_stringify_test.cc | 4 +- .../absl/strings/has_ostream_operator_test.cc | 4 +- .../strings/internal/append_and_overwrite.h | 11 +- .../internal/damerau_levenshtein_distance.cc | 6 + .../internal/damerau_levenshtein_distance.h | 1 + .../strings/internal/resize_uninitialized.h | 50 +- .../internal/resize_uninitialized_test.cc | 57 +- .../internal/str_format/convert_test.cc | 10 +- .../internal/str_format/float_conversion.cc | 5 +- .../absl/strings/internal/str_join_internal.h | 1 - .../absl/strings/resize_and_overwrite.h | 4 +- .../abseil-cpp/absl/strings/str_cat.h | 1 - .../absl/strings/str_cat_benchmark.cc | 3 +- .../absl/synchronization/BUILD.bazel | 3 + .../abseil-cpp/absl/synchronization/mutex.h | 34 +- .../absl/synchronization/mutex_test.cc | 14 + .../abseil-cpp/absl/time/BUILD.bazel | 80 + .../third_party/abseil-cpp/absl/time/BUILD.gn | 52 + .../abseil-cpp/absl/time/CMakeLists.txt | 73 + .../third_party/abseil-cpp/absl/time/clock.h | 3 + .../abseil-cpp/absl/time/clock_interface.cc | 71 + .../abseil-cpp/absl/time/clock_interface.h | 93 + .../absl/time/clock_interface_test.cc | 128 + .../abseil-cpp/absl/time/format_test.cc | 5 + .../internal/cctz/src/time_zone_format.cc | 179 +- .../cctz/src/time_zone_format_test.cc | 85 +- .../internal/cctz/src/time_zone_name_win.cc | 3 +- .../absl/time/internal/cctz/src/tzfile.h | 25 +- .../absl/time/internal/cctz/testdata/version | 2 +- .../cctz/testdata/zoneinfo/Asia/Tbilisi | Bin 629 -> 620 bytes .../cctz/testdata/zoneinfo/Europe/Chisinau | Bin 755 -> 1207 bytes .../cctz/testdata/zoneinfo/Europe/Tiraspol | Bin 755 -> 1207 bytes .../cctz/testdata/zoneinfo/zonenow.tab | 3 - .../abseil-cpp/absl/time/simulated_clock.cc | 225 ++ .../abseil-cpp/absl/time/simulated_clock.h | 108 + .../absl/time/simulated_clock_test.cc | 614 ++++ .../abseil-cpp/absl/types/BUILD.bazel | 52 + .../abseil-cpp/absl/types/BUILD.gn | 35 + .../abseil-cpp/absl/types/CMakeLists.txt | 54 + .../abseil-cpp/absl/types/internal/span.h | 1 - .../abseil-cpp/absl/types/optional_ref.h | 294 ++ .../absl/types/optional_ref_test.cc | 370 +++ .../abseil-cpp/absl/types/source_location.h | 172 ++ .../absl/types/source_location_test.cc | 139 + .../third_party/abseil-cpp/absl/types/span.h | 25 +- ...6-undef-absl-hash-internal-has-crc32.patch | 16 + .../0007-deprecated-base64-escape.patch | 26 + .../abseil-cpp/symbols_arm64_dbg.def | 128 +- .../abseil-cpp/symbols_arm64_dbg_cxx23.def | 128 +- .../abseil-cpp/symbols_arm64_rel.def | 72 +- .../abseil-cpp/symbols_arm64_rel_cxx23.def | 72 +- .../abseil-cpp/symbols_x64_dbg.def | 183 +- .../abseil-cpp/symbols_x64_dbg_cxx23.def | 183 +- .../abseil-cpp/symbols_x64_rel.def | 75 +- .../abseil-cpp/symbols_x64_rel_asan.def | 76 +- .../abseil-cpp/symbols_x64_rel_asan_cxx23.def | 76 +- .../abseil-cpp/symbols_x64_rel_cxx23.def | 75 +- .../abseil-cpp/symbols_x86_dbg.def | 181 +- .../abseil-cpp/symbols_x86_dbg_cxx23.def | 181 +- .../abseil-cpp/symbols_x86_rel.def | 76 +- .../abseil-cpp/symbols_x86_rel_cxx23.def | 76 +- deps/v8/third_party/colorama/README.v8 | 2 +- deps/v8/third_party/dragonbox/README.v8 | 2 +- deps/v8/third_party/fast_float/README.v8 | 2 +- deps/v8/third_party/fp16/README.v8 | 2 +- .../v8/third_party/googletest/README.chromium | 2 +- deps/v8/third_party/highway/README.chromium | 2 +- .../highway/src/hwy/ops/set_macros-inl.h | 9 +- .../third_party/inspector_protocol/README.v8 | 1 + .../crdtp/json_platform_v8.cc | 5 +- deps/v8/third_party/jsoncpp/README.chromium | 3 +- deps/v8/third_party/llvm-libc/README.v8 | 2 +- .../third_party/rapidhash-v8/README.chromium | 2 +- deps/v8/third_party/simdutf/BUILD.gn | 6 + deps/v8/third_party/v8/builtins/array-sort.tq | 2 +- deps/v8/third_party/zlib/CMakeLists.txt | 394 ++- deps/v8/third_party/zlib/LICENSE | 33 +- deps/v8/third_party/zlib/README | 115 + deps/v8/third_party/zlib/README.chromium | 8 +- deps/v8/third_party/zlib/chromeconf.h | 13 +- deps/v8/third_party/zlib/compress.c | 51 +- .../third_party/zlib/contrib/minizip/Makefile | 10 +- .../zlib/contrib/minizip/README.chromium | 7 +- .../third_party/zlib/contrib/minizip/crypt.h | 11 +- .../third_party/zlib/contrib/minizip/ioapi.c | 10 +- .../third_party/zlib/contrib/minizip/ioapi.h | 16 +- .../zlib/contrib/minizip/iowin32.c | 7 +- .../zlib/contrib/minizip/iowin32.h | 7 +- .../zlib/contrib/minizip/miniunz.c | 32 +- .../zlib/contrib/minizip/minizip.c | 13 +- .../zlib/contrib/minizip/mztools.c | 10 +- .../zlib/contrib/minizip/skipset.h | 157 +- .../third_party/zlib/contrib/minizip/unzip.c | 53 +- .../third_party/zlib/contrib/minizip/unzip.h | 9 +- .../v8/third_party/zlib/contrib/minizip/zip.c | 283 +- .../v8/third_party/zlib/contrib/minizip/zip.h | 11 +- .../contrib/optimizations/inffast_chunk.c | 10 +- deps/v8/third_party/zlib/crc32.c | 166 +- deps/v8/third_party/zlib/deflate.c | 186 +- deps/v8/third_party/zlib/deflate.h | 8 +- deps/v8/third_party/zlib/doc/algorithm.txt | 209 ++ deps/v8/third_party/zlib/doc/crc-doc.1.0.pdf | Bin 0 -> 776142 bytes deps/v8/third_party/zlib/doc/rfc1950.txt | 619 ++++ deps/v8/third_party/zlib/doc/rfc1951.txt | 955 ++++++ deps/v8/third_party/zlib/doc/rfc1952.txt | 675 +++++ deps/v8/third_party/zlib/doc/txtvsbin.txt | 107 + deps/v8/third_party/zlib/examples/zpipe.c | 5 +- deps/v8/third_party/zlib/gzguts.h | 69 +- deps/v8/third_party/zlib/gzlib.c | 103 +- deps/v8/third_party/zlib/gzread.c | 298 +- deps/v8/third_party/zlib/gzwrite.c | 267 +- deps/v8/third_party/zlib/infback.c | 89 +- deps/v8/third_party/zlib/inffast.c | 13 +- deps/v8/third_party/zlib/inffixed.h | 182 +- deps/v8/third_party/zlib/inflate.c | 189 +- deps/v8/third_party/zlib/inflate.h | 2 +- deps/v8/third_party/zlib/inftrees.c | 143 +- deps/v8/third_party/zlib/inftrees.h | 4 +- .../third_party/zlib/patches/0000-build.patch | 8 +- .../zlib/patches/0004-fix-uwp.patch | 8 +- .../0008-minizip-zip-unzip-tools.patch | 22 +- .../zlib/patches/0010-cmake-enable-simd.patch | 96 - .../third_party/zlib/patches/0010-cmake.patch | 256 ++ .../zlib/patches/0011-avx512.patch | 28 - .../patches/0018-support-prefixed-zip64.patch | 6 +- .../zlib/patches/0019-fix-zip64-in-zip.patch | 37 + deps/v8/third_party/zlib/test/minigzip.c | 89 +- deps/v8/third_party/zlib/trees.c | 28 +- deps/v8/third_party/zlib/uncompr.c | 62 +- deps/v8/third_party/zlib/win32/zlib1.rc | 37 + deps/v8/third_party/zlib/zconf.h | 44 +- deps/v8/third_party/zlib/zconf.h.cmakein | 545 ---- deps/v8/third_party/zlib/zconf.h.in | 46 +- deps/v8/third_party/zlib/zlib.3 | 22 +- deps/v8/third_party/zlib/zlib.h | 311 +- deps/v8/third_party/zlib/zlib.pc.cmakein | 9 +- deps/v8/third_party/zlib/zlibConfig.cmake.in | 18 + deps/v8/third_party/zlib/zutil.c | 85 +- deps/v8/third_party/zlib/zutil.h | 99 +- .../tools/builtins-pgo/download_profiles.py | 19 +- .../builtins-pgo/download_profiles_test.py | 121 +- deps/v8/tools/builtins-pgo/get_hints.py | 25 +- deps/v8/tools/cluster_files.py | 252 ++ .../clusterfuzz/foozzie/v8_fuzz_flags.json | 8 +- .../clusterfuzz/foozzie/v8_mock_archs.js | 14 +- deps/v8/tools/clusterfuzz/js_fuzzer/corpus.js | 3 +- .../js_fuzzer/differential_script_mutator.js | 9 +- .../tools/clusterfuzz/js_fuzzer/exceptions.js | 4 + .../js_fuzzer/mutators/crossover_mutator.js | 31 +- .../mutators/memory_corruption_mutator.js | 48 + .../resources/sandbox_fuzz_library.js | 311 ++ deps/v8/tools/clusterfuzz/js_fuzzer/run.js | 5 + .../clusterfuzz/js_fuzzer/script_mutator.js | 22 + .../clusterfuzz/js_fuzzer/source_helpers.js | 11 +- .../clusterfuzz/js_fuzzer/test/helpers.js | 2 +- .../js_fuzzer/test/test_memory_corruptions.js | 39 + .../js_fuzzer/test/test_regressions.js | 14 + .../test_data/memory_corruption/input.js | 28 + .../memory_corruption/output_expected.js | 40 + .../regress/await/db/AwaitExpression/a1.json | 7 + .../test_data/regress/await/db/index.json | 3 + .../test_data/regress/await/expected.js | 31 + .../test_data/regress/await/input.js | 29 + .../v8/test/mjsunit/test1_expected.js | 4 + .../trials/clusterfuzz_trials_config.json | 11 +- deps/v8/tools/cpu.sh | 13 +- deps/v8/tools/dev/update-vscode.sh | 22 +- deps/v8/tools/gcmole/gcmole-tools.tar.gz.sha1 | 2 +- deps/v8/tools/gdbinit | 58 +- deps/v8/tools/gen-postmortem-metadata.py | 1 - deps/v8/tools/mac-nm | 4 +- deps/v8/tools/package-lock.json | 486 ++-- deps/v8/tools/profiling/linux-perf-chrome.py | 6 +- deps/v8/tools/profiling/linux-perf-d8.py | 8 +- .../v8/tools/sanitizers/tsan_suppressions.txt | 4 - deps/v8/tools/testrunner/base_runner.py | 11 +- deps/v8/tools/testrunner/build_config.py | 1 + deps/v8/tools/testrunner/local/testsuite.py | 2 +- deps/v8/tools/testrunner/local/variants.py | 202 +- deps/v8/tools/testrunner/objects/testcase.py | 13 +- deps/v8/tools/testrunner/outproc/base.py | 2 +- deps/v8/tools/testrunner/outproc/message.py | 6 +- .../tools/testrunner/standard_runner_test.py | 8 +- .../testrunner/testdata/v8_build_config.json | 3 +- deps/v8/tools/testrunner/testproc/fuzzer.py | 9 +- .../tools/testrunner/testproc/indicators.py | 2 +- .../testrunner/testproc/indicators_test.py | 87 + deps/v8/tools/turbolizer/package-lock.json | 368 ++- deps/v8/tools/turboshaft-stacktrace-filter.py | 69 + deps/v8/tools/turboshaft_type_formatter.py | 84 + .../wasm/mjsunit-module-disassembler-impl.h | 118 +- deps/v8/tools/wasm/module-inspector.cc | 26 +- deps/v8/tools/whitespace.txt | 2 +- 2556 files changed, 97599 insertions(+), 47533 deletions(-) create mode 100644 deps/v8/agents/OWNERS create mode 100644 deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md create mode 100644 deps/v8/agents/skills/torque/SKILL.md create mode 100644 deps/v8/docs/security/triaging.md create mode 100644 deps/v8/gni/cluster_build.gni delete mode 100644 deps/v8/src/base/cpu.cc create mode 100644 deps/v8/src/base/cpu/cpu-arm.cc create mode 100644 deps/v8/src/base/cpu/cpu-helper.h create mode 100644 deps/v8/src/base/cpu/cpu-loong64.cc create mode 100644 deps/v8/src/base/cpu/cpu-mips64.cc create mode 100644 deps/v8/src/base/cpu/cpu-ppc.cc create mode 100644 deps/v8/src/base/cpu/cpu-riscv.cc rename deps/v8/{test/mjsunit/debug-trace-minimal-in-print.js => src/base/cpu/cpu-s390.cc} (52%) create mode 100644 deps/v8/src/base/cpu/cpu-x86.cc create mode 100644 deps/v8/src/base/cpu/cpu.cc rename deps/v8/src/base/{ => cpu}/cpu.h (65%) create mode 100644 deps/v8/src/bigint/bigint-inl.h delete mode 100644 deps/v8/src/bigint/bitwise.cc delete mode 100644 deps/v8/src/bigint/digit-arithmetic.h create mode 100644 deps/v8/src/bigint/div-helpers-inl.h delete mode 100644 deps/v8/src/bigint/div-helpers.cc delete mode 100644 deps/v8/src/bigint/div-helpers.h delete mode 100644 deps/v8/src/bigint/mul-schoolbook.cc create mode 100644 deps/v8/src/bigint/vector-arithmetic-inl.h delete mode 100644 deps/v8/src/bigint/vector-arithmetic.cc delete mode 100644 deps/v8/src/bigint/vector-arithmetic.h create mode 100644 deps/v8/src/builtins/superspread.h create mode 100644 deps/v8/src/compiler/backend/block-position.cc create mode 100644 deps/v8/src/compiler/backend/block-position.h delete mode 100644 deps/v8/src/compiler/pair-load-store-reducer.cc delete mode 100644 deps/v8/src/compiler/pair-load-store-reducer.h rename deps/v8/src/compiler/turboshaft/{store-store-elimination-phase.cc => load-elimination-phase.cc} (66%) rename deps/v8/src/compiler/turboshaft/{optimize-phase.h => load-elimination-phase.h} (59%) rename deps/v8/src/compiler/turboshaft/{optimize-phase.cc => memory-optimization-phase.cc} (92%) rename deps/v8/src/compiler/turboshaft/{store-store-elimination-phase.h => memory-optimization-phase.h} (56%) create mode 100644 deps/v8/src/maglev/maglev-map-inference.h create mode 100644 deps/v8/src/maglev/maglev-tracer.h create mode 100644 deps/v8/src/objects/js-data-object-builder-inl.h create mode 100644 deps/v8/src/objects/js-data-object-builder.cc create mode 100644 deps/v8/src/objects/js-data-object-builder.h delete mode 100644 deps/v8/src/profiler/heap-snapshot-generator-inl.h create mode 100644 deps/v8/src/wasm/effect-handler.h create mode 100644 deps/v8/src/wasm/wasm-engine-globals.h create mode 100644 deps/v8/test/debugger/regress/regress-483851884.js create mode 100644 deps/v8/test/debugger/regress/regress-485683107.js create mode 100644 deps/v8/test/debugger/regress/regress-486383560.js create mode 100644 deps/v8/test/debugger/regress/regress-488130830.js create mode 100644 deps/v8/test/filecheck/js-wasm-wrapper-inlining-eager-deopt.js create mode 100644 deps/v8/test/filecheck/wasm-in-js-inlining-turboshaft.js create mode 100644 deps/v8/test/filecheck/wasm/crash/regress-481074858.js create mode 100644 deps/v8/test/inspector/debugger/set-breakpoint-by-url-in-broken-script-expected.txt create mode 100644 deps/v8/test/inspector/debugger/set-breakpoint-by-url-in-broken-script.js create mode 100644 deps/v8/test/inspector/devtools-session.cc create mode 100644 deps/v8/test/inspector/devtools-session.h create mode 100644 deps/v8/test/inspector/regress/regress-crbug-486927780-expected.txt create mode 100644 deps/v8/test/inspector/regress/regress-crbug-486927780.js create mode 100644 deps/v8/test/inspector/regress/regress-crbug-488754138-expected.txt create mode 100644 deps/v8/test/inspector/regress/regress-crbug-488754138.js create mode 100644 deps/v8/test/inspector/runtime/regress-488790217-expected.txt create mode 100644 deps/v8/test/inspector/runtime/regress-488790217.js delete mode 100644 deps/v8/test/intl/number-format/comma-compat-off.js delete mode 100644 deps/v8/test/intl/number-format/comma-compat-on.js delete mode 100644 deps/v8/test/intl/number-format/italian-compat-off.js delete mode 100644 deps/v8/test/intl/number-format/italian-compat-on.js create mode 100644 deps/v8/test/message/fail/iterator-zip-return-error.js create mode 100644 deps/v8/test/message/fail/iterator-zip-return-error.out delete mode 100644 deps/v8/test/message/wasm-in-js-inlining-turboshaft.js delete mode 100644 deps/v8/test/message/wasm-in-js-inlining-turboshaft.out create mode 100644 deps/v8/test/mjsunit/arbitrary-length-varargs.js create mode 100644 deps/v8/test/mjsunit/array-flat-elements-kind.js create mode 100644 deps/v8/test/mjsunit/compiler/no-fma.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-488078904.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-488925413.js create mode 100644 deps/v8/test/mjsunit/d8-builtins-not-constructors.js create mode 100644 deps/v8/test/mjsunit/d8/d8-realm-onerror.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror-arguments.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror-exception.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror-settimeout.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-check-missing-done.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-next-call.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-value-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-lazy-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-lazy-next-call.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-lazy-value-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-iterator-protocol-integrity.js create mode 100644 deps/v8/test/mjsunit/es6/weak-map-chain-linear.js create mode 100644 deps/v8/test/mjsunit/es6/weak-map-chain-nested-linear.js create mode 100644 deps/v8/test/mjsunit/harmony/iterator-zip.js create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-asm.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-swap-for-in-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-swap-for-in.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-super-property-set-exported.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-super-property-set-not-exported.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-namespace-asm.mjs create mode 100644 deps/v8/test/mjsunit/iterator-join.js create mode 100644 deps/v8/test/mjsunit/json-simd-strings.js create mode 100644 deps/v8/test/mjsunit/maglev/array-push-int32-phi.js create mode 100644 deps/v8/test/mjsunit/maglev/boolean-constructor.js create mode 100644 deps/v8/test/mjsunit/maglev/context-inverted-generator.js create mode 100644 deps/v8/test/mjsunit/maglev/context-inverted-generator2.js create mode 100644 deps/v8/test/mjsunit/maglev/reflect-apply.js create mode 100644 deps/v8/test/mjsunit/maglev/reflect-get.js create mode 100644 deps/v8/test/mjsunit/maglev/reflect-has.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-470566252.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-482545639.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-482810539.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-483423907.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-484393248.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-484911060.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-485843940.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-486530209.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-489362238.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-489369253.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-490353576.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-492245079.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-494492520.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495041650.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495751197.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495888361.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495923720.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-496074718.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-496272034.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-496627235.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-497112471.js create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-489605205.js create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-500880819.js create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-501789186.js create mode 100644 deps/v8/test/mjsunit/maglev/string-indexof-includes.js create mode 100644 deps/v8/test/mjsunit/maglev/unused-loop-phi.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/closing.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/holey.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/holey2.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/regress-494013010.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/set-regress.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/set-regress2.js create mode 100644 deps/v8/test/mjsunit/modules-eval-await.mjs create mode 100644 deps/v8/test/mjsunit/modules-namespace-super-access-tdz.mjs create mode 100644 deps/v8/test/mjsunit/modules-namespace-super-property-set.mjs create mode 100644 deps/v8/test/mjsunit/modules-namespace-super-set-tdz-with-accessor.mjs create mode 100644 deps/v8/test/mjsunit/private_fields/test_private_fields.js create mode 100644 deps/v8/test/mjsunit/queue-microtask-cross-realm-callback-report-exception.js create mode 100644 deps/v8/test/mjsunit/queue-microtask.js create mode 100644 deps/v8/test/mjsunit/regress-478205262.js create mode 100644 deps/v8/test/mjsunit/regress-491935269.js create mode 100644 deps/v8/test/mjsunit/regress-493787228.js create mode 100644 deps/v8/test/mjsunit/regress-494876356.js create mode 100644 deps/v8/test/mjsunit/regress/asm/regress-490629397.js create mode 100644 deps/v8/test/mjsunit/regress/immutable-ab-regress.js create mode 100644 deps/v8/test/mjsunit/regress/regexp-489358153.js delete mode 100644 deps/v8/test/mjsunit/regress/regress-1000635.js create mode 100644 deps/v8/test/mjsunit/regress/regress-476509600.js create mode 100644 deps/v8/test/mjsunit/regress/regress-481519344.js create mode 100644 deps/v8/test/mjsunit/regress/regress-484904778.js create mode 100644 deps/v8/test/mjsunit/regress/regress-486655252.js create mode 100644 deps/v8/test/mjsunit/regress/regress-486945364-1.js create mode 100644 deps/v8/test/mjsunit/regress/regress-486945364.js create mode 100644 deps/v8/test/mjsunit/regress/regress-487468464.js create mode 100644 deps/v8/test/mjsunit/regress/regress-487857171.js create mode 100644 deps/v8/test/mjsunit/regress/regress-488042855.js create mode 100644 deps/v8/test/mjsunit/regress/regress-489356185.js create mode 100644 deps/v8/test/mjsunit/regress/regress-489941769.js create mode 100644 deps/v8/test/mjsunit/regress/regress-490446682.js create mode 100644 deps/v8/test/mjsunit/regress/regress-490485402.js create mode 100644 deps/v8/test/mjsunit/regress/regress-490515529.js create mode 100644 deps/v8/test/mjsunit/regress/regress-491053452.js create mode 100644 deps/v8/test/mjsunit/regress/regress-491461591.js create mode 100644 deps/v8/test/mjsunit/regress/regress-491881374.js create mode 100644 deps/v8/test/mjsunit/regress/regress-492014648.js create mode 100644 deps/v8/test/mjsunit/regress/regress-493176399.js create mode 100644 deps/v8/test/mjsunit/regress/regress-493269623.js create mode 100644 deps/v8/test/mjsunit/regress/regress-493591676.mjs create mode 100644 deps/v8/test/mjsunit/regress/regress-493787222.js create mode 100644 deps/v8/test/mjsunit/regress/regress-494583765.js create mode 100644 deps/v8/test/mjsunit/regress/regress-494690599.js create mode 100644 deps/v8/test/mjsunit/regress/regress-495503057.mjs create mode 100644 deps/v8/test/mjsunit/regress/regress-495503781.js create mode 100644 deps/v8/test/mjsunit/regress/regress-498089319-2.js create mode 100644 deps/v8/test/mjsunit/regress/regress-498089319.js create mode 100644 deps/v8/test/mjsunit/regress/regress-498464176.js create mode 100644 deps/v8/test/mjsunit/regress/regress-499667401.js create mode 100644 deps/v8/test/mjsunit/regress/regress-7558019.js delete mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-335704358.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-488366773.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-488426618.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-489893167.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-490058830.js create mode 100644 deps/v8/test/mjsunit/regress/regress-temporal-zoneinfo.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-482759504.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-483269968.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-483643012.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-484405356.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-484499097.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-487444465.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-487750545.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-488089242.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-488790214.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-488943662.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-489029655.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-489109716.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-489349562.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490877756.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490877757.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490877758.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490970052.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-491696923.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493088266.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493099941.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493171989.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493307331.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493314948.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493319628.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493430818.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493521637.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493521807.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493529579.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493646648.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493905761.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-495503265.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-496628168.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-497330272.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-497404188.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-502030575.js create mode 100644 deps/v8/test/mjsunit/sandbox/hardware-watchpoints/regress-486705321.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-488362583.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-488651088.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-488927521.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-490769268.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-496618662.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-496807861.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-501147587.js create mode 100644 deps/v8/test/mjsunit/shared-memory/regress-488754149.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-479549166.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-482084211.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-484527367.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-485478594.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-485535276.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-487646536.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-488090094.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-488790215.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-489193276.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-489689984.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-490450922-1.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-490450922-2.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-490450922-3.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-491466705.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-492046462.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-493319584.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-494058284.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-499934837.js create mode 100644 deps/v8/test/mjsunit/turbolev/super-try-catch-derived-constructor.js create mode 100644 deps/v8/test/mjsunit/typedarray-with-resizable-buffer.js create mode 100644 deps/v8/test/mjsunit/wasm/call-indirect-null-check.js create mode 100644 deps/v8/test/mjsunit/wasm/compact-imports.js create mode 100644 deps/v8/test/mjsunit/wasm/custom-descriptors-oom.js create mode 100644 deps/v8/test/mjsunit/wasm/load-shift32.js create mode 100644 deps/v8/test/mjsunit/wasm/quarter-shuffles.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-496645739.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-497667917.js rename deps/v8/test/mjsunit/wasm/shared-everything/{test-acq-rel-instructions.js => acq-rel-load-and-store.js} (100%) create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/acq-rel-rmw-operations.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/string-builtins-utf8.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/string-builtins.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/strings.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/wait-queue.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-reduce.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-replace-lane-zero.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-rot64-no-xor.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-xor-rot64.js create mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-no-cont-leak.js create mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-switch-loop.js create mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-switch.js create mode 100644 deps/v8/test/mjsunit/wasm/wasmfx-load-elimination.js create mode 100644 deps/v8/test/mjsunit/wasm/wide-arithmetic.js delete mode 100644 deps/v8/test/test262/local-tests/test/staging/built-ins/RegExp/escape/surrogate-pair.js create mode 100644 deps/v8/test/unittests/codegen/safepoint-table-unittest.cc create mode 100644 deps/v8/test/unittests/heap/cppgc-js/cpp-heap-stack-start-marker-unittest.cc create mode 100644 deps/v8/test/unittests/heap/cppgc/stack-start-marker-unittest.cc create mode 100644 deps/v8/test/unittests/heap/minimal-stack-unittest.cc create mode 100644 deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateFieldSpecializedBytecode.golden create mode 100644 deps/v8/test/unittests/objects/module-request-unittest.cc create mode 100644 deps/v8/test/unittests/profiler/heap-snapshot-utils.cc create mode 100644 deps/v8/test/unittests/profiler/heap-snapshot-utils.h create mode 100644 deps/v8/test/unittests/sandbox/libcxx-hardening-unittest.cc create mode 100644 deps/v8/test/webkit/fast/js/nested-object-gc-expected.txt create mode 100644 deps/v8/test/webkit/fast/js/nested-object-gc.js create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/hardening.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/hardening.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/hardening_test.cc rename deps/v8/third_party/abseil-cpp/absl/base/{internal => }/throw_delegate.cc (93%) rename deps/v8/third_party/abseil-cpp/absl/base/{internal => }/throw_delegate.h (81%) delete mode 100644 deps/v8/third_party/abseil-cpp/absl/debugging/internal/borrowed_fixup_buffer.cc delete mode 100644 deps/v8/third_party/abseil-cpp/absl/debugging/internal/borrowed_fixup_buffer.h delete mode 100644 deps/v8/third_party/abseil-cpp/absl/debugging/internal/borrowed_fixup_buffer_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/clock_interface.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/clock_interface.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/clock_interface_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/simulated_clock.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/simulated_clock.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/simulated_clock_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/optional_ref.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/optional_ref_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/source_location.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/source_location_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/patches/0006-undef-absl-hash-internal-has-crc32.patch create mode 100644 deps/v8/third_party/abseil-cpp/patches/0007-deprecated-base64-escape.patch create mode 100644 deps/v8/third_party/zlib/README create mode 100644 deps/v8/third_party/zlib/doc/algorithm.txt create mode 100644 deps/v8/third_party/zlib/doc/crc-doc.1.0.pdf create mode 100644 deps/v8/third_party/zlib/doc/rfc1950.txt create mode 100644 deps/v8/third_party/zlib/doc/rfc1951.txt create mode 100644 deps/v8/third_party/zlib/doc/rfc1952.txt create mode 100644 deps/v8/third_party/zlib/doc/txtvsbin.txt delete mode 100644 deps/v8/third_party/zlib/patches/0010-cmake-enable-simd.patch create mode 100644 deps/v8/third_party/zlib/patches/0010-cmake.patch create mode 100644 deps/v8/third_party/zlib/patches/0019-fix-zip64-in-zip.patch create mode 100644 deps/v8/third_party/zlib/win32/zlib1.rc delete mode 100644 deps/v8/third_party/zlib/zconf.h.cmakein create mode 100644 deps/v8/third_party/zlib/zlibConfig.cmake.in create mode 100644 deps/v8/tools/cluster_files.py create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/mutators/memory_corruption_mutator.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/resources/sandbox_fuzz_library.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test/test_memory_corruptions.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/memory_corruption/input.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/memory_corruption/output_expected.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/db/AwaitExpression/a1.json create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/db/index.json create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/expected.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/input.js create mode 100644 deps/v8/tools/testrunner/testproc/indicators_test.py create mode 100755 deps/v8/tools/turboshaft-stacktrace-filter.py create mode 100644 deps/v8/tools/turboshaft_type_formatter.py diff --git a/deps/v8/.git-blame-ignore-revs b/deps/v8/.git-blame-ignore-revs index 0b12c1ac601857..98275bc6748f9a 100644 --- a/deps/v8/.git-blame-ignore-revs +++ b/deps/v8/.git-blame-ignore-revs @@ -124,3 +124,6 @@ cb67be1a3842fcf6a0da18aee444e3b7ea789e04 d1b27019d3bf86360ea838c317f8505fac6d3a7e 44fe02ced6e4c6b49d627807e3b3fd0edbbeb36e ec06bb6ce5641cf65e400ec55b7421f87d04b999 + +# Simplify variants flags +0476eb39b3c58671720d3ef78730821a5b7d93fa diff --git a/deps/v8/.gitignore b/deps/v8/.gitignore index 240c287763ca99..f912b7a087d6ca 100644 --- a/deps/v8/.gitignore +++ b/deps/v8/.gitignore @@ -62,6 +62,7 @@ /src/inspector/build/closure-compiler /src/inspector/build/closure-compiler.tar.gz /test/benchmarks/data +/test/benchmarks/JetStream3 /test/fuzzer/wasm_corpus/ /test/fuzzer/wasm_corpus.tar.gz !/test/mjsunit/tools/*.log diff --git a/deps/v8/.gn b/deps/v8/.gn index 6ead7196c515cf..0de23defb360ec 100644 --- a/deps/v8/.gn +++ b/deps/v8/.gn @@ -44,5 +44,7 @@ default_args = { # These are the list of GN files that run exec_script. This whitelist exists # to force additional review for new uses of exec_script, which is strongly # discouraged except for gypi_to_gn calls. -exec_script_allowlist = build_dotfile_settings.exec_script_allowlist + - [ "//build_overrides/build.gni" ] +exec_script_allowlist = build_dotfile_settings.exec_script_allowlist + [ + "//build_overrides/build.gni", + "//gni/cluster_build.gni", + ] diff --git a/deps/v8/AUTHORS b/deps/v8/AUTHORS index c5ed884e128c21..df2b957d6382a5 100644 --- a/deps/v8/AUTHORS +++ b/deps/v8/AUTHORS @@ -44,6 +44,7 @@ Julia Computing, Inc. <*@juliacomputing.com> CodeWeavers, Inc. <*@codeweavers.com> Alibaba, Inc. <*@alibaba-inc.com> SiFive, Inc. <*@sifive.com> +Island Technology, Inc. <*@island.io> Aapo Alasuutari Aaron Bieber @@ -131,7 +132,7 @@ Fedor Indutny Felix Geisendƶrfer Feng Yu Filipe David Manana -Florian Loitsch +Florian Loitsch Frank Lemanschik Franziska Hinkelmann Gao Sheng @@ -155,6 +156,7 @@ HuĆ”ng JĆ¹nliĆ ng HyeockJin Kim Iain Ireland Ilya Gavrilin +Ilyas Shabi Ingvar Stepanyan Ioseb Dzmanashvili Isiah Meadows @@ -165,6 +167,7 @@ James Pike Jan Krems Jan de Mooij Janusz Majnert +Jarden Xian Javad Amiri Jay Freeman Jeroen Bobbeldijk @@ -186,7 +189,7 @@ Junha Park Junming Huang Kang-Hao (Kenny) Lu Karl Skomski -Kasper Lund +Kasper Lund Keith Smiley Kenta Moriuchi Kevin Gibbons diff --git a/deps/v8/BUILD.bazel b/deps/v8/BUILD.bazel index f28fea4e8aa162..ae9c73762bef46 100644 --- a/deps/v8/BUILD.bazel +++ b/deps/v8/BUILD.bazel @@ -170,6 +170,11 @@ v8_flag( v8_flag(name = "v8_enable_experimental_tq_to_tsa") +v8_flag( + name = "v8_use_host_cpu_arm_features", + default = True, +) + # Default setting for v8_enable_maglev selects.config_setting_group( name = "maglev_by_default", @@ -521,6 +526,7 @@ v8_config( "v8_jitless": "V8_JITLESS", "v8_enable_vtunejit": "ENABLE_VTUNE_JIT_INTERFACE", "v8_enable_undefined_double": "V8_ENABLE_UNDEFINED_DOUBLE", + "v8_use_host_cpu_arm_features": "V8_USE_HOST_CPU_ARM_FEATURES", }, defines = [ "GOOGLE3", @@ -837,8 +843,9 @@ filegroup( "src/base/compiler-specific.h", "src/base/container-utils.h", "src/base/contextual.h", - "src/base/cpu.cc", - "src/base/cpu.h", + "src/base/cpu/cpu.cc", + "src/base/cpu/cpu.h", + "src/base/cpu/cpu-helper.h", "src/base/debug/stack_trace.cc", "src/base/debug/stack_trace.h", "src/base/discriminated-union.h", @@ -991,6 +998,25 @@ filegroup( "src/base/platform/platform-win32.h", "src/base/win32-headers.h", ], + }) + select({ + "@v8//bazel/config:v8_target_x64": [ + "src/base/cpu/cpu-x86.cc", + ], + "@v8//bazel/config:v8_target_ia32": [ + "src/base/cpu/cpu-x86.cc", + ], + "@v8//bazel/config:v8_target_arm64": [ + "src/base/cpu/cpu-arm.cc", + ], + "@v8//bazel/config:v8_target_arm": [ + "src/base/cpu/cpu-arm.cc", + ], + "@v8//bazel/config:v8_target_ppc64le": [ + "src/base/cpu/cpu-ppc.cc", + ], + "@v8//bazel/config:v8_target_riscv64": [ + "src/base/cpu/cpu-riscv.cc", + ], }), visibility = ["//visibility:public"], ) @@ -1479,6 +1505,7 @@ filegroup( "src/builtins/constants-table-builder.h", "src/builtins/data-view-ops.h", "src/builtins/profile-data-reader.h", + "src/builtins/superspread.h", "src/codegen/aligned-slot-allocator.cc", "src/codegen/aligned-slot-allocator.h", "src/codegen/assembler.cc", @@ -2153,6 +2180,9 @@ filegroup( "src/objects/js-collection-inl.h", "src/objects/js-collection-iterator.h", "src/objects/js-collection-iterator-inl.h", + "src/objects/js-data-object-builder.cc", + "src/objects/js-data-object-builder.h", + "src/objects/js-data-object-builder-inl.h", "src/objects/js-disposable-stack.cc", "src/objects/js-disposable-stack.h", "src/objects/js-disposable-stack-inl.h", @@ -2394,7 +2424,6 @@ filegroup( "src/profiler/heap-snapshot-common.h", "src/profiler/heap-snapshot-generator.cc", "src/profiler/heap-snapshot-generator.h", - "src/profiler/heap-snapshot-generator-inl.h", "src/profiler/output-stream-writer.h", "src/profiler/profile-generator.cc", "src/profiler/profile-generator.h", @@ -2980,6 +3009,7 @@ filegroup( "src/maglev/maglev-ir-inl.h", "src/maglev/maglev-ir.h", "src/maglev/maglev-kna-processor.h", + "src/maglev/maglev-map-inference.h", "src/maglev/maglev-node-type.h", "src/maglev/maglev-phi-representation-selector.h", "src/maglev/maglev-truncation.h", @@ -3014,6 +3044,7 @@ filegroup( "src/maglev/maglev-ir.cc", "src/maglev/maglev-node-type.cc", "src/maglev/maglev-phi-representation-selector.cc", + "src/maglev/maglev-tracer.h", "src/maglev/maglev-truncation.cc", "src/maglev/maglev-pipeline-statistics.cc", "src/maglev/maglev-range-verification.cc", @@ -3099,6 +3130,7 @@ filegroup( "src/wasm/constant-expression-interface.cc", "src/wasm/constant-expression-interface.h", "src/wasm/decoder.h", + "src/wasm/effect-handler.h", "src/wasm/function-body-decoder.cc", "src/wasm/function-body-decoder.h", "src/wasm/function-body-decoder-impl.h", @@ -3156,6 +3188,7 @@ filegroup( "src/wasm/wasm-disassembler.h", "src/wasm/wasm-disassembler-impl.h", "src/wasm/wasm-engine.cc", + "src/wasm/wasm-engine-globals.h", "src/wasm/wasm-engine.h", "src/wasm/wasm-export-wrapper-cache.cc", "src/wasm/wasm-export-wrapper-cache.h", @@ -3460,8 +3493,6 @@ filegroup( "src/compiler/operator-properties.h", "src/compiler/osr.cc", "src/compiler/osr.h", - "src/compiler/pair-load-store-reducer.cc", - "src/compiler/pair-load-store-reducer.h", "src/compiler/per-isolate-compiler-cache.h", "src/compiler/persistent-map.h", "src/compiler/phase.h", @@ -3601,8 +3632,8 @@ filegroup( "src/compiler/turboshaft/operations.cc", "src/compiler/turboshaft/operations.h", "src/compiler/turboshaft/opmasks.h", - "src/compiler/turboshaft/optimize-phase.cc", - "src/compiler/turboshaft/optimize-phase.h", + "src/compiler/turboshaft/memory-optimization-phase.cc", + "src/compiler/turboshaft/memory-optimization-phase.h", "src/compiler/turboshaft/phase.cc", "src/compiler/turboshaft/phase.h", "src/compiler/turboshaft/pipelines.cc", @@ -3624,8 +3655,8 @@ filegroup( "src/compiler/turboshaft/snapshot-table.h", "src/compiler/turboshaft/snapshot-table-opindex.h", "src/compiler/turboshaft/stack-check-lowering-reducer.h", - "src/compiler/turboshaft/store-store-elimination-phase.cc", - "src/compiler/turboshaft/store-store-elimination-phase.h", + "src/compiler/turboshaft/load-elimination-phase.cc", + "src/compiler/turboshaft/load-elimination-phase.h", "src/compiler/turboshaft/store-store-elimination-reducer-inl.h", "src/compiler/turboshaft/string-escape-analysis-reducer.cc", "src/compiler/turboshaft/string-escape-analysis-reducer.h", @@ -3824,6 +3855,7 @@ filegroup( "src/maglev/maglev-register-frame-array.h", "src/maglev/maglev-phi-representation-selector.cc", "src/maglev/maglev-phi-representation-selector.h", + "src/maglev/maglev-tracer.h", "src/maglev/maglev-truncation.cc", "src/maglev/maglev-truncation.h", "src/maglev/maglev-post-hoc-optimizations-processors.h", @@ -4112,24 +4144,20 @@ filegroup( name = "v8_bigint", srcs = [ "src/bigint/bigint.h", + "src/bigint/bigint-inl.h", "src/bigint/bigint-internal.cc", "src/bigint/bigint-internal.h", - "src/bigint/bitwise.cc", - "src/bigint/digit-arithmetic.h", "src/bigint/div-barrett.cc", "src/bigint/div-burnikel.cc", - "src/bigint/div-helpers.cc", - "src/bigint/div-helpers.h", + "src/bigint/div-helpers-inl.h", "src/bigint/div-schoolbook.cc", "src/bigint/fromstring.cc", "src/bigint/mul-fft.cc", "src/bigint/mul-karatsuba.cc", - "src/bigint/mul-schoolbook.cc", "src/bigint/mul-toom.cc", "src/bigint/tostring.cc", "src/bigint/util.h", - "src/bigint/vector-arithmetic.cc", - "src/bigint/vector-arithmetic.h", + "src/bigint/vector-arithmetic-inl.h", ], ) diff --git a/deps/v8/BUILD.gn b/deps/v8/BUILD.gn index e81430fbc39392..382c7d3ed44eab 100644 --- a/deps/v8/BUILD.gn +++ b/deps/v8/BUILD.gn @@ -4,6 +4,7 @@ import("//build/config/android/config.gni") import("//build/config/arm.gni") +import("//build/config/c++/c++.gni") import("//build/config/coverage/coverage.gni") import("//build/config/dcheck_always_on.gni") import("//build/config/host_byteorder.gni") @@ -13,6 +14,7 @@ import("//build/config/sanitizers/sanitizers.gni") import("//build_overrides/build.gni") import("//third_party/icu/config.gni") +import("gni/cluster_build.gni") import("gni/snapshot_toolchain.gni") import("gni/v8.gni") @@ -223,6 +225,11 @@ declare_args() { # the `--trace-turbo` .json file from `mksnapshot`. v8_log_builtins_block_count_input = "" + # This build flag is used to enable block positioning in profile-guided + # optimization of builtins based on raw execution counts (as opposed to + # branch hints). + v8_enable_builtins_block_position = false + # This build flag is used to control whether reorder builtins according to # the call graph with C3 algorithm based builtin PGO profiling. v8_enable_builtins_reordering = true @@ -507,9 +514,25 @@ declare_args() { # Enable compilation of riscv32. v8_riscv_enable_deprecated_riscv32 = false + + # Sets the level of logging detail in V8_Fatal. + # 0: No file and line and message only if args are provided (for official + # release builds). + # 1: Message but no file or line. + # 2: Everything (file, line, message). + v8_logging_level = "" } # Derived defaults. +if (v8_logging_level == "") { + if (v8_enable_verification_features || v8_dcheck_always_on) { + v8_logging_level = 2 + } else if (is_official_build) { + v8_logging_level = 0 + } else { + v8_logging_level = 1 + } +} if (cppgc_enable_verify_heap == "") { cppgc_enable_verify_heap = v8_enable_verification_features || v8_dcheck_always_on @@ -786,9 +809,16 @@ assert(!v8_enable_pointer_compression_8gb || v8_enable_pointer_compression, assert(!v8_enable_sandbox || v8_enable_external_code_space, "The sandbox requires the external code space") +assert(!v8_enable_sandbox || use_safe_libcxx, + "The sandbox requires libc++ hardening") + assert(!v8_enable_memory_corruption_api || v8_enable_sandbox, "The Memory Corruption API requires the sandbox") +assert( + !v8_enable_memory_corruption_api || !is_lsan, + "The Memory Corruption API cannot be enabled together with LSan as both attach to the d8 process via ptrace") + assert(!v8_enable_sandbox_hardware_support || v8_enable_sandbox, "The sandbox must be enabled to enable sandbox hardware support") @@ -1017,6 +1047,8 @@ external_v8_defines = [ "V8_TARGET_OS_CHROMEOS", "V8_TARGET_ARCH_ARM64", "V8_TARGET_ARCH_PPC64", + "V8_TARGET_ARCH_MIPS64", + "V8_TARGET_ARCH_LOONG64", ] enabled_external_v8_defines = [ @@ -1109,6 +1141,10 @@ if (v8_current_cpu == "arm64") { enabled_external_v8_defines += [ "V8_TARGET_ARCH_ARM64" ] } else if (v8_current_cpu == "ppc64") { enabled_external_v8_defines += [ "V8_TARGET_ARCH_PPC64" ] +} else if (v8_current_cpu == "mips64el") { + enabled_external_v8_defines += [ "V8_TARGET_ARCH_MIPS64" ] +} else if (v8_current_cpu == "loong64") { + enabled_external_v8_defines += [ "V8_TARGET_ARCH_LOONG64" ] } disabled_external_v8_defines = external_v8_defines - enabled_external_v8_defines @@ -1198,8 +1234,10 @@ config("features") { # Only targets in this file and its subdirs can depend on this. visibility = [ "./*" ] - defines = - [ "V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=${v8_typed_array_max_size_in_heap}" ] + defines = [ + "V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=${v8_typed_array_max_size_in_heap}", + "V8_LOGGING_LEVEL=${v8_logging_level}", + ] configs = [ ":v8_header_features", @@ -1238,12 +1276,18 @@ config("features") { if (v8_log_builtins_block_count_input != "") { defines += [ "LOG_BUILTIN_BLOCK_COUNT" ] } + if (v8_enable_builtins_block_position) { + defines += [ "BUILTIN_BLOCK_POSITION" ] + } if (v8_enable_future) { defines += [ "V8_ENABLE_FUTURE" ] } if (v8_enable_lite_mode) { defines += [ "V8_LITE_MODE" ] } + if (v8_use_host_cpu_arm_features) { + defines += [ "V8_USE_HOST_CPU_ARM_FEATURES" ] + } if (v8_enable_seeded_array_index_hash) { defines += [ "V8_ENABLE_SEEDED_ARRAY_INDEX_HASH" ] } @@ -1379,6 +1423,9 @@ config("features") { if (v8_fuzzilli) { defines += [ "V8_FUZZILLI" ] } + if (use_chromium_fuzzilli) { + defines += [ "USE_CHROMIUM_FUZZILLI" ] + } if (v8_dumpling) { defines += [ "V8_DUMPLING" ] } @@ -1749,6 +1796,9 @@ config("toolchain") { if (is_clang) { cflags += [ "-Wunreachable-code" ] + if (v8_current_cpu != "ppc64" && v8_current_cpu != "s390x") { + cflags += [ "-Wlifetime-safety-permissive" ] + } if ((v8_current_cpu != "x64" && v8_current_cpu != "ia32") || target_os == "chromeos") { @@ -1848,10 +1898,10 @@ config("strict_warnings") { v8_current_cpu == "mips64el" || v8_current_cpu == "riscv64") { cflags += [ "-Wshorten-64-to-32" ] } - cflags += [ - "-Wmissing-field-initializers", - "-Wunnecessary-virtual-specifier", - ] + cflags += [ "-Wmissing-field-initializers" ] + if (v8_current_cpu != "ppc64" && v8_current_cpu != "s390x") { + cflags += [ "-Wunnecessary-virtual-specifier" ] + } } } @@ -1869,32 +1919,6 @@ config("always_turbofanimize") { } } -# Sanitizer defines. V8 will inherit a default `-fsanitize=array-bounds` -# from Chromium's `//build/config/`, which prevents clean usage of -# `__has_feature(undefined_behavior_sanitizer)` in the short term, -# until something like `--lie-about-ubsan-enablement=array-bounds` -# can be implemented. -# -# This config provides a clear signal of "are we sanitizing" tied to -# GN configuration. -# -# See also: https://crbug.com/386992829 -config("sanitizer_defines") { - defines = [] - if (is_asan) { - defines += [ "V8_USE_ADDRESS_SANITIZER" ] - } - if (is_hwasan) { - defines += [ "V8_USE_HWADDRESS_SANITIZER" ] - } - if (is_msan) { - defines += [ "V8_USE_MEMORY_SANITIZER" ] - } - if (is_ubsan) { - defines += [ "V8_USE_UNDEFINED_BEHAVIOR_SANITIZER" ] - } -} - ############################################################################### # Actions # @@ -2521,9 +2545,28 @@ v8_header_set("torque_runtime_support") { configs = [ ":internal_config" ] } -v8_source_set("torque_generated_initializers") { +# Build lists of torque-generated .cc and .h files for clustering +torque_csa_cc_files = [] +torque_csa_h_files = [] +torque_tsa_cc_files = [] +torque_tsa_h_files = [] +foreach(file, torque_files) { + filetq = string_replace(file, ".tq", "-tq") + torque_csa_cc_files += [ "$target_gen_dir/torque-generated/$filetq-csa.cc" ] + torque_csa_h_files += [ "$target_gen_dir/torque-generated/$filetq-csa.h" ] + if (v8_enable_experimental_tq_to_tsa) { + torque_tsa_cc_files += [ "$target_gen_dir/torque-generated/$filetq-tsa.cc" ] + torque_tsa_h_files += [ "$target_gen_dir/torque-generated/$filetq-tsa.h" ] + } +} + +v8_cluster_source_set("torque_generated_initializers") { visibility = [ ":*" ] # Only targets in this file can depend on this. + cluster_prefix = "torque-csa" + cluster_output_dir = "$target_gen_dir/torque-generated" + generated_sources = true + deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -2541,24 +2584,21 @@ v8_source_set("torque_generated_initializers") { ":v8_maybe_icu", ] - sources = [ - "$target_gen_dir/torque-generated/csa-types.h", - "$target_gen_dir/torque-generated/enum-verifiers.cc", - "$target_gen_dir/torque-generated/exported-macros-assembler.cc", - "$target_gen_dir/torque-generated/exported-macros-assembler.h", - ] - foreach(file, torque_files) { - filetq = string_replace(file, ".tq", "-tq") - sources += [ - "$target_gen_dir/torque-generated/$filetq-csa.cc", - "$target_gen_dir/torque-generated/$filetq-csa.h", - ] - if (v8_enable_experimental_tq_to_tsa) { - sources += [ - "$target_gen_dir/torque-generated/$filetq-tsa.cc", - "$target_gen_dir/torque-generated/$filetq-tsa.h", - ] - } + sources = torque_csa_cc_files + [ + "$target_gen_dir/torque-generated/csa-types.h", + "$target_gen_dir/torque-generated/enum-verifiers.cc", + "$target_gen_dir/torque-generated/exported-macros-assembler.cc", + "$target_gen_dir/torque-generated/exported-macros-assembler.h", + ] + + # Add headers (always included) + sources += torque_csa_h_files + if (v8_enable_experimental_tq_to_tsa) { + sources += torque_tsa_h_files + + # TSA cc files are not clustered yet + sources += torque_tsa_cc_files + exclude_from_cluster = torque_tsa_cc_files } configs = [ ":internal_config" ] @@ -2576,9 +2616,25 @@ v8_source_set("torque_generated_initializers") { } } -v8_source_set("torque_generated_definitions") { +# Build lists of torque-generated definition files for clustering +torque_def_cc_files = [] +torque_def_inc_files = [] +foreach(file, torque_files) { + filetq = string_replace(file, ".tq", "-tq") + torque_def_cc_files += [ "$target_gen_dir/torque-generated/$filetq.cc" ] + torque_def_inc_files += [ + "$target_gen_dir/torque-generated/$filetq-inl.inc", + "$target_gen_dir/torque-generated/$filetq.inc", + ] +} + +v8_cluster_source_set("torque_generated_definitions") { visibility = [ ":*" ] # Only targets in this file can depend on this. + cluster_prefix = "torque-def" + cluster_output_dir = "$target_gen_dir/torque-generated" + generated_sources = true + deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -2596,21 +2652,16 @@ v8_source_set("torque_generated_definitions") { ":v8_maybe_icu", ] - sources = [ - "$target_gen_dir/torque-generated/class-forward-declarations.h", - "$target_gen_dir/torque-generated/class-verifiers.cc", - "$target_gen_dir/torque-generated/class-verifiers.h", - "$target_gen_dir/torque-generated/factory.cc", - "$target_gen_dir/torque-generated/objects-printer.cc", - ] - foreach(file, torque_files) { - filetq = string_replace(file, ".tq", "-tq") - sources += [ - "$target_gen_dir/torque-generated/$filetq-inl.inc", - "$target_gen_dir/torque-generated/$filetq.cc", - "$target_gen_dir/torque-generated/$filetq.inc", - ] - } + sources = torque_def_cc_files + [ + "$target_gen_dir/torque-generated/class-forward-declarations.h", + "$target_gen_dir/torque-generated/class-verifiers.cc", + "$target_gen_dir/torque-generated/class-verifiers.h", + "$target_gen_dir/torque-generated/factory.cc", + "$target_gen_dir/torque-generated/objects-printer.cc", + ] + + # Add .inc files (always included, not compiled directly) + sources += torque_def_inc_files configs = [ ":internal_config" ] } @@ -3035,6 +3086,7 @@ action("v8_dump_build_config") { "dict_property_const_tracking=$v8_dict_property_const_tracking", "direct_handle=$v8_enable_direct_handle", "disassembler=$v8_enable_disassembler", + "dumpling=$v8_dumpling", "full_debug=$is_full_debug", "gdbjit=$v8_enable_gdbjit", "has_jitless=$v8_jitless", @@ -3177,7 +3229,7 @@ v8_source_set("v8_snapshot") { } } -v8_source_set("v8_initializers") { +v8_cluster_source_set("v8_initializers") { visibility = [ ":*", "test/cctest:*", @@ -3624,6 +3676,7 @@ v8_header_set("v8_internal_headers") { "src/builtins/constants-table-builder.h", "src/builtins/data-view-ops.h", "src/builtins/profile-data-reader.h", + "src/builtins/superspread.h", "src/codegen/aligned-slot-allocator.h", "src/codegen/assembler-arch.h", "src/codegen/assembler-inl.h", @@ -3789,7 +3842,6 @@ v8_header_set("v8_internal_headers") { "src/compiler/operator-properties.h", "src/compiler/operator.h", "src/compiler/osr.h", - "src/compiler/pair-load-store-reducer.h", "src/compiler/per-isolate-compiler-cache.h", "src/compiler/persistent-map.h", "src/compiler/phase.h", @@ -3858,6 +3910,7 @@ v8_header_set("v8_internal_headers") { "src/compiler/turboshaft/late-escape-analysis-reducer.h", "src/compiler/turboshaft/late-load-elimination-reducer.h", "src/compiler/turboshaft/layered-hash-map.h", + "src/compiler/turboshaft/load-elimination-phase.h", "src/compiler/turboshaft/load-store-simplification-reducer.h", "src/compiler/turboshaft/load-store-verification-reducer.h", "src/compiler/turboshaft/loop-finder.h", @@ -3869,11 +3922,11 @@ v8_header_set("v8_internal_headers") { "src/compiler/turboshaft/machine-lowering-reducer-inl.h", "src/compiler/turboshaft/machine-optimization-reducer.h", "src/compiler/turboshaft/maglev-assert-types-reducer.h", + "src/compiler/turboshaft/memory-optimization-phase.h", "src/compiler/turboshaft/memory-optimization-reducer.h", "src/compiler/turboshaft/operation-matcher.h", "src/compiler/turboshaft/operations.h", "src/compiler/turboshaft/opmasks.h", - "src/compiler/turboshaft/optimize-phase.h", "src/compiler/turboshaft/phase.h", "src/compiler/turboshaft/pipelines.h", "src/compiler/turboshaft/pretenuring-propagation-reducer.h", @@ -3889,7 +3942,6 @@ v8_header_set("v8_internal_headers") { "src/compiler/turboshaft/snapshot-table-opindex.h", "src/compiler/turboshaft/snapshot-table.h", "src/compiler/turboshaft/stack-check-lowering-reducer.h", - "src/compiler/turboshaft/store-store-elimination-phase.h", "src/compiler/turboshaft/store-store-elimination-reducer-inl.h", "src/compiler/turboshaft/string-escape-analysis-reducer.h", "src/compiler/turboshaft/string-view.h", @@ -4279,6 +4331,8 @@ v8_header_set("v8_internal_headers") { "src/objects/js-collection-iterator-inl.h", "src/objects/js-collection-iterator.h", "src/objects/js-collection.h", + "src/objects/js-data-object-builder-inl.h", + "src/objects/js-data-object-builder.h", "src/objects/js-disposable-stack-inl.h", "src/objects/js-disposable-stack.h", "src/objects/js-function-inl.h", @@ -4452,7 +4506,6 @@ v8_header_set("v8_internal_headers") { "src/profiler/cpu-profiler.h", "src/profiler/heap-profiler.h", "src/profiler/heap-snapshot-common.h", - "src/profiler/heap-snapshot-generator-inl.h", "src/profiler/heap-snapshot-generator.h", "src/profiler/output-stream-writer.h", "src/profiler/profile-generator-inl.h", @@ -4697,6 +4750,7 @@ v8_header_set("v8_internal_headers") { "src/maglev/maglev-ir.h", "src/maglev/maglev-kna-processor.h", "src/maglev/maglev-known-node-aspects.h", + "src/maglev/maglev-map-inference.h", "src/maglev/maglev-node-type.h", "src/maglev/maglev-phi-representation-selector.h", "src/maglev/maglev-pipeline-statistics.h", @@ -4710,6 +4764,7 @@ v8_header_set("v8_internal_headers") { "src/maglev/maglev-regalloc-data.h", "src/maglev/maglev-regalloc.h", "src/maglev/maglev-register-frame-array.h", + "src/maglev/maglev-tracer.h", "src/maglev/maglev-truncation.h", "src/maglev/maglev.h", ] @@ -4787,6 +4842,7 @@ v8_header_set("v8_internal_headers") { "src/wasm/constant-expression-interface.h", "src/wasm/constant-expression.h", "src/wasm/decoder.h", + "src/wasm/effect-handler.h", "src/wasm/function-body-decoder-impl.h", "src/wasm/function-body-decoder.h", "src/wasm/function-compiler.h", @@ -4823,6 +4879,7 @@ v8_header_set("v8_internal_headers") { "src/wasm/wasm-deopt-data.h", "src/wasm/wasm-disassembler-impl.h", "src/wasm/wasm-disassembler.h", + "src/wasm/wasm-engine-globals.h", "src/wasm/wasm-engine.h", "src/wasm/wasm-export-wrapper-cache.h", "src/wasm/wasm-external-refs.h", @@ -4876,6 +4933,10 @@ v8_header_set("v8_internal_headers") { ] } + if (v8_enable_builtins_block_position) { + sources += [ "src/compiler/backend/block-position.h" ] + } + if (v8_enable_i18n_support) { sources += [ "src/objects/intl-objects.h", @@ -5402,7 +5463,6 @@ v8_compiler_sources = [ "src/compiler/operator-properties.cc", "src/compiler/operator.cc", "src/compiler/osr.cc", - "src/compiler/pair-load-store-reducer.cc", "src/compiler/pipeline-statistics.cc", "src/compiler/pipeline.cc", "src/compiler/property-access-builder.cc", @@ -5446,21 +5506,21 @@ v8_compiler_sources = [ "src/compiler/turboshaft/instruction-selection-phase.cc", "src/compiler/turboshaft/late-escape-analysis-reducer.cc", "src/compiler/turboshaft/late-load-elimination-reducer.cc", + "src/compiler/turboshaft/load-elimination-phase.cc", "src/compiler/turboshaft/loop-finder.cc", "src/compiler/turboshaft/loop-peeling-phase.cc", "src/compiler/turboshaft/loop-unrolling-phase.cc", "src/compiler/turboshaft/loop-unrolling-reducer.cc", "src/compiler/turboshaft/machine-lowering-phase.cc", + "src/compiler/turboshaft/memory-optimization-phase.cc", "src/compiler/turboshaft/memory-optimization-reducer.cc", "src/compiler/turboshaft/operations.cc", - "src/compiler/turboshaft/optimize-phase.cc", "src/compiler/turboshaft/phase.cc", "src/compiler/turboshaft/pipelines.cc", "src/compiler/turboshaft/pretenuring-propagation-reducer.cc", "src/compiler/turboshaft/representations.cc", "src/compiler/turboshaft/sidetable.cc", "src/compiler/turboshaft/simplify-tf-loops.cc", - "src/compiler/turboshaft/store-store-elimination-phase.cc", "src/compiler/turboshaft/string-escape-analysis-reducer.cc", "src/compiler/turboshaft/turbolev-frontend-pipeline.cc", "src/compiler/turboshaft/turbolev-graph-builder.cc", @@ -5615,16 +5675,31 @@ if (v8_enable_wasm_simd256_revec) { ] } +exclude_from_compiler_cluster = [ + "src/compiler/turboshaft/turbolev-graph-builder.cc", # Slow. + "src/compiler/turboshaft/wasm-turboshaft-compiler.cc", # Pipeline::GenerateWasmCode. + "src/compiler/bytecode-analysis.cc", # Top-level 'using incl. + # 'interpreter::Register'. + "src/compiler/heap-refs.cc", # Is64() function. + "src/compiler/wasm-load-elimination.cc", # MayAlias. +] + +if (v8_enable_builtins_block_position) { + v8_compiler_sources += [ "src/compiler/backend/block-position.cc" ] +} + # The src/compiler files for use in mksnapshot. # - These might be built with additional optimizations if # v8_enable_fast_mksnapshot is set. # - We always include Turbofan even if v8_enable_turbofan is unset s.t. # builtins can be generated by mksnapshot. -v8_source_set("v8_compiler_for_mksnapshot_source_set") { +v8_cluster_source_set("v8_compiler_for_mksnapshot_source_set") { visibility = [ ":*" ] # Only targets in this file can depend on this. sources = v8_compiler_sources + exclude_from_cluster = exclude_from_compiler_cluster + public_deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -5657,7 +5732,7 @@ v8_source_set("v8_compiler_for_mksnapshot_source_set") { } # The src/compiler files with default behavior. -v8_source_set("v8_compiler") { +v8_cluster_source_set("v8_compiler") { visibility = [ ":*" ] # Only targets in this file can depend on this. if (v8_enable_turbofan) { @@ -5667,6 +5742,8 @@ v8_source_set("v8_compiler") { sources = [ "src/compiler/turbofan-disabled.cc" ] } + exclude_from_cluster = exclude_from_compiler_cluster + public_deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -5715,7 +5792,7 @@ group("v8_tracing") { } } -v8_source_set("v8_base_without_compiler") { +v8_cluster_source_set("v8_base_without_compiler") { # Only targets in this file and gcmole can depend on this. visibility = [ ":*", @@ -5725,6 +5802,24 @@ v8_source_set("v8_base_without_compiler") { # Split static libraries on windows into two. split_count = 2 + # Files excluded from clustering due to template instantiation order issues + # or because they are too large. + exclude_from_cluster = [ + "src/maglev/maglev-graph-builder.cc", + "src/maglev/maglev-ir.cc", + "src/snapshot/deserializer.cc", + "src/wasm/wasm-module.cc", + "src/heap/mark-compact.cc", # ShouldMovePage, also big. + "src/objects/intl-objects.cc", # CheckCalendar. + "src/objects/js-collator.cc", # CreateDataPropertyForOptions, also big. + "src/objects/js-display-names.cc", # CheckCalendar. + "src/objects/js-list-format.cc", + "src/objects/js-number-format.cc", # Style, also big. + "src/objects/js-temporal-objects.cc", # Unit, also big. + "src/runtime/runtime-test-wasm.cc", # WasmStackSize. + "src/sandbox/external-pointer-table.cc", # entry_spacer. + ] + sources = [ ### gcmole(all) ### "src/api/api-arguments.cc", @@ -6014,6 +6109,7 @@ v8_source_set("v8_base_without_compiler") { "src/objects/js-atomics-synchronization.cc", "src/objects/js-break-iterator.cc", "src/objects/js-collator.cc", + "src/objects/js-data-object-builder.cc", "src/objects/js-date-time-format.cc", "src/objects/js-display-names.cc", "src/objects/js-disposable-stack.cc", @@ -6724,11 +6820,10 @@ v8_source_set("v8_base_without_compiler") { if (v8_fuzzilli) { sources += [ - "src/fuzzilli/cov.cc", - "src/fuzzilli/cov.h", "src/fuzzilli/fuzzilli.cc", "src/fuzzilli/fuzzilli.h", ] + public_deps += [ ":fuzzilli_cov" ] } if (v8_dumpling) { @@ -6964,8 +7059,8 @@ v8_component("v8_libbase") { "src/base/compiler-specific.h", "src/base/container-utils.h", "src/base/contextual.h", - "src/base/cpu.cc", - "src/base/cpu.h", + "src/base/cpu/cpu.cc", + "src/base/cpu/cpu.h", "src/base/debug/stack_trace.cc", "src/base/debug/stack_trace.h", "src/base/discriminated-union.h", @@ -7097,6 +7192,22 @@ v8_component("v8_libbase") { "src/base/vlq.h", ] + if (target_cpu == "x86" || target_cpu == "x64") { + sources += [ "src/base/cpu/cpu-x86.cc" ] + } else if (target_cpu == "arm" || target_cpu == "arm64") { + sources += [ "src/base/cpu/cpu-arm.cc" ] + } else if (target_cpu == "riscv64") { + sources += [ "src/base/cpu/cpu-riscv.cc" ] + } else if (target_cpu == "loong64") { + sources += [ "src/base/cpu/cpu-loong64.cc" ] + } else if (target_cpu == "mips64" || target_cpu == "mips64el") { + sources += [ "src/base/cpu/cpu-mips64.cc" ] + } else if (target_cpu == "ppc64") { + sources += [ "src/base/cpu/cpu-ppc.cc" ] + } else if (target_cpu == "s390x") { + sources += [ "src/base/cpu/cpu-s390.cc" ] + } + configs = [ ":internal_config_base" ] public_configs = [ ":libbase_config" ] @@ -7395,22 +7506,18 @@ v8_source_set("fuzzer_support") { v8_source_set("v8_bigint") { sources = [ + "src/bigint/bigint-inl.h", "src/bigint/bigint-internal.cc", "src/bigint/bigint-internal.h", "src/bigint/bigint.h", - "src/bigint/bitwise.cc", - "src/bigint/digit-arithmetic.h", "src/bigint/div-burnikel.cc", - "src/bigint/div-helpers.cc", - "src/bigint/div-helpers.h", + "src/bigint/div-helpers-inl.h", "src/bigint/div-schoolbook.cc", "src/bigint/fromstring.cc", "src/bigint/mul-karatsuba.cc", - "src/bigint/mul-schoolbook.cc", "src/bigint/tostring.cc", "src/bigint/util.h", - "src/bigint/vector-arithmetic.cc", - "src/bigint/vector-arithmetic.h", + "src/bigint/vector-arithmetic-inl.h", ] if (v8_advanced_bigint_algorithms) { @@ -7561,7 +7668,7 @@ v8_header_set("cppgc_headers") { public_deps = [ ":v8_config_headers" ] } -v8_source_set("cppgc_base") { +v8_cluster_source_set("cppgc_base") { visibility = [ ":*" ] sources = [ @@ -7661,6 +7768,10 @@ v8_source_set("cppgc_base") { "src/heap/cppgc/write-barrier.h", ] + exclude_from_cluster = [ + "src/heap/cppgc/concurrent-marker.cc", # kDefaultDeadlineCheckInterval. + ] + if (cppgc_enable_caged_heap) { sources += [ "src/heap/cppgc/caged-heap-local-data.cc", @@ -8006,11 +8117,19 @@ group("v8_python_base") { data = [ ".vpython3" ] } +# Enable fallbacks for files that might be hard to access on Clusterfuzz. +copy("v8_clusterfuzz_fallbacks") { + testonly = true + sources = [ "test/mjsunit/wasm/wasm-module-builder.js" ] + outputs = [ "$root_out_dir/test/mjsunit/wasm/wasm-module-builder.js" ] +} + group("v8_clusterfuzz") { testonly = true deps = [ ":d8", + ":v8_clusterfuzz_fallbacks", ":v8_simple_inspector_fuzzer", "tools/clusterfuzz/trials:v8_clusterfuzz_resources", ] @@ -8697,6 +8816,24 @@ if (!build_with_chromium && v8_use_perfetto) { } } # if (!build_with_chromium && v8_use_perfetto) +if (v8_fuzzilli) { + v8_source_set("fuzzilli_cov") { + visibility = [ "*" ] + sources = [ + "src/fuzzilli/cov.cc", + "src/fuzzilli/cov.h", + ] + configs = [ + ":internal_config_base", + ":internal_config", + ] + deps = [ + ":v8_internal_headers", + ":v8_libbase", + ] + } +} + # GN evaluates each .gn file once per toolchain, so restricting to default # toolchain will ensure write_file() is called only once. if (current_toolchain == default_toolchain) { diff --git a/deps/v8/DEPS b/deps/v8/DEPS index 170b52a281c5b1..b2c1f763079317 100644 --- a/deps/v8/DEPS +++ b/deps/v8/DEPS @@ -30,6 +30,8 @@ vars = { 'checkout_instrumented_libraries': False, 'checkout_ittapi': False, + # Checkout extra benchmarks. + 'checkout_benchmarks': False, # Fetch the prebuilt binaries for llvm-cov and llvm-profdata. Needed to # process the raw profiles produced by instrumented targets (built with @@ -78,30 +80,33 @@ vars = { # This variable is overrided in Chromium's DEPS file. 'build_with_chromium': False, + # Repository URL + 'chromium_jetstream_git': 'https://chromium.googlesource.com/external/github.com/WebKit/JetStream.git', + # GN CIPD package version. - 'gn_version': 'git_revision:103f8b437f5e791e0aef9d5c372521a5d675fabb', + 'gn_version': 'git_revision:6e8dcdebbadf4f8aa75e6a4b6e0bdf89dce1513a', # ninja CIPD package version # https://chrome-infra-packages.appspot.com/p/infra/3pp/tools/ninja 'ninja_version': 'version:3@1.12.1.chromium.4', # siso CIPD package version - 'siso_version': 'git_revision:dc540b292de5e5cbfc88bbdd15b30b1634979823', + 'siso_version': 'git_revision:87bad442ede1c60700dfabef5862c4a584621734', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling Fuchsia sdk # and whatever else without interference from each other. - 'fuchsia_version': 'version:30.20251218.4.1', + 'fuchsia_version': 'version:31.20260327.5.1', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling partition_alloc_version # and whatever else without interference from each other. - 'partition_alloc_version': '936619c71ecb17c0e2482cf86be3f3f417b2f683', + 'partition_alloc_version': 'b707a2ca5567b06f4b886fbcd888dfa7e8044718', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_build-tools_version # and whatever else without interference from each other. - 'android_sdk_build-tools_version': '-jLl4Ibk_WmgTsZaP-ueQwZDhBwkWf5BsQ4UNrkzXF0C', + 'android_sdk_build-tools_version': 'febJrTgiK9s1ANoUlc4Orn3--zs9GjGCj2vQc8g7OaMC', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_emulator_version # and whatever else without interference from each other. @@ -113,18 +118,22 @@ vars = { # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_platforms_version # and whatever else without interference from each other. - 'android_sdk_platforms_version': 'gxwLT70eR_ObwZJzKK8UIS-N549yAocNTmc0JHgO7gUC', + 'android_sdk_platforms_version': 'WhtP32Q46ZHdTmgCgdauM3ws_H9iPoGKEZ_cPggcQ6wC', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_tools-lint_version # and whatever else without interference from each other. 'android_sdk_cmdline-tools_version': 'gekOVsZjseS1w9BXAT3FsoW__ByGDJYS9DgqesiwKYoC', + # Three lines of non-changing comments so that + # the commit queue can handle CLs rolling jetstream_3.0-custom_revision + # and whatever else without interference from each other. + 'jetstream_3.0-custom_revision': '2145cedef4ca2777b792cb0059d3400ee2a6153c', } deps = { 'build': - Var('chromium_url') + '/chromium/src/build.git' + '@' + '483cecced32ce8b098d65eb08eb77925afa90bec', + Var('chromium_url') + '/chromium/src/build.git' + '@' + '9b7e5bb55b71044930fcf31b3fe531ad63151813', 'buildtools': - Var('chromium_url') + '/chromium/src/buildtools.git' + '@' + '6a18683f555b4ac8b05ac8395c29c84483ac9588', + Var('chromium_url') + '/chromium/src/buildtools.git' + '@' + '22e55595e15ebbbbb4bef118d5a654b185b0b30d', 'buildtools/linux64': { 'packages': [ { @@ -165,12 +174,17 @@ deps = { 'dep_type': 'cipd', 'condition': '(host_os == "linux" or host_os == "mac" or host_os == "win") and host_cpu != "s390x" and host_os != "zos" and host_cpu != "ppc64" and (host_cpu != "arm64" or host_os == "mac")', }, + # TODO(498118202): Use checkout_benchmarks here too. 'test/benchmarks/data': Var('chromium_url') + '/v8/deps/third_party/benchmarks.git' + '@' + '05d7188267b4560491ff9155c5ee13e207ecd65f', + 'test/benchmarks/JetStream3': { + 'url': Var('chromium_jetstream_git') + '@' + Var('jetstream_3.0-custom_revision'), + 'condition': 'checkout_benchmarks', + }, 'test/mozilla/data': Var('chromium_url') + '/v8/deps/third_party/mozilla-tests.git' + '@' + 'f6c578a10ea707b1a8ab0b88943fe5115ce2b9be', 'test/test262/data': - Var('chromium_url') + '/external/github.com/tc39/test262.git' + '@' + 'dd6138f9bc1aa2c3ba9cbf54452049b9a92c4e13', + Var('chromium_url') + '/external/github.com/tc39/test262.git' + '@' + '5c8206929d81b2d3d727ca6aac56c18358c8d790', 'third_party/android_platform': { 'url': Var('chromium_url') + '/chromium/src/third_party/android_platform.git' + '@' + 'e3919359f2387399042d31401817db4a02d756ec', 'condition': 'checkout_android', @@ -178,7 +192,7 @@ deps = { 'third_party/android_sdk/public': { 'packages': [ { - 'package': 'chromium/third_party/android_sdk/public/build-tools/36.1.0', + 'package': 'chromium/third_party/android_sdk/public/build-tools/37.0.0', 'version': Var('android_sdk_build-tools_version'), }, { @@ -190,7 +204,7 @@ deps = { 'version': Var('android_sdk_platform-tools_version'), }, { - 'package': 'chromium/third_party/android_sdk/public/platforms/android-36.1', + 'package': 'chromium/third_party/android_sdk/public/platforms/android-37.0', 'version': Var('android_sdk_platforms_version'), }, { @@ -212,7 +226,7 @@ deps = { 'dep_type': 'cipd', }, 'third_party/catapult': { - 'url': Var('chromium_url') + '/catapult.git' + '@' + 'ef2533747d649df4cba6756528f68751b8523f81', + 'url': Var('chromium_url') + '/catapult.git' + '@' + '5a34891efa6e41c8aca8842386b8ee528963ffdf', 'condition': 'checkout_android', }, 'third_party/clang-format/script': @@ -226,7 +240,7 @@ deps = { 'condition': 'checkout_android', }, 'third_party/depot_tools': - Var('chromium_url') + '/chromium/tools/depot_tools.git' + '@' + '284c5ccb591c3de4e9f71be4a4beb5d1916d5383', + Var('chromium_url') + '/chromium/tools/depot_tools.git' + '@' + 'f63aa542d288ba4c73043329d097570688980df2', 'third_party/dragonbox/src': Var('chromium_url') + '/external/github.com/jk-jeon/dragonbox.git' + '@' + 'beeeef91cf6fef89a4d4ba5e95d47ca64ccb3a44', 'third_party/fp16/src': @@ -234,11 +248,11 @@ deps = { 'third_party/fast_float/src': Var('chromium_url') + '/external/github.com/fastfloat/fast_float.git' + '@' + 'cb1d42aaa1e14b09e1452cfdef373d051b8c02a4', 'third_party/fuchsia-gn-sdk': { - 'url': Var('chromium_url') + '/chromium/src/third_party/fuchsia-gn-sdk.git' + '@' + '947109b3f1f40fb060e7c91df049ee53fe89d573', + 'url': Var('chromium_url') + '/chromium/src/third_party/fuchsia-gn-sdk.git' + '@' + '2e07271b7993db4fe4d09679ad605d9740d70386', 'condition': 'checkout_fuchsia', }, 'third_party/simdutf': - Var('chromium_url') + '/chromium/src/third_party/simdutf' + '@' + '93b35aec29256f705c97f675fe4623578bd7a395', + Var('chromium_url') + '/chromium/src/third_party/simdutf' + '@' + 'f7356eed293f8208c40b3c1b344a50bd70971983', # Exists for rolling the Fuchsia SDK. Check out of the SDK should always # rely on the hook running |update_sdk.py| script below. 'third_party/fuchsia-sdk/sdk': { @@ -258,17 +272,17 @@ deps = { 'url': Var('chromium_url') + '/external/github.com/google/benchmark.git' + '@' + '188e8278990a9069ffc84441cb5a024fd0bede37', }, 'third_party/fuzztest': - Var('chromium_url') + '/chromium/src/third_party/fuzztest.git' + '@' + '3c8b741ed69e60949a481e3ff86c7933f65cfc2d', + Var('chromium_url') + '/chromium/src/third_party/fuzztest.git' + '@' + 'c30987fb83696d87a9c0bccc010c3e8fd04c4f95', 'third_party/fuzztest/src': - Var('chromium_url') + '/external/github.com/google/fuzztest.git' + '@' + '54dfec04d5c9ad1f22b08002ab6a5e2d0de77671', + Var('chromium_url') + '/external/github.com/google/fuzztest.git' + '@' + '96e0bf47f71f15c921538f6f84e84d940dd00849', 'third_party/googletest/src': Var('chromium_url') + '/external/github.com/google/googletest.git' + '@' + '4fe3307fb2d9f86d19777c7eb0e4809e9694dde7', 'third_party/highway/src': Var('chromium_url') + '/external/github.com/google/highway.git' + '@' + '84379d1c73de9681b54fbe1c035a23c7bd5d272d', 'third_party/icu': - Var('chromium_url') + '/chromium/deps/icu.git' + '@' + 'a86a32e67b8d1384b33f8fa48c83a6079b86f8cd', + Var('chromium_url') + '/chromium/deps/icu.git' + '@' + 'ee5f27adc28bd3f15b2c293f726d14d2e336cbd5', 'third_party/instrumented_libs': { - 'url': Var('chromium_url') + '/chromium/third_party/instrumented_libraries.git' + '@' + '69015643b3f68dbd438c010439c59adc52cac808', + 'url': Var('chromium_url') + '/chromium/third_party/instrumented_libraries.git' + '@' + 'e8cb570a9a2ee9128e2214c73417ad2a3c47780b', 'condition': 'checkout_instrumented_libraries', }, 'third_party/ittapi': { @@ -286,169 +300,169 @@ deps = { 'third_party/libc++abi/src': Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxxabi.git' + '@' + '8f11bb1d4438d0239d0dfc1bd9456a9f31629dda', 'third_party/libpfm4': - Var('chromium_url') + '/chromium/src/third_party/libpfm4.git' + '@' + '25c29f04c9127e1ca09e6c1181f74850aa7f118b', + Var('chromium_url') + '/chromium/src/third_party/libpfm4.git' + '@' + 'd35e15a834ad4e05ba2f0a3c1a2b76fde99a0570', 'third_party/libpfm4/src': - Var('chromium_url') + '/external/git.code.sf.net/p/perfmon2/libpfm4.git' + '@' + '964baf9d35d5f88d8422f96d8a82c672042e7064', + Var('chromium_url') + '/external/git.code.sf.net/p/perfmon2/libpfm4.git' + '@' + '977a25bb3dfe45f653a6cee71ffaae9a92fc3095', 'third_party/libunwind/src': - Var('chromium_url') + '/external/github.com/llvm/llvm-project/libunwind.git' + '@' + 'ba19d93d6d4f467fba11ff20fe2fc7c056f79345', + Var('chromium_url') + '/external/github.com/llvm/llvm-project/libunwind.git' + '@' + '092645a3fa57462b31e589cd4fc975c15aac2ed9', 'third_party/llvm-libc/src': - Var('chromium_url') + '/external/github.com/llvm/llvm-project/libc.git' + '@' + 'e81e859cfb7e78e70a58c3bfce859c509f45e1da', + Var('chromium_url') + '/external/github.com/llvm/llvm-project/libc.git' + '@' + '6b594bd5f1cdc8c599bffe9197ee4b69785fef8e', 'third_party/llvm-build/Release+Asserts': { 'dep_type': 'gcs', 'bucket': 'chromium-browser-clang', 'objects': [ { - 'object_name': 'Linux_x64/clang-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '1c3c056427ab0db261c54c8fdf7c8404ff55e3de3e550520bcb1e1660ca05aad', - 'size_bytes': 57489092, - 'generation': 1768590901063677, + 'object_name': 'Linux_x64/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '750b331006635281d7d90696629f67db748ba62004c46675eccb8af144141847', + 'size_bytes': 58029996, + 'generation': 1772218390302503, 'condition': 'host_os == "linux"', }, { - 'object_name': 'Linux_x64/clang-tidy-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': 'e3f568bd57c7ab199eb384153eea8cbe3c0e0604b2d8bbb158985647709a9a9c', - 'size_bytes': 14391456, - 'generation': 1768590901188932, + 'object_name': 'Linux_x64/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'd53439bb6ac13c8d2c30c20555ded434039802f70d4119c0138bd77d03552223', + 'size_bytes': 14392856, + 'generation': 1772218390323510, 'condition': 'host_os == "linux" and checkout_clang_tidy', }, { - 'object_name': 'Linux_x64/clangd-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '8762f3c6102eae568e3ca7a287e774514846f2bb2feda4cf7dc1c33d9f5f1c8d', - 'size_bytes': 14588900, - 'generation': 1768590901246745, + 'object_name': 'Linux_x64/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'a24613fb7afce42c076bb95d1b671ac028746b379e88070c126f0aab17a4c34e', + 'size_bytes': 14635272, + 'generation': 1772218390330947, 'condition': 'host_os == "linux" and checkout_clangd', }, { - 'object_name': 'Linux_x64/llvm-code-coverage-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '4705feac592251ad0e2e1c41c855a6ecdc728908cbb459d4f68ca57f16bc4c5e', - 'size_bytes': 2321652, - 'generation': 1768590901407256, + 'object_name': 'Linux_x64/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '8dcd816a83361b7924093ccba92dfe6bd29af2cf8af58bf7ce785b38c5027a8b', + 'size_bytes': 2328908, + 'generation': 1772218390452408, 'condition': 'host_os == "linux" and checkout_clang_coverage_tools', }, { - 'object_name': 'Linux_x64/llvmobjdump-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '39d29ab3e708bcb6485181ac03123cfa3bac5b2365d5c441ab0cf5e7b25354b6', - 'size_bytes': 5802908, - 'generation': 1768590901316435, + 'object_name': 'Linux_x64/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '0a15d6b8c2b774b0706618d2afa123b9c87af2ec12e74dc44346df4c4690b670', + 'size_bytes': 5780116, + 'generation': 1772218390340688, 'condition': '(checkout_linux or checkout_mac or checkout_android) and host_os == "linux"', }, { - 'object_name': 'Mac/clang-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '9aff2c8f9d941be0667dc3ad3d4c3591dccd70f7a3b8e80396a623364e752eeb', - 'size_bytes': 54613288, - 'generation': 1768590902935296, + 'object_name': 'Mac/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '2661847eb275079358ab186eaf7f85d6139d44c7413a731dfac7f5ed1ec34a01', + 'size_bytes': 54827776, + 'generation': 1772218392155773, 'condition': 'host_os == "mac" and host_cpu == "x64"', }, { - 'object_name': 'Mac/clang-mac-runtime-library-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '4f953afe4edebb54912719b437c78842978b0205792c069aa7529fd369d900be', - 'size_bytes': 1011040, - 'generation': 1768590912304306, + 'object_name': 'Mac/clang-mac-runtime-library-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '69918295c163ec5a20aede81d4100bbd41e01142d32e0555366bba05141f7bf2', + 'size_bytes': 1010608, + 'generation': 1772218399449599, 'condition': 'checkout_mac and not host_os == "mac"', }, { - 'object_name': 'Mac/clang-tidy-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '62033f6ff5c1ea0a18ae581edfd1178f50ede19d84675eafb640d752e26b60ae', - 'size_bytes': 14444752, - 'generation': 1768590903234647, + 'object_name': 'Mac/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'b8013fe5d2410db4f365ec8779972415d1d0a08042a3a43f823a0da712108cff', + 'size_bytes': 14280488, + 'generation': 1772218392176137, 'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clang_tidy', }, { - 'object_name': 'Mac/clangd-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '4a0365772b4eb7fe12fe595355e645f12c72255bf3f869941f2b4e5c5e2b76da', - 'size_bytes': 16398188, - 'generation': 1768590903283692, + 'object_name': 'Mac/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '508098b26e74bd7f5cdcc40a2ed2db24e2bdde15e0f1c14ce94f685f991b3dd6', + 'size_bytes': 15455912, + 'generation': 1772218392186146, 'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clangd', }, { - 'object_name': 'Mac/llvm-code-coverage-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '1c307bb206c5fc1e79deec1d12ce4ead53fa41574729deaa6d2b3a67f9540710', - 'size_bytes': 2352620, - 'generation': 1768590903522922, + 'object_name': 'Mac/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '46c33f13a68fc14005560c01a91215b5cab54c07e920a714264352e46af1350c', + 'size_bytes': 2376304, + 'generation': 1772218392292978, 'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clang_coverage_tools', }, { - 'object_name': 'Mac/llvmobjdump-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '83767300f93707ba9a40d3d7e14f1149aaf587d5c1e3ae243be8742a008e5052', - 'size_bytes': 5682364, - 'generation': 1768590903341073, + 'object_name': 'Mac/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '6a92e3f21b3a035f406313d24688bb1b312a9a0ec423ff808752b6638104aff3', + 'size_bytes': 5699700, + 'generation': 1772218392189830, 'condition': 'host_os == "mac" and host_cpu == "x64"', }, { - 'object_name': 'Mac_arm64/clang-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '5475c6c38a6199276ff173665a27ab608aadb3118ac34f1a75391ee6dc226798', - 'size_bytes': 45585568, - 'generation': 1768590913838191, + 'object_name': 'Mac_arm64/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '909be0f896bcf140c710548ccda4673c0aea2480e28d10803c19b1689b36acd5', + 'size_bytes': 45847044, + 'generation': 1772218401088162, 'condition': 'host_os == "mac" and host_cpu == "arm64"', }, { - 'object_name': 'Mac_arm64/clang-tidy-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '9893644917db71d520832ea9e276a98e2051acf53458efc6834973e076c6d36e', - 'size_bytes': 12429560, - 'generation': 1768590913986547, + 'object_name': 'Mac_arm64/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '83dc8d90529730ae503e684ea0047a0baec2b0c4a81941d1bb4196feea6ba264', + 'size_bytes': 12444972, + 'generation': 1772218401143017, 'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clang_tidy', }, { - 'object_name': 'Mac_arm64/clangd-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': 'e67cfb9503c442bd29642b3a42b36c283346371b8143c81b895684df0fb09e69', - 'size_bytes': 12817084, - 'generation': 1768590914107805, + 'object_name': 'Mac_arm64/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '3b7ff06ccd41b0a1fb165e182a35bcd74ae49172f1720cd276eb5feac0e3dd9f', + 'size_bytes': 12816980, + 'generation': 1772218401144631, 'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clangd', }, { - 'object_name': 'Mac_arm64/llvm-code-coverage-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '5f17c695f24eadcc51edc720a5b0b2f2cc36413552038d93ae2bf361667d780a', - 'size_bytes': 1978756, - 'generation': 1768590914351005, + 'object_name': 'Mac_arm64/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '67148555d00427a3eaa8aeefb8c4c4e1271d585315bdbf0d28d20fd78957e309', + 'size_bytes': 1988008, + 'generation': 1772218401224240, 'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clang_coverage_tools', }, { - 'object_name': 'Mac_arm64/llvmobjdump-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '5fd7fc88f00197a710aac7dd00a2b6947d5231c53a472ed38e1af0b9088cefc3', - 'size_bytes': 5418172, - 'generation': 1768590914206466, + 'object_name': 'Mac_arm64/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'a31075e7f46ed77c62ecec424722bec8335ef306a4701660f19b713229c49afa', + 'size_bytes': 5421552, + 'generation': 1772218401116635, 'condition': 'host_os == "mac" and host_cpu == "arm64"', }, { - 'object_name': 'Win/clang-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': 'de6622ec6d9d22b00316c47b2eb59e6cb7dbcb2d5b59f04f18c94714d0b35066', - 'size_bytes': 48839256, - 'generation': 1768590925760667, + 'object_name': 'Win/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'f2c9d2a8accf7ed2e3c19b3f67fb94e60365411a536fb9d71391dd2d4e7e14bb', + 'size_bytes': 49546756, + 'generation': 1772218410442709, 'condition': 'host_os == "win"', }, { - 'object_name': 'Win/clang-tidy-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': 'bf6f38e7f5d06c8c3eff9ba85df1ddd1006828cc72b638d22a3e7562507a8a51', - 'size_bytes': 14353272, - 'generation': 1768590926006423, + 'object_name': 'Win/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '99e00bbb404557db32df4e7a183ac520c526fe0e143ca380dfb2d0c33a2025b5', + 'size_bytes': 14462056, + 'generation': 1772218410470169, 'condition': 'host_os == "win" and checkout_clang_tidy', }, { - 'object_name': 'Win/clang-win-runtime-library-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': 'ad0dc3c686f63f40a35bd7a10f90935d08bcd9d1f23549c87cbdeb8cb503250c', - 'size_bytes': 2540656, - 'generation': 1768590935148812, + 'object_name': 'Win/clang-win-runtime-library-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '62e9c022223e0fa6ff855c25dcee524818f04c570127ed7e74895b320a10100a', + 'size_bytes': 2597584, + 'generation': 1772218417651221, 'condition': 'checkout_win and not host_os == "win"', }, { - 'object_name': 'Win/clangd-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': 'bcf731c6ce9050067212fc4164893ce768809d73732459f2c1a0ddb8f124f5f2', - 'size_bytes': 14736740, - 'generation': 1768590926034327, + 'object_name': 'Win/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '6a3ab3afb8d2e7f4a04eecd8073993586665ede3929308a0fa0119d9382b1e2d', + 'size_bytes': 14887416, + 'generation': 1772218410483998, 'condition': 'host_os == "win" and checkout_clangd', }, { - 'object_name': 'Win/llvm-code-coverage-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': 'bf86ab13e378a70f953d014cc7a37714dbaca0d8002cd638dd4d88df08231910', - 'size_bytes': 2416448, - 'generation': 1768590926285418, + 'object_name': 'Win/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '4bd610d2fbcc6e2bd8fd2df8d8c23a915373f8c987701d295314e8b33d457075', + 'size_bytes': 2479300, + 'generation': 1772218410570017, 'condition': 'host_os == "win" and checkout_clang_coverage_tools', }, { - 'object_name': 'Win/llvmobjdump-llvmorg-23-init-484-gf646b915-1.tar.xz', - 'sha256sum': '3ee3ece3cf0afa3536c39b15f818e5eab1ac4408cd31ad0ad82414d3a8aa1eca', - 'size_bytes': 5796552, - 'generation': 1768590926109316, + 'object_name': 'Win/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '2ee77b6240b76353840439b38e7009d9f1fb8e97930dbbef3b1ff805ee981c5f', + 'size_bytes': 5846184, + 'generation': 1772218410487302, 'condition': '(checkout_linux or checkout_mac or checkout_android) and host_os == "win"', }, ], @@ -472,9 +486,9 @@ deps = { 'condition': 'not build_with_chromium', }, 'third_party/perfetto': - Var('chromium_url') + '/external/github.com/google/perfetto.git' + '@' + '1d9994a93c6ada2fb261dc72984fa07683a6c86e', + Var('chromium_url') + '/external/github.com/google/perfetto.git' + '@' + '6590fe9caf7164476c046cadb14ef9c8f79283e7', 'third_party/protobuf': - Var('chromium_url') + '/chromium/src/third_party/protobuf.git' + '@' + 'ddf513ccaeed6b1316bc2029b10f4436ad297324', + Var('chromium_url') + '/chromium/src/third_party/protobuf.git' + '@' + '04bb12d7ca5e16c58b55012acb32f07c89dd4e2b', 'third_party/re2/src': Var('chromium_url') + '/external/github.com/google/re2.git' + '@' + '972a15cedd008d846f1a39b2e88ce48d7f166cbd', 'third_party/requests': { @@ -482,41 +496,41 @@ deps = { 'condition': 'checkout_android', }, 'tools/rust': - Var('chromium_url') + '/chromium/src/tools/rust' + '@' + 'd2fadac996be252abe5077583a42970163e9f2e7', + Var('chromium_url') + '/chromium/src/tools/rust' + '@' + '69bb79a132d32d67b6f6820226b02e50f1945202', 'tools/win': - Var('chromium_url') + '/chromium/src/tools/win' + '@' + 'baacfc6d5986b07abe0503216b491e234b94ba79', + Var('chromium_url') + '/chromium/src/tools/win' + '@' + 'bfff5550ec231441c314c64878d860fdb6fdf174', 'third_party/rust': - Var('chromium_url') + '/chromium/src/third_party/rust' + '@' + '30eb036e9b2f181dda31bde6f20d2a4983e380b9', + Var('chromium_url') + '/chromium/src/third_party/rust' + '@' + '2a12e46feff53058a40c57d21357279f0590a9f8', 'third_party/rust-toolchain': { 'dep_type': 'gcs', 'bucket': 'chromium-browser-clang', 'objects': [ { - 'object_name': 'Linux_x64/rust-toolchain-d2015e2359d5d0b154c2b192d4039f9b5711fcdc-4-llvmorg-23-init-484-gf646b915.tar.xz', - 'sha256sum': 'd31bf65845992926dc6dedce43348e48fd9140f5339c678974481a1e3b356da1', - 'size_bytes': 267004352, - 'generation': 1769079787385484, + 'object_name': 'Linux_x64/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': 'afbb00d27b8f9f65e6a754fb21e80dff084993285cf7f3c0020dece59c5bd67a', + 'size_bytes': 271641712, + 'generation': 1773769777991797, 'condition': 'host_os == "linux"', }, { - 'object_name': 'Mac/rust-toolchain-d2015e2359d5d0b154c2b192d4039f9b5711fcdc-4-llvmorg-23-init-484-gf646b915.tar.xz', - 'sha256sum': '0677ec808549ab845bfdbe4ff6072d41c8b4f2c3321c68a5bf95b2577372fe34', - 'size_bytes': 254470068, - 'generation': 1769079789279846, + 'object_name': 'Mac/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': '70b86e82f1cb55777d40b5828ddcb80afea49510085290424b61251d22e9f959', + 'size_bytes': 259443552, + 'generation': 1773769780408342, 'condition': 'host_os == "mac" and host_cpu == "x64"', }, { - 'object_name': 'Mac_arm64/rust-toolchain-d2015e2359d5d0b154c2b192d4039f9b5711fcdc-4-llvmorg-23-init-484-gf646b915.tar.xz', - 'sha256sum': '5977efd99f758004492f7e75879db85642c37b3882d610092200e850475b9042', - 'size_bytes': 238094236, - 'generation': 1769079791037848, + 'object_name': 'Mac_arm64/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': 'e2e19684f31b653ce9238f6303aec22576085528c294757a7157d4ab5e1926dc', + 'size_bytes': 242768940, + 'generation': 1773769782590875, 'condition': 'host_os == "mac" and host_cpu == "arm64"', }, { - 'object_name': 'Win/rust-toolchain-d2015e2359d5d0b154c2b192d4039f9b5711fcdc-4-llvmorg-23-init-484-gf646b915.tar.xz', - 'sha256sum': '0e4bd819cae4aa322a6f8667e3ff157adfb5eadb9d0daf615d5ff8202c530e6e', - 'size_bytes': 402509464, - 'generation': 1769079792946462, + 'object_name': 'Win/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': '37dd250549fed5a9765c3a88e3487409189e0c9c63b691fc77daa0b5f214bced', + 'size_bytes': 409536908, + 'generation': 1773769784773096, 'condition': 'host_os == "win"', }, ], @@ -532,13 +546,13 @@ deps = { 'condition': 'not build_with_chromium and host_cpu != "s390x" and host_os != "zos" and host_cpu != "ppc64"', }, 'third_party/zlib': - Var('chromium_url') + '/chromium/src/third_party/zlib.git'+ '@' + '980253c1cc835c893c57b5cfc10c5b942e10bc46', + Var('chromium_url') + '/chromium/src/third_party/zlib.git'+ '@' + 'b80f1d1e5256ac25f6aea3f31f13d458981cb1f9', 'tools/clang': - Var('chromium_url') + '/chromium/src/tools/clang.git' + '@' + 'd651bc848c45c945ecbc0c1a372b0b781e47c991', + Var('chromium_url') + '/chromium/src/tools/clang.git' + '@' + 'a86a254083c08ce3daf80ae02e1b27ef9397befb', 'tools/protoc_wrapper': Var('chromium_url') + '/chromium/src/tools/protoc_wrapper.git' + '@' + '3438d4183bfc7c0d6850e8b970204cc8189f0323', 'third_party/abseil-cpp': { - 'url': Var('chromium_url') + '/chromium/src/third_party/abseil-cpp.git' + '@' + '6d5ac0f7d3f0af5d13b78044fc31c793aa3549f8', + 'url': Var('chromium_url') + '/chromium/src/third_party/abseil-cpp.git' + '@' + '2a7d49fc392cad55159d68d98aa3648bc89795d3', 'condition': 'not build_with_chromium', }, 'third_party/zoslib': { diff --git a/deps/v8/GEMINI.md b/deps/v8/GEMINI.md index a05de91ed9d0dc..a034ba6c68e62a 100644 --- a/deps/v8/GEMINI.md +++ b/deps/v8/GEMINI.md @@ -167,68 +167,6 @@ Bug: 123456 - The `component` is the area of the codebase (e.g., `compiler`, `runtime`, `api`). - The `Bug:` line is important for linking to issues in the tracker at https://crbug.com/ -## Working with Torque - -Torque is a V8-specific language used to write V8 builtins and some V8 object definitions. It provides a higher-level syntax that compiles down to CSA code. - -### Key Concepts - -- **Purpose:** Simplify the creation of V8 builtins and object definitions by providing a more abstract language than writing CodeStubAssembler code directly. -- **File Extension:** `.tq` -- **Location:** Torque files are primarily located in `src/builtins` and `src/objects`. -- **Compilation:** Torque files are compiled by the `torque` compiler, which generates C++ and Code Stub Assembler (CSA) files. These generated files are placed in the `out//gen/torque-generated/` directory and then compiled as part of the normal V8 build process. - - **C++ files** `*.tq` files will generate filenames like `*-tq.inc`, `*-tq.cc`, and `*-tq-inl.inc`. Additionally, there are top-level files: - - `class-forward-declarations.h`: Forward declarations for all Torque-defined classes. - - `builtin-definitions.h`: A list of all defined builtins. - - `csa-types.h`: Type definitions for the Code Stub Assembler. - - `factory.cc` and `factory.inc`: Factory functions for creating instances of Torque-defined classes. - - `class-verifiers.h` and `.cc`: Heap object verification functions (for debug builds). - - `exported-macros-assembler.h` and `.cc`: C++ declarations and definitions for exported Torque macros. - - `objects-body-descriptors-inl.inc`: Inline definitions for object body descriptors, which define the memory layout of objects. - - `objects-printer.cc`: Object printer functions for debugging. - - `instance-types.h`: The `InstanceType` enum, used to identify object types at runtime. - - `interface-descriptors.inc`: Definitions for call interface descriptors, which manage function call conventions. - - **CSA files** These have filenames like `*-csa.cc` and `*-csa.h`. They contain the C++ code that uses the `CodeStubAssembler` API to generate the low-level implementation of builtins. - -### Syntax and Features - -- **Typescript-like Syntax:** Torque's syntax is similar to Typescript with support for functions (macros and builtins), variables, types, and control flow. -- **Macros and Builtins:** - - `macro`: Inlined functions for reusable logic. - - `builtin`: Non-inlined functions, callable from other builtins or JavaScript. -- **`extern` Keyword:** Used to call C++ defined CSA functions from Torque. This is how Torque code interfaces with the rest of the V8 codebase. -- **`transitioning` and `javascript` Keywords:** - - `transitioning`: Indicates a function can cause an object's map to change (e.g., when a property is added to a JSObject). - - `javascript`: Marks a builtin as being directly callable from JavaScript, with Javascript linkage. -- **Type System:** Torque has a strong type system that mirrors the V8 object hierarchy. This allows for compile-time type checking and safer code. -- **Labels and `goto`:** Torque uses a `labels` and `goto` system for control flow, which is particularly useful for handling exceptional cases and optimizing performance. - -### Workflow for Modifying Torque Files - -1. **Identify the relevant `.tq` file:** Builtins are in `src/builtins`, and object definitions are in `src/objects`. -2. **Modify the Torque code:** Make the necessary changes to the `.tq` file, following the existing syntax and conventions. -3. **Rebuild V8:** Run the appropriate `gm.py` command (e.g., `tools/dev/gm.py x64.release`) to recompile V8. This will automatically run the Torque compiler and build the generated C++ files. -4. **Test your changes:** Run the relevant tests to ensure that your changes are correct and have not introduced any regressions. - -### Example - -A simple Torque macro to add two SMIs might look like this: - -```torque -macro AddTwoSmis(a: Smi, b: Smi): Smi { - return a + b; -} -``` - -A more complex example showing a JavaScript-callable builtin: - -```torque -transitioning javascript builtin MyAwesomeBuiltin( - js-implicit context: NativeContext)(x: JSAny): Number { - // ... implementation ... -} -``` - ## Common Pitfalls & Best Practices - **Always format before committing:** Run `git cl format` before creating a commit to ensure your code adheres to the style guide. diff --git a/deps/v8/README.md b/deps/v8/README.md index 5c548542eeab8c..25f09faa218454 100644 --- a/deps/v8/README.md +++ b/deps/v8/README.md @@ -5,7 +5,7 @@ V8 is Google's open source JavaScript engine. V8 implements ECMAScript as specified in ECMA-262. -V8 is written in C++ and is used in Google Chrome, the open source +V8 is written in C++ and is used in Chromium, the open source browser from Google. V8 can run standalone, or can be embedded into any C++ application. diff --git a/deps/v8/RISCV_OWNERS b/deps/v8/RISCV_OWNERS index cf613e2627324f..a8e379d1dfa193 100644 --- a/deps/v8/RISCV_OWNERS +++ b/deps/v8/RISCV_OWNERS @@ -1,3 +1,3 @@ -kasperl@rivosinc.com +kasperl@meta.com qiuji@iscas.ac.cn yahan@iscas.ac.cn diff --git a/deps/v8/agents/OWNERS b/deps/v8/agents/OWNERS new file mode 100644 index 00000000000000..3c70cea2fd5e6a --- /dev/null +++ b/deps/v8/agents/OWNERS @@ -0,0 +1 @@ +file:../COMMON_OWNERS diff --git a/deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md b/deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md new file mode 100644 index 00000000000000..9634dc7ea9dab5 --- /dev/null +++ b/deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md @@ -0,0 +1,346 @@ +--- +name: port-to-heapobjectlayout +description: Guide for porting V8 classes from legacy Torque layout to the new C++ HeapObjectLayout. Use when asked to move objects, struct subclasses, or field definitions from Torque to C++ as real members. +--- + +# Porting V8 Classes to HeapObjectLayout + +This skill guides you through porting an arbitrary V8 class from a legacy Torque layout to the new C++ `HeapObjectLayout`. The core idea is to shift layout authority from Torque generation to explicit C++ definitions using specialized layout primitives (like `TaggedMember`), while keeping Torque informed so it can verify the layout and use it in CodeStubAssembler (CSA) and builtins. + +## Migration Scope: Inheritance Subtrees + +**Crucial Constraint:** A C++ layout object (`HeapObjectLayout` subclass) cannot inherit from a legacy Torque layout object, and vice versa. Because of this, migrations must be done for **entire object inheritance (sub)trees at a time**. + +If you are migrating a base class, you must generally migrate all of its subclasses in the same operation. To make large inheritance trees manageable, you can subdivide the tree into smaller subtrees by introducing intermediate C++ layout base classes (e.g., `StructLayout`, `PrimitiveHeapObject`). Once an intermediate base class is migrated (and subclasses updated to inherit from it or its Torque equivalent temporarily), its subclasses can be grouped and migrated in more manageable batches. + +## Phase 1: Torque Definition Update (`.tq`) + +Torque needs to know that the layout is now managed by C++, but it still needs the field definitions to generate CSA/Builtin offsets and verification assertions. + +1. **Locate the class definition** in the relevant `.tq` file. +2. **Add the Layout Annotation:** Above the `extern class` definition, add the `@cppObjectLayoutDefinition` annotation. +3. **Preserve the Fields:** Do **not** remove the field definitions; Torque uses them for verification and offset generation. +4. **Ensure `extern`:** Ensure the class is declared as `extern`. + +```torque +// Example: src/objects/my-object.tq +@cppObjectLayoutDefinition +extern class MyObject extends Struct { + // KEEP these fields here! Torque needs them for layout verification. + flags: SmiTagged; + value: JSAny|TheHole; + weak_ref: Weak|Undefined; +} +``` + +## Phase 2: C++ Header Changes (`.h`) + +Define the explicit memory layout in the C++ header. + +1. **Include Object Macros:** The file must end with `#include "src/objects/object-macros.h"`. +2. **Class Definition & Macros:** Wrap the class in `V8_OBJECT` and `V8_OBJECT_END`. +3. **Inheritance:** Change the base class to a Layout class (e.g., `StructLayout`, `HeapObjectLayout`, `TrustedObjectLayout`). +4. **Declare Fields (Publicly):** Define the fields matching the Torque definition, appending `_` to their names. Use `TaggedMember` combined with `UnionOf` or `Weak` where appropriate: + * **Unions:** `TaggedMember> value_;` (Maps to `JSAny|TheHole`) + * **Weak Unions:** `TaggedMember, Undefined>> weak_ref_;` + * **Smis:** `TaggedMember flags_;` + * **Doubles:** `UnalignedDoubleMember float_field_;` + * **External Pointers:** `ExternalPointerMember ptr_;` + * **High-Level Types:** For non-tagged fields, prefer storing them as high-level types (e.g., `JSDispatchHandle`, strongly-typed `enum`s) rather than raw low-level types (like `int32_t` or `uint32_t`) whenever conceptually appropriate. +5. **Declare Accessors:** Add inline getters and setters in the `public` section. Return types should match the `UnionOf` types exactly. + * *Tip:* For complex `UnionOf` types, use a `public` typedef (e.g., `using Value = UnionOf<...>;`) within the class to improve readability of accessors and field declarations. + * *Note:* You can omit `PtrComprCageBase` getter overloads (e.g. `value(cage_base)`) as `TaggedMember` handles decompression natively. +6. **Diagnostic Declarations:** Add `DECL_PRINTER(MyObject)` and `DECL_VERIFIER(MyObject)`. +7. **Size Constants:** If you need size constants (like `kAlignedSize`), define them as `inline constexpr int` in the header, outside the `V8_OBJECT` block to avoid duplicate symbol errors during linking. + +```cpp +// Example: src/objects/my-object.h +#include "src/objects/struct.h" +#include "src/objects/object-macros.h" // Must be the last include + +namespace v8::internal { + +#include "torque-generated/src/objects/my-object-tq.inc" + +V8_OBJECT class MyObject : public StructLayout { + public: + // Accessors + inline int flags() const; + inline void set_flags(int value); + + inline Tagged> value() const; + inline void set_value(Tagged> value, WriteBarrierMode mode = UPDATE_WRITE_BARRIER); + + inline Tagged, Undefined>> weak_ref() const; + inline void set_weak_ref(Tagged, Undefined>> value, WriteBarrierMode mode = UPDATE_WRITE_BARRIER); + + // GC Body Descriptor + using BodyDescriptor = StructBodyDescriptor; + + // Diagnostics + DECL_PRINTER(MyObject) + DECL_VERIFIER(MyObject) + + // Fields (Public for simplified access and Torque asserts) + TaggedMember flags_; + TaggedMember> value_; + TaggedMember, Undefined>> weak_ref_; +} V8_OBJECT_END; + +} // namespace v8::internal +#include "src/objects/object-macros-undef.h" +``` + +## Phase 3: C++ Inline Header Changes (`-inl.h`) + +Implement the accessors using the `TaggedMember` APIs. + +```cpp +// Example: src/objects/my-object-inl.h +#include "src/objects/my-object.h" +#include "src/objects/objects-inl.h" +#include "src/objects/object-macros.h" + +namespace v8::internal { +#include "torque-generated/src/objects/my-object-tq-inl.inc" + +int MyObject::flags() const { + return flags_.load().value(); +} +void MyObject::set_flags(int value) { + flags_.store(this, Smi::FromInt(value)); +} + +Tagged> MyObject::value() const { + return value_.load(); +} +void MyObject::set_value(Tagged> value, WriteBarrierMode mode) { + value_.store(this, value, mode); +} + +Tagged, Undefined>> MyObject::weak_ref() const { + return weak_ref_.load(); +} +void MyObject::set_weak_ref(Tagged, Undefined>> value, WriteBarrierMode mode) { + weak_ref_.store(this, value, mode); +} + +} // namespace v8::internal +#include "src/objects/object-macros-undef.h" +``` + +### Passing `this` to Write Barriers + +If you need to pass the current object to a write barrier macro or function (like `CONDITIONAL_WRITE_BARRIER` or `JS_DISPATCH_HANDLE_WRITE_BARRIER`), it might currently expect a `Tagged`. + +**Do not** cast `this` to a `Tagged` pointer (e.g., `Tagged(this)`). Instead, follow the same overloading advice as with internal APIs: **add an overload** to the underlying write barrier function (e.g., `WriteBarrier::ForJSDispatchHandle`) so that it natively accepts your layout object pointer. + +```cpp +// Incorrect (Casting `this`): +JS_DISPATCH_HANDLE_WRITE_BARRIER(Tagged(this), new_handle); +JS_DISPATCH_HANDLE_WRITE_BARRIER(Tagged(ptr()), new_handle); + +// Correct (Add an overload if necessary, then pass `this` directly): +JS_DISPATCH_HANDLE_WRITE_BARRIER(this, new_handle); +``` + +### Handling Atomic Fields (Acquire/Release) + +If your class previously used atomic macros like `DECL_RELAXED_ACCESSORS` or `DECL_ACQUIRE_GETTER`, you can port these directly to `TaggedMember` which provides built-in support for atomic memory orderings: + +* **Acquire Load:** Use `field_.Acquire_Load()` +* **Release Store:** Use `field_.Release_Store(this, value, mode)` +* **Relaxed Load:** Use `field_.Relaxed_Load()` +* **Relaxed Store:** Use `field_.Relaxed_Store(this, value, mode)` + +```cpp +// In the .h file +inline Tagged my_atomic_field(AcquireLoadTag) const; +inline void set_my_atomic_field(Tagged value, ReleaseStoreTag, + WriteBarrierMode mode = UPDATE_WRITE_BARRIER); + +// In the -inl.h file +Tagged MyObject::my_atomic_field(AcquireLoadTag) const { + return my_atomic_field_.Acquire_Load(); +} +void MyObject::set_my_atomic_field(Tagged value, ReleaseStoreTag, + WriteBarrierMode mode) { + my_atomic_field_.Release_Store(this, value, mode); +} +``` + +### Missing Functionality in `FooMember` Types + +As you migrate classes, you will replace static `FooField` operations (e.g., `TaggedField`, `TrustedPointerField`) with instance-based `FooMember` wrappers (e.g., `TaggedMember`, `TrustedPointerMember`). + +If you find that some functionality is missing on a `FooMember` type where it is available on the corresponding `FooField` type, **you should add the missing functionality directly to the `FooMember` class** instead of working around it in your ported class. The implementation of the new `FooMember` method will typically just call into the underlying `FooField` static method. + +## Phase 4: Padding and Alignment + +V8 object sizes must always be aligned to `kTaggedSize`. When converting from Torque to C++, Torque used to automatically compute and insert padding fields if the object size was uneven (e.g., due to an odd number of 32-bit fields on a 64-bit platform). Now that the layout is explicitly in C++, you must handle this padding manually. + +If your fields result in an object size that isn't cleanly divisible by `kTaggedSize` (which is 8 bytes in 64-bit uncompressed builds and 4 bytes otherwise), you must explicitly add an `optional_padding_` field. The `V8_OBJECT` macro automatically applies compiler pragmas (like `-Wpadded`) that will cause a build failure if you miss this, ensuring there are no unintended gaps. + +1. **Add Padding Field:** In your class definition in `.h`, use the `TAGGED_SIZE_8_BYTES` macro to add an explicit `uint32_t` padding field if necessary. + +```cpp +// Example: src/objects/my-object.h +V8_OBJECT class MyObject : public StructLayout { + public: + // ... fields ... + TaggedMember value_; + int32_t some_32_bit_integer_; + +#if TAGGED_SIZE_8_BYTES + // Required because we have a single 32-bit field, making the size + // end in 4 bytes instead of 8. + uint32_t optional_padding_; +#endif +} V8_OBJECT_END; +``` + +*Note: In Torque, this was often written as `@if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;`. You should mirror this in the `.tq` file if you add it to the `.h` file.* + +## Phase 5: Diagnostic Implementation (`.cc`) + +Manually implement the printer and verifier since Torque no longer generates them. + +šŸ’” **Pro-Tip: Steal from Torque!** +Before building with `@cppObjectLayoutDefinition`, look in your build output directory (e.g., `out/x64.debug/gen/torque-generated/src/objects/my-object-tq.cc`). Torque has already written the `MyObjectPrint` and `MyObjectVerify` functions for you. You can simply copy these generated functions and paste them into your manual `.cc` files. + +1. **Printer (`src/diagnostics/objects-printer.cc`):** + *(Copied from generated output and adapted if necessary)* + ```cpp + void MyObject::MyObjectPrint(std::ostream& os) { + PrintHeader(os, "MyObject"); + os << "\n - flags: " << flags(); + os << "\n - value: " << Brief(value()); + os << "\n - weak_ref: " << Brief(weak_ref()); + os << "\n"; + } + ``` +2. **Verifier (`src/diagnostics/objects-debug.cc`):** + *(Copied from generated output and adapted if necessary)* + ```cpp + void MyObject::MyObjectVerify(Isolate* isolate) { + CHECK(IsMyObject(*this)); + VerifyPointer(isolate, value()); + VerifyMaybeObjectPointer(isolate, weak_ref()); + } + ``` + +*Note: Casting is handled by the `Cast` free function in V8's modern object system, so you do not need to manually write `MyObject::Cast(Tagged object)` methods.* + +## Phase 6: Fixing Call Sites and Offsets + +Update references to sizes and offsets throughout the codebase (e.g., in `code-stub-assembler.cc` or builtins). + +* **Size:** Use `sizeof(MyObject)` instead of `MyObject::kSize`. +* **Offsets:** Use `offsetof(MyObject, field_name_)` instead of `MyObject::kFieldNameOffset`. Because the fields are public, `offsetof` will work seamlessly anywhere. + +### Handling Field Addresses in Internal APIs +Legacy code often calculated field addresses using `host->field_address(kMyFieldOffset)`. When migrating to `HeapObjectLayout`, **do not** add a generic `field_address(size_t offset)` method to your base layout class. + +Instead, prefer passing the field by its actual C++ memory address (e.g., `&host->my_field_`). If an internal API (like `AllocateAndInstallJSDispatchHandle` or `GetJSDispatchTableSpaceFor`) only accepts an `Address` or an `offset`, you should **add a new overload** to that API that accepts a strongly-typed pointer (or `void*`). + +```cpp +// Old Approach (Offset-based): +HeapObject::Allocate(host, offsetof(MyObject, field_), isolate, ...); + +// New Approach (Pointer-based): +HeapObject::Allocate(host, &host->field_, isolate, ...); // Add an overload for this! +``` + +```cpp +// Example CodeStubAssembler change: +- TNode result = Allocate(MyObject::kSize); +- StoreObjectFieldNoWriteBarrier(result, MyObject::kFlagsOffset, zero); ++ TNode result = Allocate(sizeof(MyObject)); ++ StoreObjectFieldNoWriteBarrier(result, offsetof(MyObject, flags_), zero); +``` + +## Phase 7: BodyDescriptors and `offsetof` + +When defining a `BodyDescriptor` for a `HeapObjectLayout` subclass, you often need to use `offsetof` to specify the layout of the newly defined C++ fields. However, using `offsetof` on a class *inside* its own definition results in an "incomplete type" compilation error. + +To solve this, V8 offers the `ObjectTraits` pattern. The rule is as follows: + +* **If the `BodyDescriptor` is a legitimate class** (e.g., manually declared with `class BodyDescriptor;` and defined in `objects-body-descriptors-inl.h` because it needs custom iteration logic like `VisitIndirectPointer`): + You do NOT need `ObjectTraits`. Declare it as a forward declaration inside the class as usual: + ```cpp + V8_OBJECT class MyObject : public HeapObjectLayout { + public: + // ... + class BodyDescriptor; // Just a declaration, it's fine! + } V8_OBJECT_END; + ``` + *Important note for custom BodyDescriptors:* Do NOT use methods like `RawExternalPointerField(offsetof(Foo, field_))` or offset-based `IterateTrustedPointer` inside `IterateBody`. Instead, use `Slot` constructors that take the address of the member directly, or member-based `Iterate` overloads: + ```cpp + // BAD + IterateTrustedPointer(obj, offsetof(MyObject, pointer_), v, IndirectPointerMode::kStrong, kTag); + v->VisitExternalPointer(obj, obj->RawExternalPointerField(offsetof(MyObject, ext_), kTag)); + + // GOOD + Tagged my_obj = UncheckedCast(obj); + IterateTrustedPointer(obj, &my_obj->pointer_, v, IndirectPointerMode::kStrong); + v->VisitExternalPointer(my_obj, ExternalPointerSlot(&my_obj->ext_, kTag)); + ``` + If the required slot constructor does not exist (e.g. `IndirectPointerSlot` taking a `TrustedPointerMember*`), add it to `slots.h`. + +* **If the `BodyDescriptor` is a typedef** (e.g., aliased using `using BodyDescriptor = FixedBodyDescriptor<...>;` or `SubclassBodyDescriptor<...>;`): + Do not alias it inside the class body. Instead, define it using the `ObjectTraits` pattern *after* the `V8_OBJECT_END` macro, where the class type is fully complete: + ```cpp + V8_OBJECT class MyObject : public HeapObjectLayout { + public: + // ... fields ... + } V8_OBJECT_END; + + template <> + struct ObjectTraits { + using BodyDescriptor = FixedBodyDescriptor; + }; + ``` + +## Phase 8: Verification + +1. **Build:** Run `tools/dev/gm.py`. +2. **Torque Asserts:** If compilation fails in `TorqueGeneratedMyObjectAsserts`, your C++ layout does not match the Torque definition. Fix the ordering or types in your C++ `V8_OBJECT`. +3. **Tests:** Run all test suites (`tools/run-tests.py ... cctest unittests mjsunit`) to confirm the write barriers and offset calculations are functioning perfectly at runtime. + +### Trusted Pointer and Code Pointer Accessors + +When a class contains `DECL_TRUSTED_POINTER_ACCESSORS(name, Type)` or `DECL_CODE_POINTER_ACCESSORS(name)`, the corresponding C++ macro implementations (`TRUSTED_POINTER_ACCESSORS` and `CODE_POINTER_ACCESSORS`) currently expect `Tagged` and will fail to compile if used directly on a `HeapObjectLayout` subclass. +To fix this, you must manually implement the accessors using `TrustedCast` and `TrustedPointerMember`: + +```cpp +// In the .h file +V8_OBJECT class CodeWrapper : public StructLayout { + public: + DECL_CODE_POINTER_ACCESSORS(code) + // ... + TrustedPointerMember code_; +} V8_OBJECT_END; + +// In the -inl.h file +Tagged CodeWrapper::code(IsolateForSandbox isolate) const { + return code_.load(isolate); +} +Tagged CodeWrapper::code(IsolateForSandbox isolate, AcquireLoadTag tag) const { + return code_.Acquire_Load(isolate); +} +void CodeWrapper::set_code(Tagged value, WriteBarrierMode mode) { + code_.store(this, value, mode); +} +void CodeWrapper::set_code(Tagged value, ReleaseStoreTag, WriteBarrierMode mode) { + code_.Release_Store(this, value, mode); +} +bool CodeWrapper::has_code() const { + return !code_.is_empty(); +} +void CodeWrapper::clear_code() { + code_.clear(this); +} +``` + +If the object uses a `SubclassBodyDescriptor`, it will NOT automatically visit `TrustedPointerMember`s. You must define a manual `class BodyDescriptor;` and use `IterateTrustedPointer` or `IterateCodePointer` taking the pointer to the member (i.e. `&my_obj->member_`) instead of `StructBodyDescriptor` or `SubclassBodyDescriptor`. diff --git a/deps/v8/agents/skills/torque/SKILL.md b/deps/v8/agents/skills/torque/SKILL.md new file mode 100644 index 00000000000000..f28db41e97183b --- /dev/null +++ b/deps/v8/agents/skills/torque/SKILL.md @@ -0,0 +1,87 @@ +--- +name: torque +description: Expert guidance for navigating, implementing, and verifying V8 Torque (.tq) builtins and object layouts. +--- + +# V8 Torque + +Torque is an Ahead-of-Time (AOT) generator that transforms `.tq` DSL into highly-optimized C++ CodeStubAssembler (CSA) code, which is then compiled into the `mksnapshot` binary. + +## Execution Pipeline + +To debug failures, you must understand its multi-stage build: + +1. **Generation**: The Torque compiler reads `.tq` files and generates C++ CodeStubAssembler files (`.cc`, `.h`, `.inc`) in `out//gen/torque-generated/`. +2. **Compilation**: `mksnapshot` (or the `d8` build) compiles the generated C++ files. +3. **Snapshotting**: `mksnapshot` executes the generated C++ code (via TurboFan or Maglev) to emit highly-optimized raw machine code. +4. **Linking**: The machine code is serialized into a snapshot and linked into V8, meaning Torque builtins run with zero translation overhead at runtime. + +## Implementation Patterns +Common Torque syntax, keywords, and linkage definitions: + +```cpp +// 1. Type Casting & Checks +const array = Cast(object) otherwise GotoLabel; +if (Is(object)) { ... } + +// 2. Control Flow +try { + const smi = Cast(input) otherwise IsNotSmi; +} label IsNotSmi deferred { + return runtime::DoSomething(context, input); +} + +// 3. Signatures & Keywords +// 'macro': Inlined functions for reusable logic. +transitioning macro Name(implicit context: Context)(arg: JSAny): JSAny + +// 'builtin': Non-inlined functions, callable from other builtins or JavaScript. +transitioning builtin Name(implicit context: Context)(arg: JSAny): JSAny + +// 'javascript': Marks a builtin as directly callable from JavaScript, with JS linkage. +transitioning javascript builtin Name(js-implicit context: NativeContext, receiver: JSAny)(arg: JSAny): JSAny + +// 'transitioning': Indicates a function can cause an object's map to change (e.g. adding properties). +// 'extern': Used to call C++ defined CSA functions from Torque. +extern transitioning macro NameInCpp(Context, JSAny): JSAny; +``` + +## Register in BUILD.gn + +If you create a **new** `.tq` file, you **MUST** register it in the root `BUILD.gn`. + +1. Locate the `v8_torque_files` list in `BUILD.gn`. +2. Add your new file path in alphabetical order. + +```gn +v8_torque_files = [ + "src/builtins/array-join.tq", + "src/builtins/my-new-builtin.tq", # Your addition + ... +] +``` + +*Note: Modifications to existing files do not require registration changes.* + +## Mandatory verification workflow + +The task is **incomplete** until you successfully execute this sequence: + +### 1. Build +Run the `gm.py` wrapper to trigger the Torque generator and C++ compilation. + +```bash +tools/dev/gm.py quiet {arch}.{type} +``` + +(e.g., `x64.optdebug` or `arm64.release`). Use `optdebug` for logic/debugging, `release` for performance/benchmarking. + +### 2. Verify with Tests +Run the relevant test suite (usually `mjsunit` for JavaScript-exposed builtins) to ensure correctness. Match the `{arch}.{type}` to your build. + +```bash +tools/run-tests.py --progress dots --outdir=out/{arch}.{type} mjsunit/ +``` + +### 3. Debug (If Necessary) +If the build fails during "Generation", inspect the `.tq` syntax. If it fails during "Compilation", check the generated C++ in `out//gen/torque-generated/`. diff --git a/deps/v8/bazel/defs.bzl b/deps/v8/bazel/defs.bzl index 9648e4a541f99f..bbe1495f0b3044 100644 --- a/deps/v8/bazel/defs.bzl +++ b/deps/v8/bazel/defs.bzl @@ -123,7 +123,6 @@ def _default_args(): "-Wno-implicit-int-float-conversion", "-Wno-deprecated-copy", "-Wno-non-virtual-dtor", - "-Wno-unnecessary-virtual-specifier", "-isystem .", ], "//conditions:default": [], @@ -467,6 +466,7 @@ def _mksnapshot(ctx): ctx.actions.run( outputs = outs, inputs = [], + mnemonic = "V8Mksnapshot", arguments = [ "--embedded_variant=Default", "--target_os", @@ -564,6 +564,7 @@ def build_config_content(cpu, icu): ("dict_property_const_tracking", "false"), ("direct_handle", "false"), ("disassembler", "false"), + ("dumpling", "false"), ("full_debug", "false"), ("gdbjit", "false"), ("has_jitless", "false"), diff --git a/deps/v8/docs/OWNERS b/deps/v8/docs/OWNERS index 07428b275bbbc4..3c70cea2fd5e6a 100644 --- a/deps/v8/docs/OWNERS +++ b/deps/v8/docs/OWNERS @@ -1 +1 @@ -hpayer@chromium.org +file:../COMMON_OWNERS diff --git a/deps/v8/docs/README.md b/deps/v8/docs/README.md index e84a81dfdc16a6..713c809c266e69 100644 --- a/deps/v8/docs/README.md +++ b/deps/v8/docs/README.md @@ -1 +1 @@ -The documentation for V8 can be found at [v8.dev/docs](https://v8.dev/docs). +Most documentation for V8 can be found at [v8.dev/docs](https://v8.dev/docs). diff --git a/deps/v8/docs/security/triaging.md b/deps/v8/docs/security/triaging.md new file mode 100644 index 00000000000000..95143c95a5f792 --- /dev/null +++ b/deps/v8/docs/security/triaging.md @@ -0,0 +1,111 @@ +# Security Bug Triaging + +V8 generally triages security bugs based on [Chromium's guidelines](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/security/security-labels.md). + +Google-only: The internal version of this document is available at [go/v8-security-gardening](http://goto.google.com/v8-security-gardening). + +## Labels and classifications + +- **Type=Vulnerability**: Designates a security vulnerability that impacts users. +- **Severity**: Same as [Chromium's severities](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/security/severity-guidelines.md). +- **Priority**: A priority that in general is at least the severity. +In certain circumstances, e.g. in-the-wild exploitation, we may raise the priority further. +- **Security_Impact-{Head, Beta, Stable, Extended, None}** hotlists: Derived from milestones set in the **Found In** field, this hotlist specifies the earliest affected release channel. +Should not normally be set by humans, except in the case of **Security_Impact-None** (hotlistid: 5433277) which means that the bug is in a disabled feature, or otherwise doesn't impact Chrome: see the section below for more details. + +In addition, the following fields are set as part of triaging +- **Found In**: Should point to the milestone this was discovered to be broken. +It is okay to just set to the current stable or extended stable milestone if unknown. +- **Introduced In**: Should point to the milestone this was introduced. +It is okay to be conservative if unknown, e.g., to assume that the bug was present when a feature was launched. + +### Sandbox bypasses + +V8 Sandbox bypasses are included in Chromeā€™s VRP. +A successful bypass must show write access outside of the sandbox. +Read access is not considered part of the attack model. + +These bugs are currently treated differently from regular security bugs. +Specifically, the following properties are different from regular security bugs: + +- **Severity**: S2 +- **Security_Impact-None** (hotlistid: 5433277) +- **v8-sandbox** (hotlistid: 4802478) + +## Reproducing security bugs + +Security bugs should have proof-of-concept reproductions (POCs) attached to them. +V8 currently still accepts bugs without a POC with the caveat that such bugs have a much higher chance of being dismissed quickly. + +### Regular security bugs + +Bugs should reproduce on `d8` with `--fuzzing` and `--disallow-unsafe-flags`. +Bugs that only reproduce with other flag combinations have a much higher chance of not being considered security bugs in first place. +See the section below for common scenarios that lead to reclassifications. + +### Sandbox security bugs + +Bugs should reproduce in the [sandbox testing environment](../src/sandbox/README.md#testing). + +## Common cases for conditional features and code + +This section lists common triaging scenarios. + +### Bugs in code that is not experimental and is enabled by default + +Fields: **Type=Vulnerability**, **Security_Impact-{Head,Beta,Stable,Extended}** + +Rationale: Security bugs reachable through production code for regular users. + +### Bugs in code that is not experimental but not enabled by default + +Fields: **Type=Vulnerability**, **Security_Impact-None** + +Rationale: These bugs are in features that are generally complete and on the track of shipping at some point. +We encourage experimenting and finding bugs in those features. + +Note that **Severity** should still be set to the appropriate Severity (S0-S3) for **Security_Impact-None** issues, as if the feature were enabled or the code reachable. + +### Bugs in code guarded by experimental flags + +Fields: **Type=Bug**, **Security_Impact-None** + +Rationale: The flags and setups guard unfinished features that are explicitly not considered ready for fuzzing yet. +Flags are often following the naming of `--experimental-*` and imply the `--experimental` flag. +Sometimes these flags also have some experimental annotation on the flag descriptions. + +Note: If the flag is part of e.g. `--future` or `--wasm-staging` then this signals that the flags are ready for fuzzing. +We donā€™t change the flag names in this case to avoid further churn on the code base. + +### Bugs in developer flags such as `--trace-*` or flags that are clearly marked as unsafe + +Fields: **Type=Bug**, **Security_Impact-None** + +Rationale: Not reachable in production as these flags are only used by developers. + +## Other common cases + +### `nullptr` (or close to `0`) deref + +Fields: **Type=Bug**, **Security_Impact-None** + +V8 relies on `nullptr` dereferences to deterministically crash. + +### Broken `DCHECK`s or reliable `CHECK` crashers + +Fields: **Type=Bug**, **Security_Impact-None** + +Rationale: Crashes are either bogus and do not happen in production builds or are deterministically crashing the process. + +Note: `CHECK`s must not be behind special builds or phases, such as `--verify-*`. + +### Breakage through directly invoking internal runtime functions with `%`-syntax + +Runtime functions like `%IterableForEach()` are directly visible to JavaScript programs via `--allow-natives-syntax`. +The functions are not supposed to be tested this way, as they generally have pre- and post-conditions. +This can lead to crashes (e.g. [484110302](crbug.com/484110302)) when they are incorrectly used. +Such crashes are working as intended. + +Functions that are exposed under fuzzing are specified in [`Runtime::IsEnabledForFuzzing()`](https://source.chromium.org/search?q=Runtime::IsEnabledForFuzzing()&ss=chromium). +The bottleneck also mentions potential caveats that could still lead to crashes. +To make this clear V8 will automatically remove any calls to unsupported functions when being invoked with `--fuzzing`. diff --git a/deps/v8/gni/cluster_build.gni b/deps/v8/gni/cluster_build.gni new file mode 100644 index 00000000000000..a8493964c6e0fc --- /dev/null +++ b/deps/v8/gni/cluster_build.gni @@ -0,0 +1,221 @@ +# Copyright 2026 the V8 project authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("v8.gni") + +declare_args() { + # Number of source files per cluster. + # Increasing this to 50 can improve build speed by 3-5%, but + # increases the minimum build time for a single .cc change + # by about 10%. + # On a machine with very few cores, eg. 8, it might even be + # worth setting to 100. + # You can override this in a args.gn file. + cluster_size = 25 +} + +# Smaller cluster size for heavy directories (turboshaft, maglev). +small_cluster_size = 5 + +# Directories that should use the smaller cluster size. +small_cluster_dirs = [ + "src/compiler/turboshaft", + "src/maglev", +] + +# A v8_source_set that clusters .cc files in cluster mode. +# +# In cluster mode: generates cluster files for .cc sources and compiles those +# In non-cluster mode: compiles sources directly (like v8_source_set) +# +# Arguments: Same as v8_source_set, plus: +# cluster_output_dir: Optional output directory for cluster files. +# Defaults to $target_gen_dir/clustered. +# cluster_prefix: Optional prefix for cluster file names. +# Defaults to target_name. +# exclude_from_cluster: Optional list of .cc files to compile individually. +# generated_sources: Set to true if sources are generated files located in +# cluster_output_dir. This affects how include paths are +# computed. Default: false. +template("v8_cluster_source_set") { + _target_name = target_name + + if (v8_enable_cluster_build) { + # Extract .cc files from sources for clustering + _excluded_files = [] + if (defined(invoker.exclude_from_cluster)) { + _excluded_files = invoker.exclude_from_cluster + } + + _cluster_sources = [] + _excluded_cc_sources = [] + _other_sources = [] + if (defined(invoker.sources)) { + foreach(s, invoker.sources) { + _ext = get_path_info(s, "extension") + if (_ext == "cc") { + # Check if this file is excluded + _is_excluded = false + foreach(_excl, _excluded_files) { + if (s == _excl) { + _is_excluded = true + } + } + if (_is_excluded) { + _excluded_cc_sources += [ s ] + } else { + _cluster_sources += [ s ] + } + } else { + _other_sources += [ s ] + } + } + } + + # Count cluster sources + _num_cluster_sources = 0 + foreach(s, _cluster_sources) { + _num_cluster_sources += 1 + } + + if (_num_cluster_sources > 0) { + _cluster_prefix = _target_name + if (defined(invoker.cluster_prefix)) { + _cluster_prefix = invoker.cluster_prefix + } + + _output_dir = "$target_gen_dir/clustered" + if (defined(invoker.cluster_output_dir)) { + _output_dir = invoker.cluster_output_dir + } + + _generated_sources = false + if (defined(invoker.generated_sources)) { + _generated_sources = invoker.generated_sources + } + + # Build args for small cluster directories + _small_cluster_args = [ + "--small-cluster-size", + "$small_cluster_size", + ] + foreach(_dir, small_cluster_dirs) { + _small_cluster_args += [ + "--small-cluster-dirs", + _dir, + ] + } + + # Build args for computing filenames + _compute_args = [ + "--compute-filenames", + "--cluster-size", + "$cluster_size", + "--prefix", + _cluster_prefix, + ] + _compute_args += _small_cluster_args + + # Compute cluster file names using exec_script + _cluster_filenames = exec_script( + v8_path_prefix + "/tools/cluster_files.py", + _compute_args + rebase_path(_cluster_sources, root_build_dir), + "list lines") + + _cluster_files = [] + foreach(f, _cluster_filenames) { + _cluster_files += [ "$_output_dir/$f" ] + } + + # Action to generate cluster files + action("${_target_name}_generate_clusters") { + visibility = [ ":*" ] + script = v8_path_prefix + "/tools/cluster_files.py" + + outputs = _cluster_files + + args = [ + "--generate", + "--output-dir", + rebase_path(_output_dir, root_build_dir), + "--prefix", + _cluster_prefix, + "--cluster-size", + "$cluster_size", + ] + args += _small_cluster_args + + # Include path computation depends on whether sources are generated + if (_generated_sources) { + # Generated sources: strip the output directory prefix + _strip_prefix = rebase_path(_output_dir, root_build_dir) + "/" + args += [ + "--strip-prefix", + _strip_prefix, + ] + } else { + # Source tree files: prepend path from output dir back to build dir + _include_prefix = rebase_path(root_build_dir, _output_dir) + "/" + args += [ + "--include-prefix", + _include_prefix, + ] + } + + args += rebase_path(_cluster_sources, root_build_dir) + + # Only forward testonly, not deps. The generate_clusters action just + # creates #include files from the source list - it doesn't need any + # dependencies. The deps are forwarded to the v8_source_set below + # where they're needed for actually compiling the cluster files. + forward_variables_from(invoker, [ "testonly" ]) + } + + # The actual source set with cluster files + v8_source_set(_target_name) { + forward_variables_from(invoker, + "*", + [ + "sources", + "cluster_prefix", + "cluster_output_dir", + "exclude_from_cluster", + "generated_sources", + ]) + + # Combine non-.cc files, cluster files, and excluded files + sources = _other_sources + _cluster_files + _excluded_cc_sources + + if (!defined(deps)) { + deps = [] + } + deps += [ ":${_target_name}_generate_clusters" ] + } + } else { + # No .cc files to cluster, just pass through + v8_source_set(_target_name) { + forward_variables_from(invoker, + "*", + [ + "cluster_prefix", + "cluster_output_dir", + "exclude_from_cluster", + "generated_sources", + ]) + } + } + } else { + # Non-cluster mode: just use v8_source_set directly + v8_source_set(_target_name) { + forward_variables_from(invoker, + "*", + [ + "cluster_prefix", + "cluster_output_dir", + "exclude_from_cluster", + "generated_sources", + ]) + } + } +} diff --git a/deps/v8/gni/v8.gni b/deps/v8/gni/v8.gni index e29a7c5de3c4cc..3a031e9ddfb622 100644 --- a/deps/v8/gni/v8.gni +++ b/deps/v8/gni/v8.gni @@ -66,6 +66,13 @@ declare_args() { # Use static libraries instead of source_sets. v8_static_library = false + # Enable cluster build. This build mode compiles multiple .cc files in one + # compilation unit. These are files where the C++ compiler spends most of its + # time processing the same long list of .h files, which means they can be + # compiled together in almost the same time that just one of them would have + # taken. + v8_enable_cluster_build = false + # Enable monolithic static library for embedders. v8_monolithic = false @@ -102,25 +109,40 @@ declare_args() { # Enable Wasm interpreter tracing. v8_enable_drumbrake_tracing = false + # Use host CPU ARM features when compiling ARM/ARM64 snapshots + # (using mksnapshot). When true, use both CPU features from + # the target's CPU, and the host's CPU. + # Since mksnapshot's output runs on the target device, this is not + # desirable in general to take the CPU features of the host compiler. + # However, the default is true in order to preserve existing behavior, + # and ensure all necessary CPU features are available in certain scenarios + #(where target and host have the same CPU architecture but different CPUs). + v8_use_host_cpu_arm_features = true + # On non-Desktop platforms, enable explicit bounds checks in the Wasm # interpreter, where the bounds checking is done in the instruction handler, # not using an unhandled exception filter (which also doesn't work with # Win-ASAN). - # Also enables explicit bounds checks on component builds in platforms other - # than Windows because of a problem with function name mangling for vectorcall - # ABI on ELF (The vectorcall calling convention requires a mangling that - # includes @@, but on ELF an @ indicates that the part after it is the version - # of the symbol, with @@ indicating the default symbol version to link against - # when none is specified by the caller and this causes linker errors). As a - # workaround, we need to disable the vectorcall calling convention for - # component builds on Linux and Mac, which means that we cannot use DrumBrake - # builtins for Load/Store instruction handlers, because of the different - # calling convention. - # Windows component builds are also enabled to support cross-compilation. + # Trap-handler based Load/Store builtins are supported on x64 and arm64. + # On x64, also enables explicit bounds checks on component builds in platforms + # other than Windows because of a problem with function name mangling for + # vectorcall ABI on ELF (The vectorcall calling convention requires a mangling + # that includes @@, but on ELF an @ indicates that the part after it is the + # version of the symbol, with @@ indicating the default symbol version to link + # against when none is specified by the caller and this causes linker errors). + # As a workaround, we need to disable the vectorcall calling convention for + # x64 component builds on Linux and Mac, which means that we cannot use + # DrumBrake builtins for Load/Store instruction handlers on x64 component + # builds because of the different calling convention. + # Windows component builds are also affected to support cross-compilation. + # While arm64 uses the standard AAPCS64 calling convention, component builds + # work without this restriction only on iOS due to platform-specific + # build constraints. v8_drumbrake_bounds_checks = (is_win && (is_asan || is_ubsan || is_msan || is_tsan)) || - !(is_win || is_linux || is_mac) || v8_current_cpu != "x64" || !is_clang || - is_component_build + !(is_win || is_linux || is_mac || is_ios) || + (v8_current_cpu != "x64" && v8_current_cpu != "arm64") || !is_clang || + (is_component_build && target_os != "ios") # Enable the Turbofan compiler. # Sets -dV8_ENABLE_TURBOFAN. @@ -202,7 +224,9 @@ declare_args() { # GC. cppgc_enable_slim_write_barrier = true - # Enable pointer compression in cppgc. + # Enable pointer compression in cppgc. Note: this is automatically turned on + # by cppgc_enable_caged_heap on 64-bit platforms. To unconditionally disable + # pointer compression, set cppgc_enable_caged_heap = false. cppgc_enable_pointer_compression = false # Enable support for larger cages, up to 16GB. @@ -368,7 +392,6 @@ v8_add_configs = [ v8_path_prefix + ":features", v8_path_prefix + ":toolchain", v8_path_prefix + ":strict_warnings", - v8_path_prefix + ":sanitizer_defines", ] if (v8_force_optimize_speed) { diff --git a/deps/v8/include/cppgc/heap.h b/deps/v8/include/cppgc/heap.h index 02ee12eaba09d5..2968a0af197240 100644 --- a/deps/v8/include/cppgc/heap.h +++ b/deps/v8/include/cppgc/heap.h @@ -32,6 +32,18 @@ namespace internal { class Heap; } // namespace internal +/** + * A marker that captures the current stack start address. + */ +class V8_EXPORT StackStartMarker { + public: + StackStartMarker() : stack_start_(__builtin_frame_address(0)) {} + void* stack_start() const { return stack_start_; } + + private: + void* stack_start_; +}; + class V8_EXPORT Heap { public: /** @@ -151,8 +163,13 @@ class V8_EXPORT Heap { * GC scheduler follows. */ ResourceConstraints resource_constraints; - }; + /** + * Optional marker representing the stack start of the thread creating the + * heap. + */ + std::optional stack_start_marker = std::nullopt; + }; /** * Creates a new heap that can be used for object allocation. * diff --git a/deps/v8/include/v8-cppgc.h b/deps/v8/include/v8-cppgc.h index aa3813b95ab2f1..9dc6ee5e617fb4 100644 --- a/deps/v8/include/v8-cppgc.h +++ b/deps/v8/include/v8-cppgc.h @@ -53,6 +53,11 @@ struct V8_EXPORT CppHeapCreateParams { */ cppgc::Heap::SweepingType sweeping_support = cppgc::Heap::SweepingType::kIncrementalAndConcurrent; + /** + * Optional marker representing the stack start of the thread creating the + * heap. + */ + std::optional stack_start_marker = std::nullopt; }; /** diff --git a/deps/v8/include/v8-debug.h b/deps/v8/include/v8-debug.h index 620467a72695e4..56b98a95b153e8 100644 --- a/deps/v8/include/v8-debug.h +++ b/deps/v8/include/v8-debug.h @@ -141,6 +141,12 @@ class V8_EXPORT StackTrace { v8::Local context; }; + struct ScriptData { + int id; + v8::Local function; + v8::Local context; + }; + /** * Returns the (unique) ID of this stack trace. */ @@ -197,12 +203,27 @@ class V8_EXPORT StackTrace { * final difference is that the script id written for evals or regexp is that * of the script that ran eval() or regexp, not the current context. * - * WARNING: This is an unfinished experimental feature. Semantics and - * implementation may change frequently. */ + V8_DEPRECATE_SOON("Use CurrentScriptData instead") static v8::MemorySpan CurrentScriptIdsAndContexts(Isolate* isolate, v8::MemorySpan frame_data); + + /** + * Writes up to the first `frame_data.size()` valid script ids, functions, and + * contexts at the top of the JS stack into the given span. Returns a span + * sized to the number of frames worth of data written. It's similar to the + * CurrentStackTrace method but doesn't allocate a stack trace. Further, it + * skips non-js frames and frames that don't have valid script ids or function + * contexts. The final difference is that the script id written for evals or + * regexp is that of the script that ran eval() or regexp, not the current + * context. + * + * WARNING: This is an unfinished experimental feature. Semantics and + * implementation may change frequently. + */ + static v8::MemorySpan CurrentScriptData( + Isolate* isolate, v8::MemorySpan frame_data); }; } // namespace v8 diff --git a/deps/v8/include/v8-external.h b/deps/v8/include/v8-external.h index da43c42e350ade..acc3705ce1091a 100644 --- a/deps/v8/include/v8-external.h +++ b/deps/v8/include/v8-external.h @@ -28,10 +28,6 @@ constexpr ExternalPointerTypeTag kExternalPointerTypeTagDefault = 0; */ class V8_EXPORT External : public Value { public: - V8_DEPRECATED("Use the version with the type tag.") - static Local New(Isolate* isolate, void* value) { - return New(isolate, value, kExternalPointerTypeTagDefault); - } /** * Creates a new External object. * @@ -51,9 +47,6 @@ class V8_EXPORT External : public Value { return static_cast(value); } - V8_DEPRECATED("Use the version with the type tag.") - void* Value() const { return Value(kExternalPointerTypeTagDefault); } - /** * Returns the value of the external pointer. * diff --git a/deps/v8/include/v8-function-callback.h b/deps/v8/include/v8-function-callback.h index 135508ef5b5acc..80833bcd538f04 100644 --- a/deps/v8/include/v8-function-callback.h +++ b/deps/v8/include/v8-function-callback.h @@ -241,8 +241,10 @@ class PropertyCallbackInfo { * has an interceptor. Then `info.This()` is `x` and `info.Holder()` is `y`. * In case the property is installed on the global object the Holder() * would return the global proxy. - * TODO(http://crbug.com/333672197): rename back to Holder(). */ + V8_INLINE Local Holder() const; + // TODO(http://crbug.com/333672197): deprecate and remove. + V8_DEPRECATE_SOON("Use Holder().") V8_INLINE Local HolderV2() const; /** @@ -683,9 +685,13 @@ Local PropertyCallbackInfo::Data() const { } template -Local PropertyCallbackInfo::HolderV2() const { +Local PropertyCallbackInfo::Holder() const { return Local::FromSlot(&args_[kHolderIndex]); } +template +Local PropertyCallbackInfo::HolderV2() const { + return Holder(); +} template ReturnValue PropertyCallbackInfo::GetReturnValue() const { diff --git a/deps/v8/include/v8-initialization.h b/deps/v8/include/v8-initialization.h index 406f1d0ba54573..02f3acfba796a9 100644 --- a/deps/v8/include/v8-initialization.h +++ b/deps/v8/include/v8-initialization.h @@ -206,6 +206,47 @@ class V8_EXPORT V8 { static void DisposePlatform(); #if defined(V8_ENABLE_SANDBOX) + /** + * The mode the V8 sandbox operates in. + * + * These values are persisted to logs. Entries should not be renumbered and + * numeric values should never be reused. If you add new items here, update + * V8SandboxMode in tools/metrics/histograms/metadata/v8/enums.xml in + * Chromium. + */ + enum class SandboxMode : uint8_t { + /** + * The sandbox is configured securely with a full reservation and an + * inaccessible Smi address range. + */ + kSecure = 0, + /** + * The sandbox is configured insecurely without a known reason. + */ + kInsecure = 1, + /** + * The sandbox is partially reserved, but the Smi address range is + * inaccessible. + */ + kInsecurePartialReservationSmiInaccessible = 2, + /** + * The sandbox is fully reserved, but the Smi address range is accessible. + */ + kInsecureFullReservationSmiAccessible = 3, + /** + * The sandbox is partially reserved and the Smi address range is + * accessible. + */ + kInsecurePartialReservationSmiAccessible = 4, + + kMaxValue = kInsecurePartialReservationSmiAccessible, + }; + + /** + * Returns the current state of the sandbox. + */ + static SandboxMode GetSandboxMode(); + /** * Returns true if the sandbox is configured securely. * diff --git a/deps/v8/include/v8-inspector.h b/deps/v8/include/v8-inspector.h index 9eb9b2130537a5..cdd94163e3d673 100644 --- a/deps/v8/include/v8-inspector.h +++ b/deps/v8/include/v8-inspector.h @@ -418,10 +418,13 @@ class V8_EXPORT V8Inspector { }; class V8_EXPORT ManagedChannel - : public cppgc::GarbageCollected, - public Channel { + : public cppgc::GarbageCollected { public: virtual ~ManagedChannel() = default; + virtual void sendResponse(int callId, + std::unique_ptr message) = 0; + virtual void sendNotification(std::unique_ptr message) = 0; + virtual void flushProtocolNotifications() = 0; virtual void Trace(cppgc::Visitor* visitor) const {} }; @@ -429,6 +432,8 @@ class V8_EXPORT V8Inspector { enum SessionPauseState { kWaitingForDebugger, kNotWaitingForDebugger }; // TODO(chromium:1352175): remove default value once downstream change lands. // Deprecated: Use `connectShared` instead. + // Channel is owned by the embedder. Ensure to keep it alive as long as the + // returned session is alive. virtual std::unique_ptr connect( int contextGroupId, Channel*, StringView state, ClientTrustLevel client_trust_level, @@ -439,10 +444,15 @@ class V8_EXPORT V8Inspector { // (V8InspectorClient::runMessageLoopOnPause) is running. To partially ensure // this, we defer session deconstruction until no "dispatchProtocolMessages" // remains on the stack. + // Channel is owned by the embedder. Ensure to keep it alive as long as the + // returned session is alive. virtual std::shared_ptr connectShared( int contextGroupId, Channel* channel, StringView state, ClientTrustLevel clientTrustLevel, SessionPauseState pauseState) = 0; + // Same as `connectShared` but takes a `ManagedChannel` instead. The session + // will take a cppgc::Persistent on the ManagedChannel so the embedder doesn't + // have to worry about the life-time of `channel`. virtual std::shared_ptr connectShared( int contextGroupId, ManagedChannel* channel, StringView state, ClientTrustLevel clientTrustLevel, SessionPauseState pauseState) = 0; diff --git a/deps/v8/include/v8-internal.h b/deps/v8/include/v8-internal.h index fab0f3cc490981..d958e8d8dbb787 100644 --- a/deps/v8/include/v8-internal.h +++ b/deps/v8/include/v8-internal.h @@ -248,18 +248,6 @@ constexpr size_t kSandboxAlignment = kPtrComprCageBaseAlignment; // constant specifies the shift amount. constexpr uint64_t kSandboxedPointerShift = 64 - kSandboxSizeLog2; -// Size of the guard regions surrounding the sandbox. This assumes a worst-case -// scenario of a 32-bit unsigned index used to access an array of 64-bit values -// with an additional 4GB (compressed pointer) offset. In particular, accesses -// to TypedArrays are effectively computed as -// `entry_pointer = array->base + array->offset + index * array->element_size`. -// See also https://crbug.com/40070746 for more details. -constexpr size_t kSandboxGuardRegionSize = 32ULL * GB + 4ULL * GB; - -static_assert((kSandboxGuardRegionSize % kSandboxAlignment) == 0, - "The size of the guard regions around the sandbox must be a " - "multiple of its required alignment."); - // On OSes where reserving virtual memory is too expensive to reserve the // entire address space backing the sandbox, notably Windows pre 8.1, we create // a partially reserved sandbox that doesn't actually reserve most of the @@ -281,9 +269,6 @@ static_assert(kSandboxMinimumReservationSize > kPtrComprCageReservationSize, // able to construct a buffer that appears larger than the guard regions and // thereby "reach out of" the sandbox. constexpr size_t kMaxSafeBufferSizeForSandbox = 32ULL * GB - 1; -static_assert(kMaxSafeBufferSizeForSandbox <= kSandboxGuardRegionSize, - "The maximum allowed buffer size must not be larger than the " - "sandbox's guard regions"); constexpr size_t kBoundedSizeShift = 29; static_assert(1ULL << (64 - kBoundedSizeShift) == @@ -291,6 +276,22 @@ static_assert(1ULL << (64 - kBoundedSizeShift) == "The maximum size of a BoundedSize must be synchronized with the " "kMaxSafeBufferSizeForSandbox"); +// Size of the guard regions surrounding the sandbox. This assumes a worst-case +// scenario of a 32-bit unsigned index used to access an array of 64-bit values +// with an additional 32GB (bounded size) offset. In particular, accesses to +// TypedArrays are effectively computed as +// `entry_pointer = array->base + array->offset + index * array->element_size`. +// See also https://crbug.com/40070746 for more details. +constexpr size_t kSandboxGuardRegionSize = + 32ULL * GB + (kMaxSafeBufferSizeForSandbox + 1); + +static_assert((kSandboxGuardRegionSize % kSandboxAlignment) == 0, + "The size of the guard regions around the sandbox must be a " + "multiple of its required alignment."); +static_assert(kMaxSafeBufferSizeForSandbox <= kSandboxGuardRegionSize, + "The maximum allowed buffer size must not be larger than the " + "sandbox's guard regions"); + #endif // V8_ENABLE_SANDBOX #ifdef V8_COMPRESS_POINTERS @@ -320,9 +321,10 @@ constexpr size_t kExternalPointerTableReservationSize = 512 * MB; constexpr uint32_t kExternalPointerIndexShift = 6; #endif // V8_TARGET_OS_ANDROID -// The maximum number of entries in an external pointer table. +// The byte size of an entry in an external pointer table. constexpr int kExternalPointerTableEntrySize = 8; constexpr int kExternalPointerTableEntrySizeLog2 = 3; +// The maximum number of entries in an external pointer table. constexpr size_t kMaxExternalPointers = kExternalPointerTableReservationSize / kExternalPointerTableEntrySize; static_assert((1 << (32 - kExternalPointerIndexShift)) == kMaxExternalPointers, @@ -432,6 +434,19 @@ constexpr size_t kMaxCppHeapPointers = 0; // which all subtypes of a given supertype use contiguous tags. This struct can // then be used to represent such a type range. // +// As an example, consider the following type hierarchy: +// +// A F +// / \ +// B E +// / \ +// C D +// +// A potential type id assignment for range-based type checks is +// {A: 0, B: 1, C: 2, D: 3, E: 4, F: 5}. With that, the type check for type A +// would check for the range [A, E], while the check for B would check range +// [B, D], and for F it would simply check [F, F]. +// // In addition, there is an option for performance tweaks: if the size of the // type range corresponding to a supertype is a power of two and starts at a // power of two (e.g. [0x100, 0x13f]), then the compiler can often optimize @@ -477,11 +492,7 @@ struct TagRange { constexpr TagRange(Tag first, Tag last) : first(first), last(last) { #ifdef V8_ENABLE_CHECKS // This would typically be a DCHECK, but that's not available here. -#if V8_HAS_BUILTIN_UNREACHABLE if (first > last) __builtin_unreachable(); // Invalid tag range. -#elif defined(_MSC_VER) - if (first > last) __assume(0); // Invalid tag range. -#endif #endif } @@ -533,6 +544,51 @@ struct TagRange { Tag last; }; +#define SHARED_MANAGED_TAG_LIST(V) V(WasmFutexManagedObjectWaitListTag) + +#define MANAGED_TAG_LIST(V) \ + SHARED_MANAGED_TAG_LIST(V) \ + V(GenericManagedTag) \ + V(WasmWasmStreamingTag) \ + V(WasmFuncDataTag) \ + V(WasmManagedDataTag) \ + V(WasmNativeModuleTag) \ + V(BackingStoreTag) \ + V(CFunctionWithSignatureTag) \ + V(IcuBreakIteratorTag) \ + V(IcuListFormatterTag) \ + V(IcuLocaleTag) \ + V(IcuSimpleDateFormatTag) \ + V(IcuDateIntervalFormatTag) \ + V(IcuRelativeDateTimeFormatterTag) \ + V(IcuLocalizedNumberFormatterTag) \ + V(IcuPluralRulesTag) \ + V(IcuCollatorTag) \ + V(IcuBreakIteratorWithTextTag) \ + V(TemporalDurationTag) \ + V(TemporalInstantTag) \ + V(TemporalPlainDateTag) \ + V(TemporalPlainTimeTag) \ + V(TemporalPlainDateTimeTag) \ + V(TemporalPlainYearMonthTag) \ + V(TemporalPlainMonthDayTag) \ + V(TemporalZonedDateTimeTag) \ + V(DisplayNamesInternalTag) \ + V(D8WorkerTag) \ + V(D8ModuleEmbedderDataTag) + +#define FOREIGN_TAG_LIST(V) \ + V(GenericForeignTag) \ + V(ApiAccessCheckCallbackTag) \ + V(ApiAbortScriptExecutionCallbackTag) \ + V(SyntheticModuleTag) \ + V(MicrotaskCallbackTag) \ + V(MicrotaskCallbackDataTag) \ + V(MessageListenerTag) \ + V(WaiterQueueForeignTag) \ + /* Needs to stay last to form a range for resources. */ \ + MANAGED_TAG_LIST(V) + // // External Pointers. // @@ -632,61 +688,21 @@ enum ExternalPointerTag : uint16_t { kApiIndexedPropertyDefinerCallbackTag, kApiIndexedPropertyDeleterCallbackTag, kApiIndexedPropertyEnumeratorCallbackTag, + kApiIndexedPropertyIndexOfCallbackTag, kLastInterceptorInfoExternalPointerTag = - kApiIndexedPropertyEnumeratorCallbackTag, + kApiIndexedPropertyIndexOfCallbackTag, kLastMaybeReadOnlyExternalPointerTag = kLastInterceptorInfoExternalPointerTag, kWasmStackMemoryTag, - // Foreigns - kFirstForeignExternalPointerTag, - kGenericForeignTag = kFirstForeignExternalPointerTag, - - kApiAccessCheckCallbackTag, - kApiAbortScriptExecutionCallbackTag, - kSyntheticModuleTag, - kMicrotaskCallbackTag, - kMicrotaskCallbackDataTag, - kCFunctionTag, - kCFunctionInfoTag, - kMessageListenerTag, - kWaiterQueueForeignTag, - - // Managed - kFirstManagedResourceTag, - kFirstManagedExternalPointerTag = kFirstManagedResourceTag, - kGenericManagedTag = kFirstManagedExternalPointerTag, - kWasmWasmStreamingTag, - kWasmFuncDataTag, - kWasmManagedDataTag, - kWasmNativeModuleTag, - kBackingStoreTag, - kIcuBreakIteratorTag, - kIcuUnicodeStringTag, - kIcuListFormatterTag, - kIcuLocaleTag, - kIcuSimpleDateFormatTag, - kIcuDateIntervalFormatTag, - kIcuRelativeDateTimeFormatterTag, - kIcuLocalizedNumberFormatterTag, - kIcuPluralRulesTag, - kIcuCollatorTag, - kTemporalDurationTag, - kTemporalInstantTag, - kTemporalPlainDateTag, - kTemporalPlainTimeTag, - kTemporalPlainDateTimeTag, - kTemporalPlainYearMonthTag, - kTemporalPlainMonthDayTag, - kTemporalZonedDateTimeTag, - kDisplayNamesInternalTag, - kD8WorkerTag, - kD8ModuleEmbedderDataTag, - kLastForeignExternalPointerTag = kD8ModuleEmbedderDataTag, - kLastManagedExternalPointerTag = kLastForeignExternalPointerTag, - // External resources whose lifetime is tied to their entry in the external - // pointer table but which are not referenced via a Managed +#define AS_ENUM(name) k##name, + FOREIGN_TAG_LIST(AS_ENUM) + +#undef AS_ENUM + + // External resources whose lifetime is tied to their entry in the + // external pointer table but which are not referenced via a Managed kArrayBufferExtensionTag, kLastManagedResourceTag = kArrayBufferExtensionTag, @@ -697,30 +713,89 @@ enum ExternalPointerTag : uint16_t { kLastExternalPointerTag = 0x7f, }; +constexpr const char* ToString(ExternalPointerTag tag) { + switch (tag) { +#define ENUM_CASE(name) \ + case ExternalPointerTag::k##name: \ + return #name; + + FOREIGN_TAG_LIST(ENUM_CASE) + +#undef ENUM_CASE + default: + return "Unknown tag"; + } +} + using ExternalPointerTagRange = TagRange; +#define AS_LIST(name) ExternalPointerTag::k##name, + +#define GET_FIRST(LIST) \ + []() { \ + ExternalPointerTag items[] = {LIST(AS_LIST)}; \ + return items[0]; \ + }() + +#define GET_LAST(LIST) \ + []() { \ + ExternalPointerTag items[] = {LIST(AS_LIST)}; \ + return items[(sizeof(items) / sizeof(items[0])) - 1]; \ + }() + constexpr ExternalPointerTagRange kAnyExternalPointerTagRange( kFirstExternalPointerTag, kLastExternalPointerTag); -constexpr ExternalPointerTagRange kAnySharedExternalPointerTagRange( - kFirstSharedExternalPointerTag, kLastSharedExternalPointerTag); + +constexpr ExternalPointerTag kFirstForeignExternalPointerTag = + GET_FIRST(FOREIGN_TAG_LIST); +constexpr ExternalPointerTag kLastForeignExternalPointerTag = + GET_LAST(FOREIGN_TAG_LIST); constexpr ExternalPointerTagRange kAnyForeignExternalPointerTagRange( kFirstForeignExternalPointerTag, kLastForeignExternalPointerTag); constexpr ExternalPointerTagRange kAnyInterceptorInfoExternalPointerTagRange( kFirstInterceptorInfoExternalPointerTag, kLastInterceptorInfoExternalPointerTag); + +constexpr ExternalPointerTag kFirstManagedExternalPointerTag = + GET_FIRST(MANAGED_TAG_LIST); +constexpr ExternalPointerTag kLastManagedExternalPointerTag = + GET_LAST(MANAGED_TAG_LIST); constexpr ExternalPointerTagRange kAnyManagedExternalPointerTagRange( kFirstManagedExternalPointerTag, kLastManagedExternalPointerTag); + constexpr ExternalPointerTagRange kAnyMaybeReadOnlyExternalPointerTagRange( kFirstMaybeReadOnlyExternalPointerTag, kLastMaybeReadOnlyExternalPointerTag); + +constexpr ExternalPointerTag kFirstManagedResourceTag = + GET_FIRST(MANAGED_TAG_LIST); +// kLastManagedResourceTag defined in the enum. constexpr ExternalPointerTagRange kAnyManagedResourceExternalPointerTag( kFirstManagedResourceTag, kLastManagedResourceTag); +constexpr ExternalPointerTag kFirstSharedManagedExternalPointerTag = + GET_FIRST(SHARED_MANAGED_TAG_LIST); +constexpr ExternalPointerTag kLastSharedManagedExternalPointerTag = + GET_LAST(SHARED_MANAGED_TAG_LIST); +constexpr ExternalPointerTagRange kAnySharedManagedExternalPointerTagRange( + kFirstSharedManagedExternalPointerTag, + kLastSharedManagedExternalPointerTag); + +#undef AS_LIST +#undef GET_FIRST +#undef GET_LAST + // True if the external pointer must be accessed from the shared isolate's // external pointer table. V8_INLINE static constexpr bool IsSharedExternalPointerType( ExternalPointerTagRange tag_range) { - return kAnySharedExternalPointerTagRange.Contains(tag_range); + // This range should only be used together with + // kAnySharedManagedExternalPointerTagRange in this predicate. Therefore + // it is defined in this scope. + constexpr ExternalPointerTagRange kAnySharedExternalPointerTagRange( + kFirstSharedExternalPointerTag, kLastSharedExternalPointerTag); + return kAnySharedExternalPointerTagRange.Contains(tag_range) || + kAnySharedManagedExternalPointerTagRange.Contains(tag_range); } // True if the external pointer may live in a read-only object, in which case @@ -806,9 +881,10 @@ constexpr uint32_t kTrustedPointerHandleShift = 9; constexpr TrustedPointerHandle kNullTrustedPointerHandle = kNullIndirectPointerHandle; -// The maximum number of entries in an trusted pointer table. +// The byte size of an entry in the trusted pointer table. constexpr int kTrustedPointerTableEntrySize = 8; constexpr int kTrustedPointerTableEntrySizeLog2 = 3; +// The maximum number of entries in the trusted pointer table. constexpr size_t kMaxTrustedPointers = kTrustedPointerTableReservationSize / kTrustedPointerTableEntrySize; static_assert((1 << (32 - kTrustedPointerHandleShift)) == kMaxTrustedPointers, @@ -854,9 +930,10 @@ constexpr uint32_t kCodePointerHandleMarker = 0x1; static_assert(kCodePointerHandleShift > 0); static_assert(kTrustedPointerHandleShift > 0); -// The maximum number of entries in a code pointer table. +// The byte size of an entry in a code pointer table. constexpr int kCodePointerTableEntrySize = 16; constexpr int kCodePointerTableEntrySizeLog2 = 4; +// The maximum number of entries in a code pointer table. constexpr size_t kMaxCodePointers = kCodePointerTableReservationSize / kCodePointerTableEntrySize; static_assert( @@ -1042,8 +1119,12 @@ class Internals { kIsolateApiCallbackThunkArgumentOffset + kApiSystemPointerSize; static const int kContinuationPreservedEmbedderDataOffset = kIsolateRegexpExecVectorArgumentOffset + kApiSystemPointerSize; - static const int kIsolateRootsOffset = + static const int kCurrentMicrotaskQueueOffset = kContinuationPreservedEmbedderDataOffset + kApiSystemPointerSize; + static const int kCurrentMicrotaskNativeContextOffset = + kCurrentMicrotaskQueueOffset + kApiSystemPointerSize; + static const int kIsolateRootsOffset = + kCurrentMicrotaskNativeContextOffset + kApiSystemPointerSize; #if V8_TARGET_ARCH_PPC64 static constexpr int kFrameCPSlotCount = 1; @@ -1239,6 +1320,11 @@ class Internals { return representation == kExternalTwoByteRepresentationTag; } + V8_INLINE static bool IsExternalOneByteString(int instance_type) { + int representation = (instance_type & kStringRepresentationAndEncodingMask); + return representation == kExternalOneByteRepresentationTag; + } + V8_INLINE static constexpr bool CanHaveInternalField(int instance_type) { static_assert(kJSObjectType + 1 == kFirstJSApiObjectType); static_assert(kJSObjectType < kLastJSApiObjectType); diff --git a/deps/v8/include/v8-isolate.h b/deps/v8/include/v8-isolate.h index f929f13a4de8ff..44bde532a6253f 100644 --- a/deps/v8/include/v8-isolate.h +++ b/deps/v8/include/v8-isolate.h @@ -659,7 +659,9 @@ class V8_EXPORT Isolate { kWithStatement = 180, kHtmlWrapperMethods = 181, kWasmCustomDescriptors = 182, - kWasmResizableBuffers = 183, + kOBSOLETE_WasmResizableBuffers = 183, + kInvalidatedArrayBufferMutableProtector = 184, + kHoleyArrayReadthrough = 185, // If you add new values here, you'll also need to update Chromium's: // web_feature.mojom, use_counter_callback.cc, and enums.xml. V8 changes to @@ -1892,7 +1894,6 @@ class V8_EXPORT Isolate { internal::ValueHelper::InternalRepresentationType GetDataFromSnapshotOnce( size_t index); int64_t AdjustAmountOfExternalAllocatedMemoryImpl(int64_t change_in_bytes); - void HandleExternalMemoryInterrupt(); }; void Isolate::SetData(uint32_t slot, void* data) { diff --git a/deps/v8/include/v8-message.h b/deps/v8/include/v8-message.h index b3e898fa77d153..c7d6b5421809dc 100644 --- a/deps/v8/include/v8-message.h +++ b/deps/v8/include/v8-message.h @@ -139,13 +139,15 @@ class V8_EXPORT Message { /** * Returns the index within the script of the first character where - * the error occurred. + * the error occurred. This is best effort and not guaranteed. It may be -1 or + * even > EndPosition in some cases. */ int GetStartPosition() const; /** * Returns the index within the script of the last character where - * the error occurred. + * the error occurred. This is best effort and not guaranteed. It may be -1 or + * even < StartPosition in some cases. */ int GetEndPosition() const; diff --git a/deps/v8/include/v8-object.h b/deps/v8/include/v8-object.h index 634aebb56ae5dd..ffab3f5ff536e2 100644 --- a/deps/v8/include/v8-object.h +++ b/deps/v8/include/v8-object.h @@ -198,6 +198,10 @@ using AccessorNameGetterCallback = * See Object::SetNativeDataProperty and * ObjectTemplate::SetNativeDataProperty methods. */ +using AccessorNameSetterCallbackV2 = + void (*)(Local property, Local value, + const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. using AccessorNameSetterCallback = void (*)(Local property, Local value, const PropertyCallbackInfo& info); @@ -336,24 +340,9 @@ class V8_EXPORT Object : public Value { * Gets the property attributes of a property which can be None or * any combination of ReadOnly, DontEnum and DontDelete. Returns * None when the property doesn't exist. - * - * This method will be deprecated soon, since it doesn't provide a way - * to return "property does not exist" result. Use GetPropertyAttributes with - * PropertyAttribute* instead. */ V8_WARN_UNUSED_RESULT Maybe GetPropertyAttributes( Local context, Local key); - /** - * Gets the property attributes of a property which can be None or - * any combination of ReadOnly, DontEnum and DontDelete. - * - * Returns true and sets *out_attributes if the property exists, false if - * not or empty Maybe if an exception is thrown. In the latter two cases, - * the value of *out_attributes is not modified. - */ - V8_WARN_UNUSED_RESULT Maybe GetPropertyAttributes( - Local context, Local key, - PropertyAttribute* out_attributes); /** * Implements Object.getOwnPropertyDescriptor(O, P), see @@ -402,11 +391,29 @@ class V8_EXPORT Object : public Value { */ V8_WARN_UNUSED_RESULT Maybe SetNativeDataProperty( Local context, Local name, - AccessorNameGetterCallback getter, - AccessorNameSetterCallback setter = nullptr, + AccessorNameGetterCallback getter, AccessorNameSetterCallbackV2 setter, Local data = Local(), PropertyAttribute attributes = None, SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect); + V8_WARN_UNUSED_RESULT Maybe SetNativeDataProperty( + Local context, Local name, + AccessorNameGetterCallback getter, AccessorNameSetterCallback setter, + Local data = Local(), PropertyAttribute attributes = None, + SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, + SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect); + // TODO(https://crbug.com/348660658): remove once AccessorNameSetterCallback + // is removed. + V8_WARN_UNUSED_RESULT Maybe SetNativeDataProperty( + Local context, Local name, + AccessorNameGetterCallback getter, nullptr_t setter = nullptr, + Local data = Local(), PropertyAttribute attributes = None, + SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, + SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect) { + return SetNativeDataProperty( + context, name, getter, + static_cast(setter), data, attributes, + getter_side_effect_type, setter_side_effect_type); + } /** * Attempts to create a property with the given name which behaves like a data @@ -469,17 +476,24 @@ class V8_EXPORT Object : public Value { /** * Get the prototype object (same as calling Object.getPrototypeOf(..)). * This does not consult the security handler. - * TODO(http://crbug.com/333672197): rename back to GetPrototype(). */ - Local GetPrototypeV2(); + Local GetPrototype(); + // TODO(http://crbug.com/333672197): deprecate and remove. + V8_DEPRECATE_SOON("Use GetPrototype().") + inline Local GetPrototypeV2() { return GetPrototype(); } /** * Set the prototype object (same as calling Object.setPrototypeOf(..)). * This does not consult the security handler. - * TODO(http://crbug.com/333672197): rename back to SetPrototype(). */ + V8_WARN_UNUSED_RESULT Maybe SetPrototype(Local context, + Local prototype); + // TODO(http://crbug.com/333672197): deprecate and remove. + V8_DEPRECATE_SOON("Use SetPrototype().") V8_WARN_UNUSED_RESULT Maybe SetPrototypeV2(Local context, - Local prototype); + Local prototype) { + return SetPrototype(context, prototype); + } /** * Finds an instance of the given function template in the prototype diff --git a/deps/v8/include/v8-persistent-handle.h b/deps/v8/include/v8-persistent-handle.h index aae1f83e29037d..e03c07dd1f3c8c 100644 --- a/deps/v8/include/v8-persistent-handle.h +++ b/deps/v8/include/v8-persistent-handle.h @@ -163,7 +163,7 @@ class PersistentBase : public api_internal::IndirectHandleBase { template V8_INLINE P* ClearWeak(); - // TODO(dcarney): remove this. + V8_DEPRECATE_SOON("Use ClearWeak() instead.") V8_INLINE void ClearWeak() { ClearWeak(); } /** @@ -308,8 +308,8 @@ class Persistent : public PersistentBase { if (M::kResetInDestructor) this->Reset(); } - // TODO(dcarney): this is pretty useless, fix or remove template + V8_DEPRECATE_SOON("Use Local::New(...).As()") V8_INLINE static Persistent& Cast(const Persistent& that) { #ifdef V8_ENABLE_CHECKS // If we're going to perform the type check then we have to check @@ -320,10 +320,14 @@ class Persistent : public PersistentBase { const_cast&>(that)); } - // TODO(dcarney): this is pretty useless, fix or remove template + V8_DEPRECATE_SOON("Use Local::New(...).As()") V8_INLINE Persistent& As() const { - return Persistent::Cast(*this); +#ifdef V8_ENABLE_CHECKS + if (!this->IsEmpty()) S::Cast(this->template value()); +#endif + return reinterpret_cast&>( + const_cast&>(*this)); } private: diff --git a/deps/v8/include/v8-primitive-object.h b/deps/v8/include/v8-primitive-object.h index 573932d0789cf0..109cfac0dc717d 100644 --- a/deps/v8/include/v8-primitive-object.h +++ b/deps/v8/include/v8-primitive-object.h @@ -34,7 +34,7 @@ class V8_EXPORT NumberObject : public Object { }; /** - * A BigInt object (https://tc39.github.io/proposal-bigint) + * A BigInt object (https://tc39.es/proposal-bigint) */ class V8_EXPORT BigIntObject : public Object { public: diff --git a/deps/v8/include/v8-primitive.h b/deps/v8/include/v8-primitive.h index 457a8838461faa..2b443d97d34fc6 100644 --- a/deps/v8/include/v8-primitive.h +++ b/deps/v8/include/v8-primitive.h @@ -446,13 +446,15 @@ class V8_EXPORT String : public Name { * Get the ExternalStringResource for an external string. Returns * NULL if IsExternal() doesn't return true. */ + // TODO(pthier): Change return type to const ExternalStringResource*. V8_INLINE ExternalStringResource* GetExternalStringResource() const; /** * Get the ExternalOneByteStringResource for an external one-byte string. * Returns NULL if IsExternalOneByte() doesn't return true. */ - const ExternalOneByteStringResource* GetExternalOneByteStringResource() const; + V8_INLINE const ExternalOneByteStringResource* + GetExternalOneByteStringResource() const; V8_INLINE static String* Cast(v8::Data* data) { #ifdef V8_ENABLE_CHECKS @@ -619,9 +621,11 @@ class V8_EXPORT String : public Name { * WARNING: This will unconditionally copy the contents of the JavaScript * string, and should be avoided in situations where performance is a concern. */ - class V8_EXPORT Value { + class V8_DEPRECATE_SOON( + "Prefer using String::ValueView if you can, or string->Write to a " + "buffer if you cannot.") V8_EXPORT Value { public: - V8_DEPRECATE_SOON( + V8_DEPRECATED( "Prefer using String::ValueView if you can, or string->Write to a " "buffer if you cannot.") Value(Isolate* isolate, Local obj); @@ -689,10 +693,11 @@ class V8_EXPORT String : public Name { }; private: - void VerifyExternalStringResourceBase(ExternalStringResourceBase* v, + void VerifyExternalStringResourceBase(const ExternalStringResourceBase* v, Encoding encoding) const; - void VerifyExternalStringResource(ExternalStringResource* val) const; ExternalStringResource* GetExternalStringResourceSlow() const; + const ExternalOneByteStringResource* GetExternalOneByteStringResourceSlow() + const; ExternalStringResourceBase* GetExternalStringResourceBaseSlow( String::Encoding* encoding_out) const; @@ -881,7 +886,7 @@ class V8_EXPORT Uint32 : public Integer { }; /** - * A JavaScript BigInt value (https://tc39.github.io/proposal-bigint) + * A JavaScript BigInt value (https://tc39.es/proposal-bigint) */ class V8_EXPORT BigInt : public Numeric { public: @@ -963,35 +968,33 @@ String::ExternalStringResource* String::GetExternalStringResource() const { result = GetExternalStringResourceSlow(); } #ifdef V8_ENABLE_CHECKS - VerifyExternalStringResource(result); + VerifyExternalStringResourceBase(result, Encoding::TWO_BYTE_ENCODING); #endif return result; } -String::ExternalStringResourceBase* String::GetExternalStringResourceBase( - v8::Isolate* isolate, String::Encoding* encoding_out) const { +const String::ExternalOneByteStringResource* +String::GetExternalOneByteStringResource() const { using A = internal::Address; using I = internal::Internals; A obj = internal::ValueHelper::ValueAsAddress(this); - int type = I::GetInstanceType(obj) & I::kStringRepresentationAndEncodingMask; - *encoding_out = static_cast(type & I::kStringEncodingMask); - ExternalStringResourceBase* resource; - if (type == I::kExternalOneByteRepresentationTag || - type == I::kExternalTwoByteRepresentationTag) { + const ExternalOneByteStringResource* result; + if (I::IsExternalOneByteString(I::GetInstanceType(obj))) { + Isolate* isolate = I::GetCurrentIsolateForSandbox(); A value = I::ReadExternalPointerField( isolate, obj, I::kStringResourceOffset); - resource = reinterpret_cast(value); + result = reinterpret_cast(value); } else { - resource = GetExternalStringResourceBaseSlow(encoding_out); + result = GetExternalOneByteStringResourceSlow(); } #ifdef V8_ENABLE_CHECKS - VerifyExternalStringResourceBase(resource, *encoding_out); + VerifyExternalStringResourceBase(result, Encoding::ONE_BYTE_ENCODING); #endif - return resource; + return result; } String::ExternalStringResourceBase* String::GetExternalStringResourceBase( - String::Encoding* encoding_out) const { + v8::Isolate* isolate, String::Encoding* encoding_out) const { using A = internal::Address; using I = internal::Internals; A obj = internal::ValueHelper::ValueAsAddress(this); @@ -1000,7 +1003,6 @@ String::ExternalStringResourceBase* String::GetExternalStringResourceBase( ExternalStringResourceBase* resource; if (type == I::kExternalOneByteRepresentationTag || type == I::kExternalTwoByteRepresentationTag) { - Isolate* isolate = I::GetCurrentIsolateForSandbox(); A value = I::ReadExternalPointerField( isolate, obj, I::kStringResourceOffset); resource = reinterpret_cast(value); @@ -1013,6 +1015,12 @@ String::ExternalStringResourceBase* String::GetExternalStringResourceBase( return resource; } +String::ExternalStringResourceBase* String::GetExternalStringResourceBase( + String::Encoding* encoding_out) const { + Isolate* isolate = internal::Internals::GetCurrentIsolateForSandbox(); + return GetExternalStringResourceBase(isolate, encoding_out); +} + // --- Statics --- V8_INLINE Local Undefined(Isolate* isolate) { diff --git a/deps/v8/include/v8-profiler.h b/deps/v8/include/v8-profiler.h index 7e2d0933e92e68..c8874db078ad52 100644 --- a/deps/v8/include/v8-profiler.h +++ b/deps/v8/include/v8-profiler.h @@ -830,6 +830,12 @@ class V8_EXPORT AllocationProfile { * what samples were added or removed between two snapshots. */ uint64_t sample_id; + + /** + * Indicates whether the sampled allocation is still live or has already + * been collected by GC. + */ + bool is_live; }; /** @@ -1063,7 +1069,8 @@ class V8_EXPORT HeapProfiler { * * This interface will soon be deprecated in favour of ContextNameResolver. */ - class ObjectNameResolver { + class V8_DEPRECATE_SOON("Use ContextNameResolver instead.") + ObjectNameResolver { public: /** * Returns name to be used in the heap snapshot for given node. Returned @@ -1121,24 +1128,13 @@ class V8_EXPORT HeapProfiler { // NOLINTNEXTLINE HeapSnapshotOptions() {} - // TODO(https://crbug.com/333672197): remove once ObjectNameResolver is - // removed. - ALLOW_COPY_AND_MOVE_WITH_DEPRECATED_FIELDS(HeapSnapshotOptions) - /** * The control used to report intermediate progress to. */ ActivityControl* control = nullptr; - /** - * The resolver used by the snapshot generator to get names for V8 objects. - */ - V8_DEPRECATED("Use context_name_resolver callback instead.") - ObjectNameResolver* global_object_name_resolver = nullptr; /** * The resolver used by the snapshot generator to get names for v8::Context * objects. - * In case both this and |global_object_name_resolver| callbacks are - * provided, this one will be used. */ ContextNameResolver* context_name_resolver = nullptr; /** @@ -1170,18 +1166,8 @@ class V8_EXPORT HeapProfiler { * * \returns the snapshot. */ - V8_DEPRECATED("Use overload with ContextNameResolver* resolver instead.") - const HeapSnapshot* TakeHeapSnapshot( - ActivityControl* control, ObjectNameResolver* global_object_name_resolver, - bool hide_internals = true, bool capture_numeric_value = false); - const HeapSnapshot* TakeHeapSnapshot(ActivityControl* control, - ContextNameResolver* resolver, - bool hide_internals = true, - bool capture_numeric_value = false); - // TODO(333672197): remove this version once ObjectNameResolver* overload - // is removed. const HeapSnapshot* TakeHeapSnapshot(ActivityControl* control, - std::nullptr_t resolver = nullptr, + ContextNameResolver* resolver = nullptr, bool hide_internals = true, bool capture_numeric_value = false); diff --git a/deps/v8/include/v8-script.h b/deps/v8/include/v8-script.h index c3a2274d43334e..c008953841be04 100644 --- a/deps/v8/include/v8-script.h +++ b/deps/v8/include/v8-script.h @@ -282,12 +282,26 @@ class V8_EXPORT Module : public Data { */ V8_WARN_UNUSED_RESULT MaybeLocal Evaluate(Local context); + /** + * Evaluates async dependencies of a module and defer its evaluation + * + * It implements 13.3.10.4.1 ContinueDynamicImport, Step 6.e. + * (https://tc39.es/proposal-defer-import-eval/#sec-ContinueDynamicImport). + * This will gather all async dependencies of this module and trigger their + * evaluation. It returns a Promise that is similar to a Promise.all for all + * modules that are going to be evaluated. This module and its sync + * dependencies are not going to be evaluated. + */ + V8_WARN_UNUSED_RESULT MaybeLocal EvaluateForImportDefer( + Local context); + /** * Returns the namespace object of this module. * * The module's status must be at least kInstantiated. */ - Local GetModuleNamespace(); + Local GetModuleNamespace( + v8::ModuleImportPhase phase = v8::ModuleImportPhase::kEvaluation); /** * Returns the corresponding context-unbound module script. @@ -764,6 +778,7 @@ class V8_EXPORT ScriptCompiler { kNoCacheBecauseResourceWithNoCacheHandler, kNoCacheBecauseDeferredProduceCodeCache, kNoCacheBecauseStaticCodeCache, + kNoCacheBecauseInlineScriptCacheTooCold, }; /** diff --git a/deps/v8/include/v8-template.h b/deps/v8/include/v8-template.h index 35c3c34e8badbc..741342c70e220d 100644 --- a/deps/v8/include/v8-template.h +++ b/deps/v8/include/v8-template.h @@ -103,10 +103,28 @@ class V8_EXPORT Template : public Data { */ void SetNativeDataProperty( Local name, AccessorNameGetterCallback getter, - AccessorNameSetterCallback setter = nullptr, - Local data = Local(), PropertyAttribute attribute = None, + AccessorNameSetterCallbackV2 setter, Local data = Local(), + PropertyAttribute attribute = None, + SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, + SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect); + void SetNativeDataProperty( + Local name, AccessorNameGetterCallback getter, + AccessorNameSetterCallback setter, Local data = Local(), + PropertyAttribute attribute = None, SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect); + // TODO(https://crbug.com/348660658): remove once AccessorNameSetterCallback + // is removed. + void SetNativeDataProperty( + Local name, AccessorNameGetterCallback getter, + nullptr_t setter = nullptr, Local data = Local(), + PropertyAttribute attribute = None, + SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, + SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect) { + SetNativeDataProperty( + name, getter, static_cast(setter), data, + attribute, getter_side_effect_type, setter_side_effect_type); + } /** * Like SetNativeDataProperty, but V8 will replace the native data property @@ -213,6 +231,10 @@ using NamedPropertyGetterCallback = Intercepted (*)( * * See also `ObjectTemplate::SetHandler.` */ +using NamedPropertySetterCallbackV2 = + Intercepted (*)(Local property, Local value, + const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. using NamedPropertySetterCallback = Intercepted (*)(Local property, Local value, const PropertyCallbackInfo& info); @@ -308,6 +330,10 @@ using NamedPropertyEnumeratorCallback = * * See also `ObjectTemplate::SetHandler`. */ +using NamedPropertyDefinerCallbackV2 = + Intercepted (*)(Local property, const PropertyDescriptor& desc, + const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. using NamedPropertyDefinerCallback = Intercepted (*)(Local property, const PropertyDescriptor& desc, const PropertyCallbackInfo& info); @@ -336,33 +362,39 @@ using NamedPropertyDefinerCallback = using NamedPropertyDescriptorCallback = Intercepted (*)( Local property, const PropertyCallbackInfo& info); -// TODO(ishell): Rename IndexedPropertyXxxCallbackV2 back to -// IndexedPropertyXxxCallback once the old IndexedPropertyXxxCallback is -// removed. - /** * See `v8::NamedPropertyGetterCallback`. */ -using IndexedPropertyGetterCallbackV2 = +using IndexedPropertyGetterCallback = Intercepted (*)(uint32_t index, const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. +using IndexedPropertyGetterCallbackV2 = IndexedPropertyGetterCallback; /** * See `v8::NamedPropertySetterCallback`. */ +using IndexedPropertySetterCallback = + Intercepted (*)(uint32_t index, Local value, + const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. using IndexedPropertySetterCallbackV2 = Intercepted (*)( uint32_t index, Local value, const PropertyCallbackInfo& info); /** * See `v8::NamedPropertyQueryCallback`. */ -using IndexedPropertyQueryCallbackV2 = +using IndexedPropertyQueryCallback = Intercepted (*)(uint32_t index, const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. +using IndexedPropertyQueryCallbackV2 = IndexedPropertyQueryCallback; /** * See `v8::NamedPropertyDeleterCallback`. */ -using IndexedPropertyDeleterCallbackV2 = +using IndexedPropertyDeleterCallback = Intercepted (*)(uint32_t index, const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. +using IndexedPropertyDeleterCallbackV2 = IndexedPropertyDeleterCallback; /** * Returns an array containing the indices of the properties the indexed @@ -376,6 +408,10 @@ using IndexedPropertyEnumeratorCallback = /** * See `v8::NamedPropertyDefinerCallback`. */ +using IndexedPropertyDefinerCallback = + Intercepted (*)(uint32_t index, const PropertyDescriptor& desc, + const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. using IndexedPropertyDefinerCallbackV2 = Intercepted (*)(uint32_t index, const PropertyDescriptor& desc, const PropertyCallbackInfo& info); @@ -383,8 +419,17 @@ using IndexedPropertyDefinerCallbackV2 = /** * See `v8::NamedPropertyDescriptorCallback`. */ -using IndexedPropertyDescriptorCallbackV2 = +using IndexedPropertyDescriptorCallback = Intercepted (*)(uint32_t index, const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. +using IndexedPropertyDescriptorCallbackV2 = IndexedPropertyDescriptorCallback; + +/** + * Experimental API, do not use! + */ +using IndexedPropertyIndexOfCallback = + uint32_t (*)(Local value, uint32_t start_index, uint32_t end_index, + uint32_t* out_length, const PropertyCallbackInfo& info); /** * Returns true if the given context should be allowed to access the given @@ -703,37 +748,76 @@ struct NamedPropertyHandlerConfiguration { PropertyHandlerFlags::kInternalNewCallbacksSignatures)); } + static NamedPropertySetterCallbackV2 ConvertSetter(nullptr_t) { + return nullptr; + } + static NamedPropertySetterCallbackV2 ConvertSetter( + NamedPropertySetterCallbackV2 value) { + return value; + } + static NamedPropertySetterCallbackV2 ConvertSetter( + NamedPropertySetterCallback value) { + return NamedPropertySetterCallbackV2(value); + } + + static NamedPropertyDefinerCallbackV2 ConvertDefiner(nullptr_t) { + return nullptr; + } + static NamedPropertyDefinerCallbackV2 ConvertDefiner( + NamedPropertyDefinerCallbackV2 value) { + return value; + } + static NamedPropertyDefinerCallbackV2 ConvertDefiner( + NamedPropertyDefinerCallback value) { + return NamedPropertyDefinerCallbackV2(value); + } + public: + // TODO(https://crbug.com/348660658): cleanup once migration to + // NamedPropertySetterCallbackV2/NamedPropertyDefinerCallbackV2 is done. + template + requires((std::is_same_v || + std::is_same_v || + std::is_same_v) && + (std::is_same_v || + std::is_same_v || + std::is_same_v)) NamedPropertyHandlerConfiguration( NamedPropertyGetterCallback getter, // - NamedPropertySetterCallback setter, // + TSetter setter, // NamedPropertyQueryCallback query, // NamedPropertyDeleterCallback deleter, // NamedPropertyEnumeratorCallback enumerator, // - NamedPropertyDefinerCallback definer, // + TDefiner definer, // NamedPropertyDescriptorCallback descriptor, // Local data = Local(), PropertyHandlerFlags flags = PropertyHandlerFlags::kNone) : getter(getter), - setter(setter), + setter(ConvertSetter(setter)), query(query), deleter(deleter), enumerator(enumerator), - definer(definer), + definer(ConvertDefiner(definer)), descriptor(descriptor), data(data), flags(flags) {} + // TODO(https://crbug.com/348660658): cleanup once migration to + // NamedPropertySetterCallbackV2/NamedPropertyDefinerCallbackV2 is done. + template + requires(std::is_same_v || + std::is_same_v || + std::is_same_v) explicit NamedPropertyHandlerConfiguration( - NamedPropertyGetterCallback getter, - NamedPropertySetterCallback setter = nullptr, - NamedPropertyQueryCallback query = nullptr, - NamedPropertyDeleterCallback deleter = nullptr, - NamedPropertyEnumeratorCallback enumerator = nullptr, + NamedPropertyGetterCallback getter, // + TSetter setter = nullptr, // + NamedPropertyQueryCallback query = nullptr, // + NamedPropertyDeleterCallback deleter = nullptr, // + NamedPropertyEnumeratorCallback enumerator = nullptr, // Local data = Local(), PropertyHandlerFlags flags = PropertyHandlerFlags::kNone) : getter(getter), - setter(setter), + setter(ConvertSetter(setter)), query(query), deleter(deleter), enumerator(enumerator), @@ -742,31 +826,40 @@ struct NamedPropertyHandlerConfiguration { data(data), flags(flags) {} + // TODO(https://crbug.com/348660658): cleanup once migration to + // NamedPropertySetterCallbackV2/NamedPropertyDefinerCallbackV2 is done. + template + requires((std::is_same_v || + std::is_same_v || + std::is_same_v) && + (std::is_same_v || + std::is_same_v || + std::is_same_v)) NamedPropertyHandlerConfiguration( NamedPropertyGetterCallback getter, // - NamedPropertySetterCallback setter, // + TSetter setter, // NamedPropertyDescriptorCallback descriptor, // NamedPropertyDeleterCallback deleter, // NamedPropertyEnumeratorCallback enumerator, // - NamedPropertyDefinerCallback definer, // + TDefiner definer, // Local data = Local(), PropertyHandlerFlags flags = PropertyHandlerFlags::kNone) : getter(getter), - setter(setter), + setter(ConvertSetter(setter)), query(nullptr), deleter(deleter), enumerator(enumerator), - definer(definer), + definer(ConvertDefiner(definer)), descriptor(descriptor), data(data), flags(flags) {} NamedPropertyGetterCallback getter; - NamedPropertySetterCallback setter; + NamedPropertySetterCallbackV2 setter; NamedPropertyQueryCallback query; NamedPropertyDeleterCallback deleter; NamedPropertyEnumeratorCallback enumerator; - NamedPropertyDefinerCallback definer; + NamedPropertyDefinerCallbackV2 definer; NamedPropertyDescriptorCallback descriptor; Local data; PropertyHandlerFlags flags; @@ -782,37 +875,76 @@ struct IndexedPropertyHandlerConfiguration { PropertyHandlerFlags::kInternalNewCallbacksSignatures)); } + static IndexedPropertySetterCallback ConvertSetter(nullptr_t) { + return nullptr; + } + static IndexedPropertySetterCallback ConvertSetter( + IndexedPropertySetterCallback value) { + return value; + } + static IndexedPropertySetterCallback ConvertSetter( + IndexedPropertySetterCallbackV2 value) { + return IndexedPropertySetterCallback(value); + } + + static IndexedPropertyDefinerCallback ConvertDefiner(nullptr_t) { + return nullptr; + } + static IndexedPropertyDefinerCallback ConvertDefiner( + IndexedPropertyDefinerCallback value) { + return value; + } + static IndexedPropertyDefinerCallback ConvertDefiner( + IndexedPropertyDefinerCallbackV2 value) { + return IndexedPropertyDefinerCallback(value); + } + public: + // TODO(https://crbug.com/348660658): cleanup once migration to + // IndexedPropertySetterCallback/IndexedPropertyDefinerCallback is done. + template + requires((std::is_same_v || + std::is_same_v || + std::is_same_v) && + (std::is_same_v || + std::is_same_v || + std::is_same_v)) IndexedPropertyHandlerConfiguration( - IndexedPropertyGetterCallbackV2 getter, // - IndexedPropertySetterCallbackV2 setter, // - IndexedPropertyQueryCallbackV2 query, // - IndexedPropertyDeleterCallbackV2 deleter, // - IndexedPropertyEnumeratorCallback enumerator, // - IndexedPropertyDefinerCallbackV2 definer, // - IndexedPropertyDescriptorCallbackV2 descriptor, // + IndexedPropertyGetterCallback getter, // + TSetter setter, // + IndexedPropertyQueryCallback query, // + IndexedPropertyDeleterCallback deleter, // + IndexedPropertyEnumeratorCallback enumerator, // + TDefiner definer, // + IndexedPropertyDescriptorCallback descriptor, // Local data = Local(), PropertyHandlerFlags flags = PropertyHandlerFlags::kNone) : getter(getter), - setter(setter), + setter(ConvertSetter(setter)), query(query), deleter(deleter), enumerator(enumerator), - definer(definer), + definer(ConvertDefiner(definer)), descriptor(descriptor), data(data), flags(flags) {} + // TODO(https://crbug.com/348660658): cleanup once migration to + // IndexedPropertySetterCallback/IndexedPropertyDefinerCallback is done. + template + requires(std::is_same_v || + std::is_same_v || + std::is_same_v) explicit IndexedPropertyHandlerConfiguration( - IndexedPropertyGetterCallbackV2 getter = nullptr, - IndexedPropertySetterCallbackV2 setter = nullptr, - IndexedPropertyQueryCallbackV2 query = nullptr, - IndexedPropertyDeleterCallbackV2 deleter = nullptr, - IndexedPropertyEnumeratorCallback enumerator = nullptr, - Local data = Local(), + IndexedPropertyGetterCallback getter = nullptr, // + TSetter setter = nullptr, // + IndexedPropertyQueryCallback query = nullptr, // + IndexedPropertyDeleterCallback deleter = nullptr, // + IndexedPropertyEnumeratorCallback enumerator = nullptr, // + Local data = Local(), // PropertyHandlerFlags flags = PropertyHandlerFlags::kNone) : getter(getter), - setter(setter), + setter(ConvertSetter(setter)), query(query), deleter(deleter), enumerator(enumerator), @@ -821,32 +953,73 @@ struct IndexedPropertyHandlerConfiguration { data(data), flags(flags) {} + // TODO(https://crbug.com/348660658): cleanup once migration to + // IndexedPropertySetterCallback/IndexedPropertyDefinerCallback is done. + template + requires((std::is_same_v || + std::is_same_v || + std::is_same_v) && + (std::is_same_v || + std::is_same_v || + std::is_same_v)) IndexedPropertyHandlerConfiguration( - IndexedPropertyGetterCallbackV2 getter, - IndexedPropertySetterCallbackV2 setter, - IndexedPropertyDescriptorCallbackV2 descriptor, - IndexedPropertyDeleterCallbackV2 deleter, - IndexedPropertyEnumeratorCallback enumerator, - IndexedPropertyDefinerCallbackV2 definer, + IndexedPropertyGetterCallback getter, // + TSetter setter, // + IndexedPropertyDescriptorCallback descriptor, // + IndexedPropertyDeleterCallback deleter, // + IndexedPropertyEnumeratorCallback enumerator, // + TDefiner definer, // Local data = Local(), PropertyHandlerFlags flags = PropertyHandlerFlags::kNone) : getter(getter), - setter(setter), + setter(ConvertSetter(setter)), query(nullptr), deleter(deleter), enumerator(enumerator), - definer(definer), + definer(ConvertDefiner(definer)), + descriptor(descriptor), + data(data), + flags(flags) {} + + // TODO(https://crbug.com/348660658): cleanup once migration to + // IndexedPropertySetterCallback/IndexedPropertyDefinerCallback is done. + template + requires((std::is_same_v || + std::is_same_v || + std::is_same_v) && + (std::is_same_v || + std::is_same_v || + std::is_same_v)) + IndexedPropertyHandlerConfiguration( + IndexedPropertyGetterCallback getter, // + TSetter setter, // + IndexedPropertyQueryCallback query, // + IndexedPropertyDeleterCallback deleter, // + IndexedPropertyEnumeratorCallback enumerator, // + TDefiner definer, // + IndexedPropertyDescriptorCallback descriptor, // + IndexedPropertyIndexOfCallback index_of, // + Local data = Local(), + PropertyHandlerFlags flags = PropertyHandlerFlags::kNone) + : getter(getter), + setter(ConvertSetter(setter)), + query(query), + deleter(deleter), + enumerator(enumerator), + definer(ConvertDefiner(definer)), descriptor(descriptor), + index_of(index_of), data(data), flags(flags) {} - IndexedPropertyGetterCallbackV2 getter; - IndexedPropertySetterCallbackV2 setter; - IndexedPropertyQueryCallbackV2 query; - IndexedPropertyDeleterCallbackV2 deleter; + IndexedPropertyGetterCallback getter; + IndexedPropertySetterCallback setter; + IndexedPropertyQueryCallback query; + IndexedPropertyDeleterCallback deleter; IndexedPropertyEnumeratorCallback enumerator; - IndexedPropertyDefinerCallbackV2 definer; - IndexedPropertyDescriptorCallbackV2 descriptor; + IndexedPropertyDefinerCallback definer; + IndexedPropertyDescriptorCallback descriptor; + IndexedPropertyIndexOfCallback index_of = nullptr; Local data; PropertyHandlerFlags flags; }; diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index 91166cfccebd0f..dd9b95115e113e 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -9,9 +9,9 @@ // NOTE these macros are used by some of the tool scripts and the build // system so their names cannot be changed without changing the scripts. #define V8_MAJOR_VERSION 14 -#define V8_MINOR_VERSION 6 -#define V8_BUILD_NUMBER 202 -#define V8_PATCH_LEVEL 33 +#define V8_MINOR_VERSION 8 +#define V8_BUILD_NUMBER 178 +#define V8_PATCH_LEVEL 9 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/include/v8-wasm.h b/deps/v8/include/v8-wasm.h index 550cdfb327839f..6b01f9ddb7fdf8 100644 --- a/deps/v8/include/v8-wasm.h +++ b/deps/v8/include/v8-wasm.h @@ -317,6 +317,10 @@ class V8_EXPORT WasmMemoryMapDescriptor : public Object { static Local New(Isolate* isolate, WasmFileDescriptor fd); + void Unmap(); + + size_t Map(Local memory, uint32_t offset); + private: static void CheckCast(Value* object); }; diff --git a/deps/v8/include/v8config.h b/deps/v8/include/v8config.h index d8978c286b9d4e..1624183738d489 100644 --- a/deps/v8/include/v8config.h +++ b/deps/v8/include/v8config.h @@ -599,15 +599,11 @@ path. Add it with -I to the command line // functions. // Use like: // V8_NOINLINE V8_PRESERVE_MOST void UnlikelyMethod(); -#if V8_OS_WIN -# define V8_PRESERVE_MOST -#else #if V8_HAS_ATTRIBUTE_PRESERVE_MOST # define V8_PRESERVE_MOST __attribute__((preserve_most)) #else # define V8_PRESERVE_MOST /* NOT SUPPORTED */ #endif -#endif // A macro (V8_DEPRECATED) to mark classes or functions as deprecated. diff --git a/deps/v8/infra/mb/mb_config.pyl b/deps/v8/infra/mb/mb_config.pyl index 8dcb0689ba2b13..db76a4a5375404 100644 --- a/deps/v8/infra/mb/mb_config.pyl +++ b/deps/v8/infra/mb/mb_config.pyl @@ -195,6 +195,10 @@ 'release_x64_asan_sandbox_testing_undefined_double', 'V8 Clusterfuzz Linux64 ASAN fuzzilli sandbox testing - release builder': 'release_x64_asan_fuzzilli_sandbox_testing_undefined_double', + 'V8 Clusterfuzz Linux64 arm64 fuzzilli sandbox testing - release builder': + 'release_simulate_arm64_fuzzilli_sandbox_testing_undefined_double', + 'V8 Clusterfuzz Linux64 ASAN arm64 fuzzilli sandbox testing - release builder': + 'release_simulate_arm64_asan_fuzzilli_sandbox_testing_undefined_double', }, 'client.v8.perf' : { # Arm @@ -318,6 +322,10 @@ 'v8_linux64_fuzzilli_sandbox_testing_compile_rel': 'release_x64_fuzzilli_sandbox_testing_undefined_double', 'v8_linux64_asan_sandbox_testing_compile_rel': 'release_x64_asan_sandbox_testing_undefined_double', 'v8_linux64_asan_fuzzilli_sandbox_testing_compile_rel': 'release_x64_asan_fuzzilli_sandbox_testing_undefined_double', + 'v8_linux64_arm64_fuzzilli_sandbox_testing_compile_rel': + 'release_simulate_arm64_fuzzilli_sandbox_testing_undefined_double', + 'v8_linux64_arm64_asan_fuzzilli_sandbox_testing_compile_rel': + 'release_simulate_arm64_asan_fuzzilli_sandbox_testing_undefined_double', 'v8_linux64_cfi_compile_rel': 'release_x64_cfi', 'v8_linux64_fuzzilli_compile_rel': 'release_x64_fuzzilli', 'v8_linux64_loong64_compile_rel': 'release_simulate_loong64', @@ -488,6 +496,14 @@ 'release_trybot', 'simulate_arm', 'v8_enable_lite_mode'], 'release_simulate_arm_trybot': [ 'release_trybot', 'simulate_arm'], + 'release_simulate_arm64_asan_fuzzilli_sandbox_testing_undefined_double': [ + 'release_bot', 'simulate_arm64', 'asan', 'minimal_symbols', 'backtrace', + 'trace_pc_guard', 'v8_enable_memory_corruption_api', + 'v8_enable_undefined_double', 'v8_enable_fuzzilli'], + 'release_simulate_arm64_fuzzilli_sandbox_testing_undefined_double': [ + 'release_bot', 'simulate_arm64', 'minimal_symbols', 'backtrace', + 'trace_pc_guard', 'v8_enable_memory_corruption_api', + 'v8_enable_undefined_double', 'v8_enable_fuzzilli'], 'release_simulate_arm64_gcmole': [ 'release_bot', 'simulate_arm64', 'gcmole'], 'release_simulate_arm64_gcmole_trybot': [ @@ -1091,7 +1107,8 @@ }, 'use_centipede': { - 'gn_args': 'use_centipede=true optimize_for_fuzzing = true', + 'gn_args': 'use_centipede=true optimize_for_fuzzing=true ' + 'sanitizer_coverage_skip_stdlib_and_absl=true', }, 'v8_check_header_includes': { @@ -1112,8 +1129,10 @@ }, 'v8_dumpling': { - 'gn_args': 'v8_dumpling=true v8_enable_object_print=true ' - 'v8_enable_partition_alloc=false v8_symbol_level=2', + 'gn_args': 'v8_dumpling=true ' + 'v8_enable_lazy_source_positions=false ' + 'v8_enable_partition_alloc=false ' + 'v8_symbol_level=2', }, 'v8_enable_drumbrake': { diff --git a/deps/v8/infra/testing/builders.pyl b/deps/v8/infra/testing/builders.pyl index ee158af5171b62..96c46772f74c17 100644 --- a/deps/v8/infra/testing/builders.pyl +++ b/deps/v8/infra/testing/builders.pyl @@ -58,7 +58,7 @@ {'name': 'mozilla', 'variant': 'extra'}, {'name': 'test262', 'variant': 'default', 'shards': 4}, {'name': 'test262', 'variant': 'future', 'shards': 4}, - {'name': 'v8testing', 'shards': 6}, + {'name': 'v8testing', 'shards': 8}, {'name': 'v8testing', 'variant': 'extra', 'shards': 5}, # Noavx. { @@ -483,8 +483,10 @@ 'swarming_dimensions' : { 'os': 'Ubuntu-22.04', }, - # TODO(https://crbug.com/479756613): Add tests. - 'tests': [], + 'tests': [ + {'name': 'v8testing', 'variant': 'default'}, + {'name': 'mjsunit', 'variant': 'dumpling_test', 'shards': 4}, + ], }, 'v8_linux64_full_dbg': { 'swarming_dimensions': { @@ -1051,7 +1053,7 @@ }, 'tests': [ {'name': 'mozilla'}, - {'name': 'test262', 'variant': 'default', 'shards': 4}, + {'name': 'test262', 'variant': 'default', 'shards': 6}, {'name': 'v8testing', 'shards': 4}, {'name': 'v8testing', 'variant': 'extra', 'shards': 3}, {'name': 'v8testing', 'variant': 'minor_ms'}, @@ -1332,12 +1334,12 @@ {'name': 'optimize_for_size'}, {'name': 'test262', 'shards': 10}, {'name': 'test262', 'variant': 'extra', 'shards': 10}, - {'name': 'v8testing', 'shards': 3}, + {'name': 'v8testing', 'shards': 4}, { 'name': 'v8testing', 'suffix': 'isolates', 'test_args': ['--isolates'], - 'shards': 6, + 'shards': 8, }, {'name': 'v8testing', 'variant': 'extra', 'shards': 4}, # Nosse3. @@ -1357,7 +1359,7 @@ 'name': 'v8testing', 'suffix': 'nosse3', 'test_args': ['--extra-flags', '--noenable-sse3 --noenable-ssse3 --noenable-sse4-1 --noenable-avx'], - 'shards': 3 + 'shards': 4 }, # Nossse3. { @@ -1376,7 +1378,7 @@ 'name': 'v8testing', 'suffix': 'nossse3', 'test_args': ['--extra-flags', '--noenable-ssse3 --noenable-sse4-1 --noenable-avx'], - 'shards': 3 + 'shards': 4 }, # Nosse4. { @@ -1395,7 +1397,7 @@ 'name': 'v8testing', 'suffix': 'nosse4', 'test_args': ['--extra-flags', '--noenable-sse4-1 --noenable-avx'], - 'shards': 3 + 'shards': 4 }, # Noavx. { @@ -1414,7 +1416,7 @@ 'name': 'v8testing', 'suffix': 'noavx', 'test_args': ['--extra-flags', '--noenable-avx'], - 'shards': 3 + 'shards': 4 }, ], }, @@ -1428,7 +1430,7 @@ 'priority': 35, }, 'tests': [ - {'name': 'v8testing', 'variant': 'default', 'shards': 8}, + {'name': 'v8testing', 'variant': 'default', 'shards': 10}, ], }, 'V8 Linux - gc stress': { @@ -1624,7 +1626,7 @@ {'name': 'mozilla'}, {'name': 'mozilla', 'variant': 'extra'}, {'name': 'optimize_for_size'}, - {'name': 'test262', 'shards': 12}, + {'name': 'test262', 'shards': 16}, {'name': 'test262', 'variant': 'extra', 'shards': 10}, {'name': 'v8testing', 'shards': 5}, {'name': 'v8testing', 'variant': 'extra', 'shards': 4}, @@ -1679,15 +1681,17 @@ 'swarming_dimensions' : { 'os': 'Ubuntu-22.04', }, - # TODO(https://crbug.com/479756613): Add tests. - 'tests': [], + 'tests': [ + {'name': 'v8testing', 'variant': 'default'}, + {'name': 'mjsunit', 'variant': 'dumpling_test', 'shards': 4}, + ], }, 'V8 Linux64 - full debug': { 'swarming_dimensions': { 'os': 'Ubuntu-22.04', }, 'tests': [ - {'name': 'v8testing', 'variant': 'default', 'shards': 8}, + {'name': 'v8testing', 'variant': 'default', 'shards': 12}, ], }, 'V8 Linux64 - disable runtime call stats': { @@ -1748,13 +1752,8 @@ 'swarming_dimensions' : { 'os': 'Ubuntu-22.04', }, - 'swarming_task_attrs': { - 'expiration': 14400, - 'hard_timeout': 3600, - 'priority': 35, - }, 'tests': [ - {'name': 'v8testing', 'shards': 3}, + {'name': 'v8testing', 'shards': 5}, ], }, 'V8 Linux64 - fyi': { @@ -1834,7 +1833,7 @@ { 'name': 'd8testing', 'test_args': ['--gc-stress'], - 'shards': 5, + 'shards': 7, }, { 'name': 'mjsunit', @@ -2111,7 +2110,7 @@ 'tests': [ {'name': 'mozilla'}, {'name': 'test262', 'variant': 'default', 'shards': 2}, - {'name': 'v8testing'}, + {'name': 'v8testing', 'shards': 2}, {'name': 'v8testing', 'variant': 'extra'}, ], }, @@ -2303,7 +2302,7 @@ }, 'tests': [ {'name': 'mozilla'}, - {'name': 'test262', 'variant': 'default', 'shards': 2}, + {'name': 'test262', 'variant': 'default', 'shards': 4}, {'name': 'v8testing', 'shards': 4}, {'name': 'v8testing', 'variant': 'extra', 'shards': 3}, {'name': 'v8testing', 'variant': 'minor_ms'}, @@ -2331,7 +2330,7 @@ 'os': 'Windows-10-19045', }, 'tests': [ - {'name': 'v8testing', 'shards': 5}, + {'name': 'v8testing', 'shards': 7}, ], }, 'V8 Win64 PGO instrumentation - builder' : { @@ -2417,7 +2416,7 @@ {'name': 'test262', 'variant': 'default', 'shards': 3}, {'name': 'v8testing', 'shards': 10}, {'name': 'v8testing', 'variant': 'extra', 'shards': 9}, - {'name': 'v8testing', 'variant': 'turbolev'}, + {'name': 'v8testing', 'variant': 'turbolev', 'shards': 2}, # Armv8-a. { 'name': 'mozilla', @@ -2508,13 +2507,13 @@ {'name': 'mozilla', 'shards': 2}, {'name': 'test262', 'variant': 'default', 'shards': 3}, {'name': 'v8testing', 'shards': 12}, - {'name': 'v8testing', 'variant': 'extra', 'shards': 12}, + {'name': 'v8testing', 'variant': 'extra', 'shards': 14}, { 'name': 'v8testing', 'suffix': 'all_features', 'variant': 'default', 'test_args': ['--extra-flags', '--sim-arm64-optional-features="all"'], - 'shards': 3, + 'shards': 4, }, ], }, @@ -2531,7 +2530,7 @@ { 'name': 'd8testing', 'test_args': ['--gc-stress', '--extra-flags=--verify-heap-skip-remembered-set'], - 'shards': 12 + 'shards': 14 }, ], }, diff --git a/deps/v8/samples/hello-world.cc b/deps/v8/samples/hello-world.cc index 557ba63e0fd85e..086d3d0125589e 100644 --- a/deps/v8/samples/hello-world.cc +++ b/deps/v8/samples/hello-world.cc @@ -16,7 +16,10 @@ int main(int argc, char* argv[]) { // Initialize V8. - v8::V8::InitializeICUDefaultLocation(argv[0]); + if (!v8::V8::InitializeICUDefaultLocation(argv[0])) { + fprintf(stderr, "Failed to initialize ICU\n"); + return 1; + } v8::V8::InitializeExternalStartupData(argv[0]); std::unique_ptr platform = v8::platform::NewDefaultPlatform(); v8::V8::InitializePlatform(platform.get()); diff --git a/deps/v8/samples/process.cc b/deps/v8/samples/process.cc index e48b16c6a896c5..661225218677f3 100644 --- a/deps/v8/samples/process.cc +++ b/deps/v8/samples/process.cc @@ -407,7 +407,7 @@ v8::Intercepted JsHttpRequestProcessor::MapGet( if (name->IsSymbol()) return v8::Intercepted::kNo; // Fetch the map wrapped by this object. - map* obj = UnwrapMap(info.HolderV2()); + map* obj = UnwrapMap(info.Holder()); // Convert the JavaScript string to a std::string. string key = ObjectToString(info.GetIsolate(), name.As()); @@ -433,7 +433,7 @@ v8::Intercepted JsHttpRequestProcessor::MapSet( if (name->IsSymbol()) return v8::Intercepted::kNo; // Fetch the map wrapped by this object. - map* obj = UnwrapMap(info.HolderV2()); + map* obj = UnwrapMap(info.Holder()); // Convert the key and value to std::strings. string key = ObjectToString(info.GetIsolate(), name.As()); @@ -513,7 +513,7 @@ HttpRequest* JsHttpRequestProcessor::UnwrapRequest(Local obj) { void JsHttpRequestProcessor::GetPath(Local name, const PropertyCallbackInfo& info) { // Extract the C++ request object from the JavaScript wrapper. - HttpRequest* request = UnwrapRequest(info.HolderV2()); + HttpRequest* request = UnwrapRequest(info.Holder()); // Fetch the path. const string& path = request->Path(); @@ -527,7 +527,7 @@ void JsHttpRequestProcessor::GetPath(Local name, void JsHttpRequestProcessor::GetReferrer( Local name, const PropertyCallbackInfo& info) { - HttpRequest* request = UnwrapRequest(info.HolderV2()); + HttpRequest* request = UnwrapRequest(info.Holder()); const string& path = request->Referrer(); info.GetReturnValue().Set( String::NewFromUtf8(info.GetIsolate(), path.c_str(), @@ -537,7 +537,7 @@ void JsHttpRequestProcessor::GetReferrer( void JsHttpRequestProcessor::GetHost(Local name, const PropertyCallbackInfo& info) { - HttpRequest* request = UnwrapRequest(info.HolderV2()); + HttpRequest* request = UnwrapRequest(info.Holder()); const string& path = request->Host(); info.GetReturnValue().Set( String::NewFromUtf8(info.GetIsolate(), path.c_str(), @@ -547,7 +547,7 @@ void JsHttpRequestProcessor::GetHost(Local name, void JsHttpRequestProcessor::GetUserAgent( Local name, const PropertyCallbackInfo& info) { - HttpRequest* request = UnwrapRequest(info.HolderV2()); + HttpRequest* request = UnwrapRequest(info.Holder()); const string& path = request->UserAgent(); info.GetReturnValue().Set( String::NewFromUtf8(info.GetIsolate(), path.c_str(), @@ -695,7 +695,10 @@ void PrintMap(map* m) { int main(int argc, char* argv[]) { - v8::V8::InitializeICUDefaultLocation(argv[0]); + if (!v8::V8::InitializeICUDefaultLocation(argv[0])) { + fprintf(stderr, "Failed to initialize ICU\n"); + return 1; + } v8::V8::InitializeExternalStartupData(argv[0]); std::unique_ptr platform = v8::platform::NewDefaultPlatform(); v8::V8::InitializePlatform(platform.get()); diff --git a/deps/v8/samples/shell.cc b/deps/v8/samples/shell.cc index 7ec41b104947bc..ffcefe4a782647 100644 --- a/deps/v8/samples/shell.cc +++ b/deps/v8/samples/shell.cc @@ -67,7 +67,10 @@ void ReportException(v8::Isolate* isolate, v8::TryCatch* handler); static bool run_shell; int main(int argc, char* argv[]) { - v8::V8::InitializeICUDefaultLocation(argv[0]); + if (!v8::V8::InitializeICUDefaultLocation(argv[0])) { + fprintf(stderr, "Failed to initialize ICU\n"); + return 1; + } v8::V8::InitializeExternalStartupData(argv[0]); std::unique_ptr platform = v8::platform::NewDefaultPlatform(); v8::V8::InitializePlatform(platform.get()); diff --git a/deps/v8/src/DEPS b/deps/v8/src/DEPS index f977b8d83e07fe..4034fd34280682 100644 --- a/deps/v8/src/DEPS +++ b/deps/v8/src/DEPS @@ -8,6 +8,7 @@ include_rules = [ "+src/baseline/bytecode-offset-iterator.h", "-src/bigint", "+src/bigint/bigint.h", + "+src/bigint/bigint-inl.h", "-src/compiler", "+src/compiler/code-assembler.h", "+src/compiler/turbofan.h", diff --git a/deps/v8/src/api/api-arguments-inl.h b/deps/v8/src/api/api-arguments-inl.h index 2f5c1d25df64c1..0c3ad9d1d7b25a 100644 --- a/deps/v8/src/api/api-arguments-inl.h +++ b/deps/v8/src/api/api-arguments-inl.h @@ -561,6 +561,26 @@ PropertyCallbackArguments::CallPropertyEnumerator( return Cast(result); } +uint32_t PropertyCallbackArguments::CallIndexedIndexOf( + Isolate* isolate, DirectHandle interceptor, + DirectHandle value, uint32_t start_index, uint32_t end_index, + uint32_t* in_out_length) { + DCHECK(!is_setter_definer_deleter_); + // The actual property key is not relevant for this callback. + set_property_key(0); + slot_at(kCallbackInfoIndex).store(*interceptor); + // IndexOf callback doesn't use return value. + slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).undefined_value()); + + IndexedPropertyIndexOfCallback f = + reinterpret_cast( + interceptor->indexed_index_of(isolate)); + PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, void, interceptor, + ExceptionContext::kUnknown); + return f(v8::Utils::ToLocal(value), start_index, end_index, in_out_length, + callback_info); +} + // ------------------------------------------------------------------------- // Accessors @@ -604,12 +624,11 @@ bool PropertyCallbackArguments::CallAccessorSetter( // Here we handle both cases using the AccessorNameSetterCallback signature // and checking whether the returned result is set to default value // (the undefined value). - // TODO(ishell, 348660658): update V8 Api to allow setter callbacks provide - // the result of [[Set]] operation according to JavaScript semantics. - AccessorNameSetterCallback f = reinterpret_cast( - accessor_info->setter(isolate)); - PREPARE_CALLBACK_INFO_ACCESSOR(isolate, f, void, accessor_info, holder(), - ACCESSOR_SETTER, + AccessorNameSetterCallbackV2 f = + reinterpret_cast( + accessor_info->setter(isolate)); + PREPARE_CALLBACK_INFO_ACCESSOR(isolate, f, v8::Boolean, accessor_info, + holder(), ACCESSOR_SETTER, ExceptionContext::kAttributeSet); f(v8::Utils::ToLocal(name), v8::Utils::ToLocal(value), callback_info); // Historically, in case of v8::AccessorNameSetterCallback it wasn't allowed diff --git a/deps/v8/src/api/api-arguments.h b/deps/v8/src/api/api-arguments.h index d0c4936a989325..b4339de1daebff 100644 --- a/deps/v8/src/api/api-arguments.h +++ b/deps/v8/src/api/api-arguments.h @@ -154,6 +154,13 @@ class PropertyCallbackArguments final : public Relocatable { inline DirectHandle CallIndexedEnumerator( Isolate* isolate, DirectHandle interceptor); + // Pending exception handling should be done by the caller. + inline uint32_t CallIndexedIndexOf(Isolate* isolate, + DirectHandle interceptor, + DirectHandle value, + uint32_t start_index, uint32_t end_index, + uint32_t* in_out_length); + // Accept potential JavaScript side effects that might occur during life // time of this object. inline void AcceptSideEffects() { diff --git a/deps/v8/src/api/api.cc b/deps/v8/src/api/api.cc index 9ef4e3b4a66006..32fc059d6d2375 100644 --- a/deps/v8/src/api/api.cc +++ b/deps/v8/src/api/api.cc @@ -46,6 +46,7 @@ #include "src/base/utils/random-number-generator.h" #include "src/base/vector.h" #include "src/builtins/accessors.h" +#include "src/builtins/builtins-promise.h" #include "src/builtins/builtins-utils.h" #include "src/codegen/compilation-cache.h" #include "src/codegen/compiler.h" @@ -103,11 +104,13 @@ #include "src/objects/js-promise-inl.h" #include "src/objects/js-regexp-inl.h" #include "src/objects/js-weak-refs-inl.h" +#include "src/objects/managed-inl.h" #include "src/objects/module-inl.h" #include "src/objects/objects-inl.h" #include "src/objects/oddball.h" #include "src/objects/ordered-hash-table-inl.h" #include "src/objects/primitive-heap-object.h" +#include "src/objects/promise-inl.h" #include "src/objects/property-descriptor.h" #include "src/objects/property-details.h" #include "src/objects/property.h" @@ -125,7 +128,7 @@ #include "src/parsing/scanner-character-streams.h" #include "src/profiler/cpu-profiler.h" #include "src/profiler/heap-profiler.h" -#include "src/profiler/heap-snapshot-generator-inl.h" +#include "src/profiler/heap-snapshot-generator.h" #include "src/profiler/profile-generator-inl.h" #include "src/profiler/tick-sample.h" #include "src/regexp/regexp-utils.h" @@ -1339,25 +1342,19 @@ void FunctionTemplate::SetCallHandler( info->set_callback_data(*Utils::OpenDirectHandle(*data), kReleaseStore); if (!c_function_overloads.empty()) { - // Stores the data for a sequence of CFunction overloads into a single - // FixedArray, as [address_0, signature_0, ... address_n-1, signature_n-1]. + const uint32_t function_count = + static_cast(c_function_overloads.size()); i::DirectHandle function_overloads = - i_isolate->factory()->NewFixedArray(static_cast( - c_function_overloads.size() * - i::FunctionTemplateInfo::kFunctionOverloadEntrySize)); - int function_count = static_cast(c_function_overloads.size()); - for (int i = 0; i < function_count; i++) { + i_isolate->factory()->NewFixedArray(function_count); + for (uint32_t i = 0; i < function_count; i++) { const CFunction& c_function = c_function_overloads.data()[i]; - i::DirectHandle address = FromCData( - i_isolate, c_function.GetAddress()); - function_overloads->set( - i::FunctionTemplateInfo::kFunctionOverloadEntrySize * i, *address); - i::DirectHandle signature = - FromCData(i_isolate, - c_function.GetTypeInfo()); - function_overloads->set( - i::FunctionTemplateInfo::kFunctionOverloadEntrySize * i + 1, - *signature); + i::DirectHandle> overload = + i::Managed::From( + i_isolate, sizeof(i::CFunctionWithSignature), + std::make_shared( + reinterpret_cast(c_function.GetAddress()), + c_function.GetTypeInfo())); + function_overloads->set(i, *overload); } i::FunctionTemplateInfo::SetCFunctionOverloads(i_isolate, info, function_overloads); @@ -1377,6 +1374,8 @@ i::DirectHandle MakeAccessorInfo(i::Isolate* i_isolate, obj->set_getter(i_isolate, reinterpret_cast(getter)); DCHECK_IMPLIES(replace_on_access, setter == nullptr); if (setter == nullptr) { + // TODO(https://crbug.com/348660658): remove once AccessorNameSetterCallback + // is deprecated and removed. #if (__GNUC__ >= 8) || defined(__clang__) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wcast-function-type" @@ -1548,6 +1547,17 @@ void TemplateSetAccessor(Template* template_obj, v8::Local name, } } // namespace +void Template::SetNativeDataProperty(v8::Local name, + AccessorNameGetterCallback getter, + AccessorNameSetterCallbackV2 setter, + v8::Local data, + PropertyAttribute attribute, + SideEffectType getter_side_effect_type, + SideEffectType setter_side_effect_type) { + TemplateSetAccessor(this, name, getter, setter, data, attribute, false, + getter_side_effect_type, setter_side_effect_type); +} + void Template::SetNativeDataProperty(v8::Local name, AccessorNameGetterCallback getter, AccessorNameSetterCallback setter, @@ -1582,8 +1592,7 @@ void Template::SetIntrinsicDataProperty(Local name, Intrinsic intrinsic, } namespace { -enum class PropertyType { kNamed, kIndexed }; -template i::DirectHandle CreateInterceptorInfo( @@ -1595,18 +1604,17 @@ i::DirectHandle CreateInterceptorInfo( // pointers (with different tags), consider creating an object in trusted // space instead. That way, only a single reference going out of the sandbox // would be required. - auto obj = i_isolate->factory()->NewInterceptorInfo(); - obj->set_is_named(property_type == PropertyType::kNamed); + auto obj = i_isolate->factory()->NewInterceptorInfo(kind); #define SET_CALLBACK_FIELD(Name, name) \ if (name != nullptr) { \ - if constexpr (property_type == PropertyType::kNamed) { \ + if constexpr (kind == i::InterceptorKind::kNamed) { \ obj->set_named_##name(i_isolate, reinterpret_cast(name)); \ } else { \ obj->set_indexed_##name(i_isolate, reinterpret_cast(name)); \ } \ } - INTERCEPTOR_INFO_CALLBACK_LIST(SET_CALLBACK_FIELD) + COMMON_INTERCEPTOR_INFO_CALLBACK_LIST(SET_CALLBACK_FIELD) #undef SET_CALLBACK_FIELD obj->set_can_intercept_symbols( @@ -1628,7 +1636,7 @@ i::DirectHandle CreateNamedInterceptorInfo( Descriptor descriptor, Deleter remover, Enumerator enumerator, Definer definer, Local data, base::Flags flags) { - auto interceptor = CreateInterceptorInfo( + auto interceptor = CreateInterceptorInfo( i_isolate, getter, setter, query, descriptor, remover, enumerator, definer, data, flags); return interceptor; @@ -1641,7 +1649,7 @@ i::DirectHandle CreateIndexedInterceptorInfo( Descriptor descriptor, Deleter remover, Enumerator enumerator, Definer definer, Local data, base::Flags flags) { - auto interceptor = CreateInterceptorInfo( + auto interceptor = CreateInterceptorInfo( i_isolate, getter, setter, query, descriptor, remover, enumerator, definer, data, flags); return interceptor; @@ -1759,6 +1767,10 @@ void ObjectTemplate::SetHandler( i_isolate, config.getter, config.setter, config.query, config.descriptor, config.deleter, config.enumerator, config.definer, config.data, config.flags); + if (config.index_of) { + obj->set_indexed_index_of(i_isolate, + reinterpret_cast(config.index_of)); + } i::FunctionTemplateInfo::SetIndexedPropertyHandler(i_isolate, cons, obj); } @@ -2141,7 +2153,9 @@ Local PrimitiveArray::New(Isolate* v8_isolate, int length) { } int PrimitiveArray::Length() const { - return Utils::OpenDirectHandle(this)->length(); + uint32_t len = Utils::OpenDirectHandle(this)->ulength().value(); + DCHECK_LE(len, i::kMaxInt); + return static_cast(len); } void PrimitiveArray::Set(Isolate* v8_isolate, int index, @@ -2149,10 +2163,11 @@ void PrimitiveArray::Set(Isolate* v8_isolate, int index, i::Isolate* i_isolate = reinterpret_cast(v8_isolate); auto array = Utils::OpenDirectHandle(this); EnterV8NoScriptNoExceptionScope api_scope(i_isolate); - Utils::ApiCheck(index >= 0 && index < array->length(), - "v8::PrimitiveArray::Set", - "index must be greater than or equal to 0 and less than the " - "array length"); + Utils::ApiCheck( + index >= 0 && static_cast(index) < array->ulength().value(), + "v8::PrimitiveArray::Set", + "index must be greater than or equal to 0 and less than the " + "array length"); array->set(index, *Utils::OpenDirectHandle(*item)); } @@ -2160,10 +2175,11 @@ Local PrimitiveArray::Get(Isolate* v8_isolate, int index) { i::Isolate* i_isolate = reinterpret_cast(v8_isolate); auto array = Utils::OpenDirectHandle(this); EnterV8NoScriptNoExceptionScope api_scope(i_isolate); - Utils::ApiCheck(index >= 0 && index < array->length(), - "v8::PrimitiveArray::Get", - "index must be greater than or equal to 0 and less than the " - "array length"); + Utils::ApiCheck( + index >= 0 && static_cast(index) < array->ulength().value(), + "v8::PrimitiveArray::Get", + "index must be greater than or equal to 0 and less than the " + "array length"); return ToApiHandle(i::direct_handle(array->get(index), i_isolate)); } @@ -2176,15 +2192,17 @@ void v8::PrimitiveArray::CheckCast(v8::Data* that) { } int FixedArray::Length() const { - return Utils::OpenDirectHandle(this)->length(); + uint32_t len = Utils::OpenDirectHandle(this)->ulength().value(); + DCHECK_LE(len, i::kMaxInt); + return static_cast(len); } Local FixedArray::Get(int i) const { auto self = Utils::OpenDirectHandle(this); auto i_isolate = i::Isolate::Current(); #if V8_ENABLE_CHECKS - Utils::ApiCheck(i < self->length(), "v8::FixedArray::Get", - "index out of bounds"); + Utils::ApiCheck(i >= 0 && static_cast(i) < self->ulength().value(), + "v8::FixedArray::Get", "index out of bounds"); #endif return ToApiHandle(i::direct_handle(self->get(i), i_isolate)); } @@ -2291,7 +2309,7 @@ Location Module::SourceOffsetToLocation(int offset) const { return v8::Location(info.line, info.column); } -Local Module::GetModuleNamespace() { +Local Module::GetModuleNamespace(v8::ModuleImportPhase phase) { Utils::ApiCheck( GetStatus() >= kInstantiated, "v8::Module::GetModuleNamespace", "v8::Module::GetModuleNamespace must be used on an instantiated module"); @@ -2300,7 +2318,7 @@ Local Module::GetModuleNamespace() { i::DisallowJavascriptExecutionDebugOnly no_execution(i_isolate); i::DisallowExceptionsDebugOnly no_exceptions(i_isolate); i::DirectHandle module_namespace = - i::Module::GetModuleNamespace(i_isolate, self); + i::Module::GetModuleNamespace(i_isolate, self, phase); return ToApiHandle(module_namespace); } @@ -2414,6 +2432,57 @@ MaybeLocal Module::Evaluate(Local context) { return api_scope.EscapeMaybe(i::Module::Evaluate(i_isolate, self)); } +MaybeLocal Module::EvaluateForImportDefer(Local context) { + auto i_isolate = i::Isolate::Current(); + TRACE_EVENT_CALL_STATS_SCOPED(i_isolate, "v8", "V8.Execute"); + EnterV8Scope api_scope{i_isolate, context, + RCCId::kAPI_Module_Evaluate}; + auto self = Utils::OpenHandle(this); + i::Zone zone(i_isolate->allocator(), ZONE_NAME); + i::ZoneVector> evaluation_list(&zone); + i::UnorderedModuleSet seen_modules(&zone); + i::UnorderedModuleSet evaluation_set(&zone); + if (i::IsSourceTextModule(*self)) { + i::SourceTextModule::GatherAsynchronousTransitiveDependencies( + i_isolate, self, &evaluation_set, &evaluation_list, &seen_modules); + } + + if (evaluation_list.empty()) { + Local module_namespace = + this->GetModuleNamespace(ModuleImportPhase::kDefer); + Local module_resolver = + Promise::Resolver::New(context).ToLocalChecked(); + module_resolver->Resolve(context, module_namespace).ToChecked(); + return api_scope.Escape(module_resolver->GetPromise()); + } + + i::DirectHandleVector promises(i_isolate); + for (size_t i = 0; i < evaluation_list.size(); i++) { + i::Handle dep_module = evaluation_list[i]; + Local v8_dep_module = Utils::ToLocal(dep_module); + MaybeLocal maybe_eval_result = v8_dep_module->Evaluate(context); + if (maybe_eval_result.IsEmpty()) { + return api_scope.EscapeMaybe(MaybeLocal()); + } + Local eval_result = maybe_eval_result.ToLocalChecked(); + CHECK(eval_result->IsPromise()); + i::DirectHandle promise_handle = + Utils::OpenDirectHandle(*eval_result.As()); + promises.push_back(promise_handle); + } + + // TODO(caiolima): The call to native Promise "then" is yet to be approved + // on https://github.com/tc39/proposal-defer-import-eval/pull/77. Revisit it + // after a decision is made. + i::MaybeHandle maybe_promise_all_result = + i::JSPromise::PerformPromiseAll(i_isolate, promises); + if (maybe_promise_all_result.is_null()) { + return api_scope.EscapeMaybe(MaybeLocal()); + } + return api_scope.Escape( + Utils::ToLocal(maybe_promise_all_result.ToHandleChecked())); +} + Local Module::CreateSyntheticModule( Isolate* v8_isolate, Local module_name, const MemorySpan>& export_names, @@ -2424,7 +2493,8 @@ Local Module::CreateSyntheticModule( i::DirectHandle i_export_names = i_isolate->factory()->NewFixedArray( static_cast(export_names.size())); - for (int i = 0; i < i_export_names->length(); ++i) { + uint32_t i_export_names_len = i_export_names->ulength().value(); + for (uint32_t i = 0; i < i_export_names_len; ++i) { i::DirectHandle str = i_isolate->factory()->InternalizeString( Utils::OpenDirectHandle(*export_names[i])); i_export_names->set(i, *str); @@ -3068,7 +3138,8 @@ void ScriptOrigin::VerifyHostDefinedOptions() const { "Host-defined options has to be a PrimitiveArray"); auto options = Utils::OpenDirectHandle(*host_defined_options_.As()); - for (int i = 0; i < options->length(); i++) { + uint32_t options_len = options->ulength().value(); + for (uint32_t i = 0; i < options_len; i++) { Utils::ApiCheck(i::IsPrimitive(options->get(i)), "ScriptOrigin()", "PrimitiveArray can only contain primtive values"); } @@ -3274,6 +3345,15 @@ StackTrace::CurrentScriptIdsAndContexts( return {frame_data.data(), written}; } +v8::MemorySpan StackTrace::CurrentScriptData( + Isolate* v8_isolate, v8::MemorySpan frame_data) { + i::Isolate* i_isolate = reinterpret_cast(v8_isolate); + EnterV8NoScriptNoExceptionScope api_scope(i_isolate); + + size_t written = i_isolate->CurrentScriptData(frame_data); + return {frame_data.data(), written}; +} + // --- S t a c k F r a m e --- Location StackFrame::GetLocation() const { @@ -4192,8 +4272,7 @@ std::shared_ptr v8::ArrayBuffer::GetBackingStore() { auto self = Utils::OpenDirectHandle(this); std::shared_ptr backing_store = self->GetBackingStore(); if (!backing_store) { - backing_store = - i::BackingStore::EmptyBackingStore(i::SharedFlag::kNotShared); + backing_store = i::BackingStore::EmptyBackingStore(i::SharedFlag::kNo); } std::shared_ptr bs_base = backing_store; return std::static_pointer_cast(bs_base); @@ -4211,7 +4290,7 @@ std::shared_ptr v8::SharedArrayBuffer::GetBackingStore() { auto self = Utils::OpenDirectHandle(this); std::shared_ptr backing_store = self->GetBackingStore(); if (!backing_store) { - backing_store = i::BackingStore::EmptyBackingStore(i::SharedFlag::kShared); + backing_store = i::BackingStore::EmptyBackingStore(i::SharedFlag::kYes); } std::shared_ptr bs_base = backing_store; return std::static_pointer_cast(bs_base); @@ -4752,16 +4831,6 @@ MaybeLocal v8::Object::GetPrivate(Local context, Maybe v8::Object::GetPropertyAttributes( Local context, Local key) { - PropertyAttribute attributes = PropertyAttribute::None; - auto result = GetPropertyAttributes(context, key, &attributes); - if (result.IsNothing()) return {}; - // This will confusingly return None when the property doesn't exist. - return Just(attributes); -} - -Maybe v8::Object::GetPropertyAttributes( - Local context, Local key, - PropertyAttribute* out_attributes) { auto i_isolate = i::Isolate::Current(); EnterV8Scope<> api_scope{i_isolate, context, RCCId::kAPI_Object_GetPropertyAttributes}; @@ -4774,10 +4843,9 @@ Maybe v8::Object::GetPropertyAttributes( auto result = i::JSReceiver::GetPropertyAttributes(i_isolate, self, key_name); if (result.IsNothing()) return {}; if (result.FromJust() == i::ABSENT) { - return Just(false); + return Just(static_cast(i::NONE)); } - *out_attributes = static_cast(result.FromJust()); - return Just(true); + return Just(static_cast(result.FromJust())); } MaybeLocal v8::Object::GetOwnPropertyDescriptor(Local context, @@ -4798,7 +4866,7 @@ MaybeLocal v8::Object::GetOwnPropertyDescriptor(Local context, return api_scope.Escape(Utils::ToLocal(desc.ToObject(i_isolate))); } -Local v8::Object::GetPrototypeV2() { +Local v8::Object::GetPrototype() { auto self = Utils::OpenDirectHandle(this); auto i_isolate = i::Isolate::Current(); i::PrototypeIterator iter(i_isolate, self); @@ -4851,8 +4919,8 @@ Maybe SetPrototypeImpl(v8::Object* this_, Local context, } // namespace -Maybe v8::Object::SetPrototypeV2(Local context, - Local value) { +Maybe v8::Object::SetPrototype(Local context, + Local value) { static constexpr bool from_javascript = true; return SetPrototypeImpl(this, context, value, from_javascript); } @@ -5083,6 +5151,17 @@ void Object::SetAccessorProperty(Local name, Local getter, USE(success); } +Maybe Object::SetNativeDataProperty( + v8::Local context, v8::Local name, + AccessorNameGetterCallback getter, AccessorNameSetterCallbackV2 setter, + v8::Local data, PropertyAttribute attributes, + SideEffectType getter_side_effect_type, + SideEffectType setter_side_effect_type) { + return ObjectSetAccessor(context, this, name, getter, setter, data, + attributes, false, getter_side_effect_type, + setter_side_effect_type); +} + Maybe Object::SetNativeDataProperty( v8::Local context, v8::Local name, AccessorNameGetterCallback getter, AccessorNameSetterCallback setter, @@ -5902,35 +5981,9 @@ Local v8::String::InternalizeString(Isolate* v8_isolate) { return Utils::ToLocal(isolate->factory()->InternalizeString(str)); } -void v8::String::VerifyExternalStringResource( - v8::String::ExternalStringResource* value) const { - i::DisallowGarbageCollection no_gc; - i::Tagged str = *Utils::OpenDirectHandle(this); - const v8::String::ExternalStringResource* expected = nullptr; - - if (i::IsThinString(str)) { - str = i::Cast(str)->actual(); - } - - if (i::StringShape(str).IsExternalTwoByte()) { - const void* resource = i::Cast(str)->resource(); - expected = reinterpret_cast(resource); - } else { - uint32_t raw_hash_field = str->raw_hash_field(kAcquireLoad); - if (i::String::IsExternalForwardingIndex(raw_hash_field)) { - bool is_one_byte; - auto resource = GetExternalResourceFromForwardingTable( - str, raw_hash_field, &is_one_byte); - if (!is_one_byte) { - expected = reinterpret_cast(resource); - } - } - } - CHECK_EQ(expected, value); -} - void v8::String::VerifyExternalStringResourceBase( - v8::String::ExternalStringResourceBase* value, Encoding encoding) const { + const v8::String::ExternalStringResourceBase* value, + Encoding encoding) const { i::DisallowGarbageCollection no_gc; i::Tagged str = *Utils::OpenDirectHandle(this); const v8::String::ExternalStringResourceBase* expected; @@ -5965,34 +6018,6 @@ void v8::String::VerifyExternalStringResourceBase( CHECK_EQ(expectedEncoding, encoding); } -String::ExternalStringResource* String::GetExternalStringResourceSlow() const { - i::DisallowGarbageCollection no_gc; - i::Tagged str = *Utils::OpenDirectHandle(this); - - if (i::IsThinString(str)) { - str = i::Cast(str)->actual(); - } - - if (i::StringShape(str).IsExternalTwoByte()) { - Isolate* isolate = i::Internals::GetCurrentIsolateForSandbox(); - i::Address value = - i::Internals::ReadExternalPointerField( - isolate, str.ptr(), i::Internals::kStringResourceOffset); - return reinterpret_cast(value); - } else { - uint32_t raw_hash_field = str->raw_hash_field(kAcquireLoad); - if (i::String::IsExternalForwardingIndex(raw_hash_field)) { - bool is_one_byte; - auto resource = GetExternalResourceFromForwardingTable( - str, raw_hash_field, &is_one_byte); - if (!is_one_byte) { - return reinterpret_cast(resource); - } - } - } - return nullptr; -} - void String::ExternalStringResource::UpdateDataCache() { DCHECK(IsCacheable()); cached_data_ = data(); @@ -6028,10 +6053,7 @@ String::ExternalStringResourceBase* String::GetExternalStringResourceBaseSlow( static_cast(type & i::Internals::kStringEncodingMask); if (i::StringShape(str).IsExternalOneByte() || i::StringShape(str).IsExternalTwoByte()) { - Isolate* isolate = i::Internals::GetCurrentIsolateForSandbox(); - i::Address value = - i::Internals::ReadExternalPointerField( - isolate, string, i::Internals::kStringResourceOffset); + i::Address value = i::Cast(str)->resource_as_address(); resource = reinterpret_cast(value); } else { uint32_t raw_hash_field = str->raw_hash_field(); @@ -6046,28 +6068,28 @@ String::ExternalStringResourceBase* String::GetExternalStringResourceBaseSlow( return resource; } -const v8::String::ExternalOneByteStringResource* -v8::String::GetExternalOneByteStringResource() const { - i::DisallowGarbageCollection no_gc; - i::Tagged str = *Utils::OpenDirectHandle(this); - if (i::StringShape(str).IsExternalOneByte()) { - return i::Cast(str)->resource(); - } else if (i::IsThinString(str)) { - str = i::Cast(str)->actual(); - if (i::StringShape(str).IsExternalOneByte()) { - return i::Cast(str)->resource(); - } +v8::String::ExternalStringResource* v8::String::GetExternalStringResourceSlow() + const { + String::Encoding encoding; + ExternalStringResourceBase* resource = + GetExternalStringResourceBaseSlow(&encoding); + if (V8_LIKELY(encoding == Encoding::TWO_BYTE_ENCODING)) { + return reinterpret_cast(resource); + } else { + return nullptr; } - uint32_t raw_hash_field = str->raw_hash_field(kAcquireLoad); - if (i::String::IsExternalForwardingIndex(raw_hash_field)) { - bool is_one_byte; - auto resource = GetExternalResourceFromForwardingTable(str, raw_hash_field, - &is_one_byte); - if (is_one_byte) { - return reinterpret_cast(resource); - } +} + +const v8::String::ExternalOneByteStringResource* +v8::String::GetExternalOneByteStringResourceSlow() const { + String::Encoding encoding; + ExternalStringResourceBase* resource = + GetExternalStringResourceBaseSlow(&encoding); + if (V8_LIKELY(encoding == Encoding::ONE_BYTE_ENCODING)) { + return reinterpret_cast(resource); + } else { + return nullptr; } - return nullptr; } Local Symbol::Description(Isolate* v8_isolate) const { @@ -6336,8 +6358,9 @@ bool v8::V8::Initialize(const int build_config) { kV8EnableChecks ? "ENABLED" : "DISABLED"); } - // TODO(ishell, 455600234): check that V8_TARGET_ARCH_ARM64/PPC64 on embedder - // side matches the ones on V8 side. + // TODO(ishell, 455600234): check that + // V8_TARGET_ARCH_ARM64/PPC64/MIPS64/LOONG64 on embedder side matches the ones + // on V8 side. i::V8::Initialize(); if (!cppgc::IsInitialized()) { @@ -6510,6 +6533,28 @@ size_t v8::V8::GetSandboxReservationSizeInBytes() { return i::Sandbox::current()->reservation_size(); } +v8::V8::SandboxMode v8::V8::GetSandboxMode() { + const i::Sandbox* sandbox = i::Sandbox::current(); + Utils::ApiCheck(sandbox->is_initialized(), "v8::V8::GetSandboxMode", + "The sandbox must be initialized first"); + const bool partial = sandbox->is_partially_reserved(); + const bool smi_inaccessible = sandbox->smi_address_range_is_inaccessible(); + + if (!partial && smi_inaccessible) { + return SandboxMode::kSecure; + } + if (partial && smi_inaccessible) { + return SandboxMode::kInsecurePartialReservationSmiInaccessible; + } + if (!partial && !smi_inaccessible) { + return SandboxMode::kInsecureFullReservationSmiAccessible; + } + if (partial && !smi_inaccessible) { + return SandboxMode::kInsecurePartialReservationSmiAccessible; + } + return SandboxMode::kInsecure; +} + bool v8::V8::IsSandboxConfiguredSecurely() { Utils::ApiCheck(i::Sandbox::current()->is_initialized(), "v8::V8::IsSandoxConfiguredSecurely", @@ -6628,7 +6673,7 @@ static i::DirectHandle CreateEnvironment( global_constructor->GetNamedPropertyHandler(), i_isolate); i::FunctionTemplateInfo::SetNamedPropertyHandler( i_isolate, global_constructor, - i_isolate->factory()->noop_interceptor_info()); + i_isolate->factory()->noop_named_interceptor_info()); } if (!IsUndefined(global_constructor->GetIndexedPropertyHandler(), i_isolate)) { @@ -6636,7 +6681,7 @@ static i::DirectHandle CreateEnvironment( global_constructor->GetIndexedPropertyHandler(), i_isolate); i::FunctionTemplateInfo::SetIndexedPropertyHandler( i_isolate, global_constructor, - i_isolate->factory()->noop_interceptor_info()); + i_isolate->factory()->noop_indexed_interceptor_info()); } } @@ -6809,8 +6854,9 @@ bool IsJSReceiverSafeToFreeze(i::InstanceType obj_type) { case i::JS_GLOBAL_OBJECT_TYPE: case i::JS_GLOBAL_PROXY_TYPE: case i::JS_PRIMITIVE_WRAPPER_TYPE: - case i::JS_FUNCTION_TYPE: /* Function types */ + case i::JS_FUNCTION_WITHOUT_PROTOTYPE_TYPE: + case i::JS_FUNCTION_TYPE: case i::BIGINT64_TYPED_ARRAY_CONSTRUCTOR_TYPE: case i::BIGUINT64_TYPED_ARRAY_CONSTRUCTOR_TYPE: case i::FLOAT16_TYPED_ARRAY_CONSTRUCTOR_TYPE: @@ -7116,8 +7162,12 @@ void Context::SetMicrotaskQueue(v8::MicrotaskQueue* queue) { Utils::ApiCheck(impl->EnteredContextCount() == 0, "v8::Context::SetMicrotaskQueue()", "Cannot set Microtask Queue with an entered context"); - context->set_microtask_queue(i_isolate, - static_cast(queue)); + auto* mq = static_cast(queue); + context->set_microtask_queue(i_isolate, mq); + // Invalidate the EnqueueMicrotask cache if it references this context. + if (i_isolate->current_microtask_native_context() == *context) { + i_isolate->set_current_microtask_native_context(i::Smi::zero()); + } } v8::Local Context::Global() { @@ -7256,17 +7306,18 @@ metrics::LongTaskStats metrics::LongTaskStats::Get(v8::Isolate* v8_isolate) { namespace { i::ValueHelper::InternalRepresentationType GetSerializedDataFromFixedArray( i::Isolate* i_isolate, i::Tagged list, size_t index) { - if (index < static_cast(list->length())) { - int int_index = static_cast(index); - i::Tagged object = list->get(int_index); + uint32_t list_len = list->ulength().value(); + if (index < list_len) { + uint32_t uint_index = static_cast(index); + i::Tagged object = list->get(uint_index); if (!IsTheHole(object, i_isolate)) { - list->set_the_hole(i_isolate, int_index); + list->set_the_hole(i_isolate, uint_index); // Shrink the list so that the last element is not the hole (unless it's // the first element, because we don't want to end up with a non-canonical // empty FixedArray). - int last = list->length() - 1; - while (last >= 0 && list->is_the_hole(i_isolate, last)) last--; - if (last != -1) list->RightTrim(i_isolate, last + 1); + uint32_t last = list_len; + while (last > 0 && list->is_the_hole(i_isolate, last - 1)) last--; + if (last > 0) list->RightTrim(i_isolate, last); return i::Handle(object, i_isolate).repr(); } } @@ -7358,12 +7409,12 @@ bool FunctionTemplate::HasInstance(v8::Local value) { return true; } if (i::IsJSGlobalProxy(*obj)) { + auto jsobj = Cast(*obj); + if (jsobj->IsDetached()) return false; // If it's a global proxy, then test with the global object. Note that the // inner global object may not necessarily be a JSGlobalObject. - auto jsobj = i::Cast(*obj); i::PrototypeIterator iter(i::Isolate::Current(), jsobj->map()); - // The global proxy should always have a prototype, as it is a bug to call - // this on a detached JSGlobalProxy. + // Non-detached global proxy should always have a prototype. DCHECK(!iter.IsAtEnd()); return self->IsTemplateFor(iter.GetCurrent()); } @@ -8006,7 +8057,7 @@ MaybeLocal v8::RegExp::NewWithBacktrackLimit( Local v8::RegExp::GetSource() const { auto obj = Utils::OpenDirectHandle(this); i::Isolate* i_isolate = i::Isolate::Current(); - return Utils::ToLocal(i::direct_handle(obj->EscapedPattern(), i_isolate)); + return Utils::ToLocal(i::direct_handle(obj->source(i_isolate), i_isolate)); } // Assert that the static flags cast in GetFlags is valid. @@ -8037,13 +8088,13 @@ MaybeLocal v8::RegExp::Exec(Local context, auto regexp = Utils::OpenHandle(this); auto subject_string = Utils::OpenDirectHandle(*subject); - // TODO(jgruber): RegExpUtils::RegExpExec was not written with efficiency in + // TODO(jgruber): regexp::Utils::RegExpExec was not written with efficiency in // mind. It fetches the 'exec' property and then calls it through JSEntry. // Unfortunately, this is currently the only full implementation of // RegExp.prototype.exec available in C++. i::DirectHandle result; - if (!i::RegExpUtils::RegExpExec(i_isolate, regexp, subject_string, - i_isolate->factory()->undefined_value()) + if (!i::regexp::Utils::RegExpExec(i_isolate, regexp, subject_string, + i_isolate->factory()->undefined_value()) .ToHandle(&result)) { return {}; } @@ -8073,10 +8124,11 @@ Local v8::Array::New(Isolate* v8_isolate, Local* elements, i::Factory* factory = i_isolate->factory(); ApiRuntimeCallStatsScope rcs_scope(i_isolate, RCCId::kAPI_Array_New); EnterV8NoScriptNoExceptionScope api_scope(i_isolate); - int len = static_cast(length); + DCHECK_LE(length, i::kMaxUInt32); + const uint32_t len = static_cast(length); i::DirectHandle result = factory->NewFixedArray(len); - for (int i = 0; i < len; i++) { + for (uint32_t i = 0; i < len; i++) { auto element = Utils::OpenDirectHandle(*elements[i]); result->set(i, *element); } @@ -8092,10 +8144,11 @@ MaybeLocal v8::Array::New( PrepareForExecutionScope api_scope{context, RCCId::kAPI_Array_New}; i::Isolate* i_isolate = api_scope.i_isolate(); i::Factory* factory = i_isolate->factory(); - const int len = static_cast(length); + DCHECK_LE(length, i::kMaxUInt32); + const uint32_t len = static_cast(length); i::DirectHandle backing = factory->NewFixedArray(len); v8::Local value; - for (int i = 0; i < len; i++) { + for (uint32_t i = 0; i < len; i++) { MaybeLocal maybe_value = next_value_callback(); // The embedder may signal to abort creation on exception via an empty // local. @@ -8440,7 +8493,7 @@ i::DirectHandle MapAsArray(i::Isolate* i_isolate, int max_length = (capacity - offset) * ((collect_keys && collect_values) ? 2 : 1); i::DirectHandle result = factory->NewFixedArray(max_length); - int result_index = 0; + uint32_t result_index = 0; { i::DisallowGarbageCollection no_gc; i::Tagged hash_table_hole = @@ -8542,7 +8595,7 @@ i::DirectHandle SetAsArray(i::Isolate* i_isolate, int max_length = (capacity - offset) * (collect_key_values ? 2 : 1); if (max_length == 0) return factory->NewJSArray(0); i::DirectHandle result = factory->NewFixedArray(max_length); - int result_index = 0; + uint32_t result_index = 0; { i::DisallowGarbageCollection no_gc; i::Tagged hash_table_hole = @@ -8718,7 +8771,14 @@ Promise::PromiseState Promise::State() { } void Promise::MarkAsHandled() { - Utils::OpenDirectHandle(this)->set_has_handler(true); + auto promise = Utils::OpenDirectHandle(this); + i::Isolate* i_isolate = i::Isolate::Current(); + if (!promise->has_handler() && + promise->status() == Promise::PromiseState::kRejected) { + i_isolate->ReportPromiseReject(promise, i::DirectHandle(), + v8::kPromiseHandlerAddedAfterReject); + } + promise->set_has_handler(true); } void Promise::MarkAsSilent() { @@ -8873,6 +8933,30 @@ Local WasmMemoryMapDescriptor::New( #endif } +size_t WasmMemoryMapDescriptor::Map(Local memory, + uint32_t offset) { +#if V8_ENABLE_WEBASSEMBLY + CHECK(i::v8_flags.experimental_wasm_memory_control); + return Utils::OpenDirectHandle(this)->MapDescriptor( + Utils::OpenDirectHandle(*memory), offset); +#else + Utils::ApiCheck(false, "WasmMemoryMapDescriptor::Map", + "WebAssembly support is not enabled"); + UNREACHABLE(); +#endif +} + +void WasmMemoryMapDescriptor::Unmap() { +#if V8_ENABLE_WEBASSEMBLY + CHECK(i::v8_flags.experimental_wasm_memory_control); + Utils::OpenDirectHandle(this)->UnmapDescriptor(); +#else + Utils::ApiCheck(false, "WasmMemoryMapDescriptor::Unmap", + "WebAssembly support is not enabled"); + UNREACHABLE(); +#endif +} + // static v8::ArrayBuffer::Allocator* v8::ArrayBuffer::Allocator::NewDefaultAllocator() { #ifdef V8_ENABLE_SANDBOX @@ -9028,7 +9112,7 @@ Local v8::ArrayBuffer::New( if (obj->backing_store() && static_cast(obj->GetBackingStore().get()) ->is_immutable()) { - obj->set_is_immutable(true); + obj->MakeImmutable(i_isolate); } return Utils::ToLocal(obj); } @@ -9048,8 +9132,7 @@ std::unique_ptr v8::ArrayBuffer::NewBackingStore( } EnterV8NoScriptNoExceptionScope api_scope(i_isolate); std::unique_ptr backing_store = - i::BackingStore::Allocate(i_isolate, byte_length, - i::SharedFlag::kNotShared, + i::BackingStore::Allocate(i_isolate, byte_length, i::SharedFlag::kNo, GetInitializedFlag(initialization_mode)); if (!backing_store) { if (on_failure == BackingStoreOnFailureMode::kOutOfMemory) { @@ -9092,7 +9175,7 @@ std::unique_ptr v8::ArrayBuffer::NewBackingStore( std::unique_ptr backing_store = i::BackingStore::WrapAllocation(data, byte_length, deleter, deleter_data, - i::SharedFlag::kNotShared); + i::SharedFlag::kNo); return std::unique_ptr( static_cast(backing_store.release())); } @@ -9120,7 +9203,7 @@ std::unique_ptr v8::ArrayBuffer::NewResizableBackingStore( std::unique_ptr backing_store = i::BackingStore::TryAllocateAndPartiallyCommitMemory( nullptr, byte_length, max_byte_length, page_size, initial_pages, - max_pages, i::WasmMemoryFlag::kNotWasm, i::SharedFlag::kNotShared); + max_pages, i::WasmMemoryFlag::kNotWasm, i::SharedFlag::kNo); if (!backing_store) { i::V8::FatalProcessOutOfMemory(nullptr, "v8::ArrayBuffer::NewResizableBackingStore"); @@ -9372,7 +9455,7 @@ Local v8::SharedArrayBuffer::New( EnterV8NoScriptNoExceptionScope api_scope(i_isolate); std::unique_ptr backing_store = - i::BackingStore::Allocate(i_isolate, byte_length, i::SharedFlag::kShared, + i::BackingStore::Allocate(i_isolate, byte_length, i::SharedFlag::kYes, GetInitializedFlag(initialization_mode)); if (!backing_store) { @@ -9393,7 +9476,7 @@ MaybeLocal v8::SharedArrayBuffer::MaybeNew( EnterV8NoScriptNoExceptionScope api_scope(i_isolate); std::unique_ptr backing_store = - i::BackingStore::Allocate(i_isolate, byte_length, i::SharedFlag::kShared, + i::BackingStore::Allocate(i_isolate, byte_length, i::SharedFlag::kYes, GetInitializedFlag(initialization_mode)); if (!backing_store) return {}; @@ -9438,7 +9521,7 @@ std::unique_ptr v8::SharedArrayBuffer::NewBackingStore( } EnterV8NoScriptNoExceptionScope api_scope(i_isolate); std::unique_ptr backing_store = - i::BackingStore::Allocate(i_isolate, byte_length, i::SharedFlag::kShared, + i::BackingStore::Allocate(i_isolate, byte_length, i::SharedFlag::kYes, GetInitializedFlag(initialization_mode)); if (!backing_store) { if (on_failure == BackingStoreOnFailureMode::kOutOfMemory) { @@ -9459,7 +9542,7 @@ std::unique_ptr v8::SharedArrayBuffer::NewBackingStore( CHECK_LE(byte_length, i::JSArrayBuffer::kMaxByteLength); std::unique_ptr backing_store = i::BackingStore::WrapAllocation(data, byte_length, deleter, deleter_data, - i::SharedFlag::kShared); + i::SharedFlag::kYes); return std::unique_ptr( static_cast(backing_store.release())); } @@ -9647,36 +9730,14 @@ int64_t Isolate::AdjustAmountOfExternalAllocatedMemoryImpl( } i::Isolate* i_isolate = reinterpret_cast(this); - const uint64_t amount = - i_isolate->heap()->UpdateExternalMemory(change_in_bytes); - - if (change_in_bytes <= 0) { - return amount; - } - -#if V8_VERIFY_WRITE_BARRIERS - // Incrementing the number of allocated bytes may trigger GC. - i_isolate->main_thread_local_heap() - ->allocator() - ->ResetMostRecentYoungAllocation(); -#endif - - if (amount > i_isolate->heap()->external_memory_limit_for_interrupt()) { - HandleExternalMemoryInterrupt(); - } - return amount; -} - -void Isolate::HandleExternalMemoryInterrupt() { - i::Heap* heap = reinterpret_cast(this)->heap(); - if (heap->gc_state() != i::Heap::NOT_IN_GC) return; - heap->HandleExternalMemoryInterrupt(); + return i_isolate->heap()->UpdateExternalMemory(change_in_bytes); } bool Isolate::RetryCustomAllocate(std::function allocate) { i::Heap* heap = reinterpret_cast(this)->heap(); return heap->allocator()->RetryCustomAllocate( - [&allocate]() { return allocate(); }, internal::AllocationType::kOld); + [&allocate]() { return allocate(); }, internal::AllocationType::kOld, + internal::GarbageCollectionReason::kAllocationFailure); } IsolateGroup::IsolateGroup(i::IsolateGroup*&& isolate_group) @@ -11151,6 +11212,7 @@ String::Value::Value(v8::Isolate* v8_isolate, v8::Local obj) Local str; if (!obj->ToString(context).ToLocal(&str)) return; length_ = str->Length(); + SBXCHECK_LT(length_, String::kMaxLength); str_ = i::NewArray(length_ + 1); str->WriteV2(v8_isolate, 0, length_, str_, String::WriteFlags::kNullTerminate); @@ -11850,21 +11912,6 @@ const HeapSnapshot* HeapProfiler::TakeHeapSnapshot( reinterpret_cast(this)->TakeSnapshot(options)); } -const HeapSnapshot* HeapProfiler::TakeHeapSnapshot(ActivityControl* control, - ObjectNameResolver* resolver, - bool hide_internals, - bool capture_numeric_value) { - HeapSnapshotOptions options; - options.control = control; - options.global_object_name_resolver = resolver; - options.snapshot_mode = hide_internals ? HeapSnapshotMode::kRegular - : HeapSnapshotMode::kExposeInternals; - options.numerics_mode = capture_numeric_value - ? NumericsMode::kExposeNumericValues - : NumericsMode::kHideNumericValues; - return TakeHeapSnapshot(options); -} - const HeapSnapshot* HeapProfiler::TakeHeapSnapshot( ActivityControl* control, ContextNameResolver* resolver, bool hide_internals, bool capture_numeric_value) { @@ -11879,20 +11926,6 @@ const HeapSnapshot* HeapProfiler::TakeHeapSnapshot( return TakeHeapSnapshot(options); } -const HeapSnapshot* HeapProfiler::TakeHeapSnapshot(ActivityControl* control, - std::nullptr_t resolver, - bool hide_internals, - bool capture_numeric_value) { - HeapSnapshotOptions options; - options.control = control; - options.snapshot_mode = hide_internals ? HeapSnapshotMode::kRegular - : HeapSnapshotMode::kExposeInternals; - options.numerics_mode = capture_numeric_value - ? NumericsMode::kExposeNumericValues - : NumericsMode::kHideNumericValues; - return TakeHeapSnapshot(options); -} - std::vector> HeapProfiler::GetDetachedJSWrapperObjects() { return reinterpret_cast(this) ->GetDetachedJSWrapperObjects(); @@ -12463,8 +12496,8 @@ template bool ValidatePropertyCallbackInfo(const PropertyCallbackInfo& info) { auto* i_isolate = reinterpret_cast(info.GetIsolate()); CHECK_EQ(i_isolate, Isolate::Current()); - CHECK(info.HolderV2()->IsObject()); - CHECK(!i::IsJSGlobalObject(*Utils::OpenDirectHandle(*info.HolderV2()))); + CHECK(info.Holder()->IsObject()); + CHECK(!i::IsJSGlobalObject(*Utils::OpenDirectHandle(*info.Holder()))); if (i::PropertyCallbackArguments::IsNamed(info)) { i::Tagged name = diff --git a/deps/v8/src/api/api.h b/deps/v8/src/api/api.h index 8548fb9ff9dbca..1904c8f086697e 100644 --- a/deps/v8/src/api/api.h +++ b/deps/v8/src/api/api.h @@ -95,6 +95,7 @@ class RegisteredExtension { V(ToLocal, Module, Module) \ V(ToLocal, Name, Name) \ V(ToLocal, String, String) \ + V(ToLocal, InternalizedString, String) \ V(ToLocal, Symbol, Symbol) \ V(ToLocal, JSDate, Object) \ V(ToLocal, JSRegExp, RegExp) \ diff --git a/deps/v8/src/asmjs/asm-js.cc b/deps/v8/src/asmjs/asm-js.cc index 3e2cc1f39efdb4..57968fe80986e1 100644 --- a/deps/v8/src/asmjs/asm-js.cc +++ b/deps/v8/src/asmjs/asm-js.cc @@ -423,8 +423,9 @@ MaybeDirectHandle AsmJs::InstantiateAsmWasm( if (isolate->is_execution_terminating()) return {}; if (isolate->has_exception()) isolate->clear_exception(); if (thrower.error()) { - base::ScopedVector error_reason(100); - SNPrintF(error_reason, "Internal wasm failure: %s", thrower.error_msg()); + auto error_reason = base::OwnedVector::NewForOverwrite(100); + SNPrintF(error_reason.as_vector(), "Internal wasm failure: %s", + thrower.error_msg()); ReportInstantiationFailure(script, position, error_reason.begin()); } else { ReportInstantiationFailure(script, position, "Internal wasm failure"); diff --git a/deps/v8/src/asmjs/asm-parser.cc b/deps/v8/src/asmjs/asm-parser.cc index d14b05048126cc..904014d6be9b83 100644 --- a/deps/v8/src/asmjs/asm-parser.cc +++ b/deps/v8/src/asmjs/asm-parser.cc @@ -17,6 +17,7 @@ #include "src/flags/flags.h" #include "src/numbers/conversions-inl.h" #include "src/parsing/scanner.h" +#include "src/wasm/wasm-init-expr.h" #include "src/wasm/wasm-limits.h" #include "src/wasm/wasm-opcodes.h" diff --git a/deps/v8/src/asmjs/asm-parser.h b/deps/v8/src/asmjs/asm-parser.h index 179043a022e639..8ddbff338f9e95 100644 --- a/deps/v8/src/asmjs/asm-parser.h +++ b/deps/v8/src/asmjs/asm-parser.h @@ -21,6 +21,8 @@ class Utf16CharacterStream; namespace wasm { +class WasmInitExpr; + // A custom parser + validator + wasm converter for asm.js: // http://asmjs.org/spec/latest/ // This parser intentionally avoids the portion of JavaScript parsing diff --git a/deps/v8/src/ast/ast-value-factory.cc b/deps/v8/src/ast/ast-value-factory.cc index 277d21029a82c0..e93541cc0d3f6b 100644 --- a/deps/v8/src/ast/ast-value-factory.cc +++ b/deps/v8/src/ast/ast-value-factory.cc @@ -299,23 +299,23 @@ AstStringConstants::AstStringConstants(Isolate* isolate, string_table_(), hash_seed_(hash_seed) { DCHECK_EQ(ThreadId::Current(), isolate->thread_id()); -#define F(name, str) \ - { \ - static const char data[] = str; \ - base::Vector literal( \ - reinterpret_cast(data), \ - static_cast(arraysize(data) - 1)); \ - IndirectHandle handle = isolate->factory()->name(); \ - uint32_t raw_hash_field = handle->raw_hash_field(); \ - DCHECK_EQ(raw_hash_field, \ - StringHasher::HashSequentialString( \ - literal.begin(), literal.length(), hash_seed_)); \ - DCHECK_EQ(literal.length(), handle->length()); \ - name##_ = zone_.New(true, literal, raw_hash_field); \ - /* The Handle returned by the factory is located on the roots */ \ - /* array, not on the temporary HandleScope, so this is safe. */ \ - name##_->set_string(handle); \ - string_table_.InsertNew(name##_, name##_->Hash()); \ +#define F(name, str) \ + { \ + static const char data[] = str; \ + base::Vector literal( \ + reinterpret_cast(data), \ + static_cast(arraysize(data) - 1)); \ + IndirectHandle handle = isolate->factory()->name(); \ + uint32_t raw_hash_field = handle->raw_hash_field(); \ + DCHECK_EQ(raw_hash_field, \ + StringHasher::HashSequentialString( \ + literal.begin(), literal.length(), hash_seed_)); \ + DCHECK_EQ(literal.length(), handle->length()); \ + name##_ = zone_.New(true, literal, raw_hash_field); \ + /* The Handle returned by the factory is located on the roots */ \ + /* array, not on the temporary HandleScope, so this is safe. */ \ + name##_->set_string(handle); \ + string_table_.InsertNew(name##_, name##_->Hash()); \ } AST_STRING_CONSTANTS(F) #undef F diff --git a/deps/v8/src/ast/ast-value-factory.h b/deps/v8/src/ast/ast-value-factory.h index 11c005ddd435f0..5ca83bc76f224b 100644 --- a/deps/v8/src/ast/ast-value-factory.h +++ b/deps/v8/src/ast/ast-value-factory.h @@ -87,7 +87,7 @@ class AstRawString final : public ZoneObject { } // This function can be called after internalizing. - V8_INLINE IndirectHandle string() const { + V8_INLINE IndirectHandle string() const { DCHECK(has_string_); return string_; } @@ -118,7 +118,7 @@ class AstRawString final : public ZoneObject { return &next_; } - void set_string(IndirectHandle string) { + void set_string(IndirectHandle string) { DCHECK(!string.is_null()); DCHECK(!has_string_); string_ = string; @@ -129,7 +129,7 @@ class AstRawString final : public ZoneObject { union { AstRawString* next_; - IndirectHandle string_; + IndirectHandle string_; }; base::Vector literal_bytes_; // Memory owned by Zone. diff --git a/deps/v8/src/ast/ast.cc b/deps/v8/src/ast/ast.cc index 214a746bfce0b9..2c4c900a1793e4 100644 --- a/deps/v8/src/ast/ast.cc +++ b/deps/v8/src/ast/ast.cc @@ -12,6 +12,7 @@ #include "src/base/hashmap.h" #include "src/base/logging.h" #include "src/base/numbers/double.h" +#include "src/base/vector.h" #include "src/builtins/builtins-constructor.h" #include "src/builtins/builtins.h" #include "src/common/assert-scope.h" @@ -278,14 +279,12 @@ void FunctionLiteral::set_class_scope_has_private_brand(bool value) { ObjectLiteralProperty::ObjectLiteralProperty(Expression* key, Expression* value, Kind kind, bool is_computed_name) - : LiteralProperty(key, value, is_computed_name), - kind_(kind), - emit_store_(true) {} + : LiteralProperty(key, value, is_computed_name), kind_(kind) {} ObjectLiteralProperty::ObjectLiteralProperty(AstValueFactory* ast_value_factory, Expression* key, Expression* value, bool is_computed_name) - : LiteralProperty(key, value, is_computed_name), emit_store_(true) { + : LiteralProperty(key, value, is_computed_name) { if (!is_computed_name && key->AsLiteral()->IsRawString() && key->AsLiteral()->AsRawString() == ast_value_factory->proto_string()) { kind_ = PROTOTYPE; @@ -342,9 +341,14 @@ void ObjectLiteral::CalculateEmitStore(Zone* zone) { const auto GETTER = ObjectLiteral::Property::GETTER; const auto SETTER = ObjectLiteral::Property::SETTER; - CustomMatcherZoneHashMap table(Literal::Match, - ZoneHashMap::kDefaultHashMapCapacity, - ZoneAllocationPolicy(zone)); + using LiteralMatcher = + base::HashEqualityThenKeyMatcher; + base::TemplateHashMapImpl + table(ZoneHashMap::kDefaultHashMapCapacity, + LiteralMatcher(Literal::Match), ZoneAllocationPolicy(zone)); + + // We iterate backwards, so the first property we see is the last one in + // source order. for (int i = properties()->length() - 1; i >= 0; i--) { ObjectLiteral::Property* property = properties()->at(i); if (property->is_computed_name()) continue; @@ -353,35 +357,88 @@ void ObjectLiteral::CalculateEmitStore(Zone* zone) { DCHECK(!literal->IsNullLiteral()); uint32_t hash = literal->Hash(); - ZoneHashMap::Entry* entry = table.LookupOrInsert(literal, hash); - if (entry->value == nullptr) { - entry->value = property; + auto* entry = table.LookupOrInsert(literal, hash, []() { return -1; }); + if (entry->value == -1) { + // First time we see this key (it's the last property in the literal). + entry->value = i; + DCHECK(property->is_first_instance_of_key()); + property->set_last_instance_index(i); } else { - // We already have a later definition of this property, so we don't need - // to emit a store for the current one. - // - // There are two subtleties here. - // - // (1) Emitting a store might actually be incorrect. For example, in {get - // foo() {}, foo: 42}, the getter store would override the data property - // (which, being a non-computed compile-time valued property, is already - // part of the initial literal object. + int previous_index = entry->value; + ObjectLiteral::Property* previous_prop = properties()->at(previous_index); + + // Properties are deduplicated preserving source order. For a given key, + // we only keep the last-occurring instance in the boilerplate. Earlier + // instances must have their stores eliminated, unless they are a + // complementary accessor to the last-occurring instance. // - // (2) If the later definition is an accessor (say, a getter), and the - // current definition is a complementary accessor (here, a setter), then - // we still must emit a store for the current definition. - - auto later_kind = - static_cast(entry->value)->kind(); - bool complementary_accessors = - (property->kind() == GETTER && later_kind == SETTER) || - (property->kind() == SETTER && later_kind == GETTER); - if (!complementary_accessors) { - property->set_emit_store(false); - if (later_kind == GETTER || later_kind == SETTER) { - entry->value = property; + // Examples: + // { a: 1, a: 2 } -> [a: 1] disabled, [a: 2] kept. + // { get a(){}, a: 1 } -> [get a] disabled, [a: 1] kept. + // { get a(){}, set a(){} } -> [get a] kept, [set a] kept. + // { get a(){}_1, get a(){}_2, set a(){} } + // -> [get a]_1 disabled (redundant), + // [get a]_2 kept, [set a] kept. + // { get a(){}, a: 1, set a(){} } + // -> [get a] disabled (shielded by a: 1), + // [a: 1] disabled, [set a] kept. + + int last_index = previous_prop->last_instance_index(); + bool is_candidate; + if (last_index == previous_index) { + // This is the first duplicate we've found for this key. previous_prop + // is the absolute last instance in source order. + is_candidate = (previous_prop->kind() == GETTER || + previous_prop->kind() == SETTER); + } else { + is_candidate = previous_prop->is_complementary_accessor_candidate(); + } + + if (is_candidate) { + ObjectLiteral::Property* last_prop = properties()->at(last_index); + auto last_kind = last_prop->kind(); + bool complementary_accessors = + (property->kind() == GETTER && last_kind == SETTER) || + (property->kind() == SETTER && last_kind == GETTER); + + if (complementary_accessors) { + // The current property is a complementary accessor to the last one. + // It stays emit_store = true. We don't propagate the candidate bit + // so that any further accessors of the same kind are disabled. + } else { + property->set_emit_store(false); + // If this duplicate is the same kind of accessor as the last one, + // it doesn't shield earlier properties, so we propagate the bit. + // + // Example: { get x(){}_1, set x(){}, get x(){}_2 } + // Here [get x]_2 is the last instance. When we see [set x], we + // don't propagate the bit, so that [get x]_1 is later disabled + // because it's a redundant getter. + // + // However, in { get x(){}_1, set x(){}_1, set x(){}_2 }, when we see + // [set x]_1, it matches the last instance's kind (SETTER), so we + // propagate the bit to [set x]_1 so that it can later pair with + // [get x]_1. + if (property->kind() == last_kind) { + property->set_is_complementary_accessor_candidate(true); + } } + } else { + // No accessor candidate, so this duplicate definitely doesn't need to + // emit a store. + property->set_emit_store(false); } + + // Transition the previous instance. It's no longer the first instance. + previous_prop->set_is_first_instance_of_key(false); + + // The current property (at index i) is now the earliest instance of this + // key we've seen so far. We mark it as the "first instance" to preserve + // insertion order in the boilerplate, and link it to the absolute last + // instance (which provides the final value for this key). + DCHECK(property->is_first_instance_of_key()); + property->set_last_instance_index(last_index); + entry->value = i; } } } @@ -477,39 +534,55 @@ void ObjectLiteralBoilerplateBuilder::InitDepthAndFlags() { ((2 * elements) >= max_element_index)); } +namespace {} // namespace + template void ObjectLiteralBoilerplateBuilder::BuildBoilerplateDescription( IsolateT* isolate) { if (!boilerplate_description_.is_null()) return; - int index_keys = 0; - bool has_seen_proto = false; + int backing_store_size = 0; + bool saw_computed_name = false; + int boilerplate_property_count = 0; + for (int i = 0; i < properties()->length(); i++) { ObjectLiteral::Property* property = properties()->at(i); - if (property->IsPrototype()) { - has_seen_proto = true; + if (property->IsPrototype()) continue; + + if (property->is_computed_name()) { + saw_computed_name = true; + backing_store_size++; continue; } - if (property->is_computed_name()) continue; Literal* key = property->key()->AsLiteral(); - if (!key->IsPropertyName()) index_keys++; + if (saw_computed_name) { + if (key->IsPropertyName()) backing_store_size++; + continue; + } + + if (property->is_first_instance_of_key()) { + boilerplate_property_count++; + if (key->IsPropertyName()) backing_store_size++; + } } Handle boilerplate_description = isolate->factory()->NewObjectBoilerplateDescription( - boilerplate_properties_, properties()->length(), index_keys, - has_seen_proto); + boilerplate_property_count, backing_store_size); int position = 0; for (int i = 0; i < properties()->length(); i++) { ObjectLiteral::Property* property = properties()->at(i); if (property->IsPrototype()) continue; - - if (static_cast(position) == boilerplate_properties_) { - DCHECK(property->is_computed_name()); - break; + if (property->is_computed_name()) break; + if (property->emit_store()) { + if (!property->is_first_instance_of_key()) continue; + } else { + if (!property->is_first_instance_of_key()) continue; + property = properties()->at(property->last_instance_index()); } + DCHECK(!property->is_computed_name()); MaterializedLiteral* m_literal = property->value()->AsMaterializedLiteral(); @@ -522,17 +595,21 @@ void ObjectLiteralBoilerplateBuilder::BuildBoilerplateDescription( // in at runtime. The enumeration order is maintained. Literal* key_literal = property->key()->AsLiteral(); uint32_t element_index = 0; - DirectHandle key = - key_literal->AsArrayIndex(&element_index) - ? isolate->factory() - ->template NewNumberFromUint( - element_index) - : Cast(key_literal->AsRawPropertyName()->string()); + DirectHandle key; + if (key_literal->AsArrayIndex(&element_index)) { + key = + isolate->factory()->template NewNumberFromUint( + element_index); + } else { + key = key_literal->AsRawPropertyName()->string(); + } DirectHandle value = GetBoilerplateValue(property->value(), isolate); boilerplate_description->set_key_value(position++, *key, *value); } + DCHECK_EQ(position, boilerplate_property_count); + boilerplate_description->set_flags(EncodeLiteralType()); boilerplate_description_ = boilerplate_description; @@ -818,8 +895,8 @@ Handle GetTemplateObject::GetOrBuildDescription( { DisallowGarbageCollection no_gc; Tagged raw_strings = *raw_strings_handle; - - for (int i = 0; i < raw_strings->length(); ++i) { + uint32_t raw_strings_len = raw_strings->ulength().value(); + for (uint32_t i = 0; i < raw_strings_len; ++i) { if (this->raw_strings()->at(i) != this->cooked_strings()->at(i)) { // If the AstRawStrings don't match, then neither should the allocated // Strings, since the AstValueFactory should have deduplicated them @@ -839,8 +916,9 @@ Handle GetTemplateObject::GetOrBuildDescription( this->cooked_strings()->length(), AllocationType::kOld); DisallowGarbageCollection no_gc; Tagged cooked_strings = *cooked_strings_handle; + uint32_t cooked_strings_len = cooked_strings->ulength().value(); ReadOnlyRoots roots(isolate); - for (int i = 0; i < cooked_strings->length(); ++i) { + for (uint32_t i = 0; i < cooked_strings_len; ++i) { if (this->cooked_strings()->at(i) != nullptr) { cooked_strings->set(i, *this->cooked_strings()->at(i)->string()); } else { diff --git a/deps/v8/src/ast/ast.h b/deps/v8/src/ast/ast.h index 9b58001ac7b75a..7d5d0d14041c6c 100644 --- a/deps/v8/src/ast/ast.h +++ b/deps/v8/src/ast/ast.h @@ -1098,7 +1098,9 @@ class MaterializedLiteral : public Expression { // Node for capturing a regexp literal. class RegExpLiteral final : public MaterializedLiteral { public: - DirectHandle pattern() const { return pattern_->string(); } + DirectHandle pattern() const { + return pattern_->string(); + } const AstRawString* raw_pattern() const { return pattern_; } int flags() const { return flags_; } @@ -1251,16 +1253,21 @@ class LiteralProperty : public ZoneObject { // Property is used for passing information // about an object literal's properties from the parser // to the code generator. +#define OBJECT_LITERAL_PROPERTY_KIND_LIST(V) \ + V(CONSTANT) /* Property with constant value (compile time). */ \ + V(COMPUTED) /* Property with computed value (execution time). */ \ + V(MATERIALIZED_LITERAL) /* Property value is a materialized literal. */ \ + V(GETTER) \ + V(SETTER) /* Property is an accessor function. */ \ + V(PROTOTYPE) /* Property is __proto__. */ \ + V(SPREAD) + class ObjectLiteralProperty final : public LiteralProperty { public: enum Kind : uint8_t { - CONSTANT, // Property with constant value (compile time). - COMPUTED, // Property with computed value (execution time). - MATERIALIZED_LITERAL, // Property value is a materialized literal. - GETTER, - SETTER, // Property is an accessor function. - PROTOTYPE, // Property is __proto__. - SPREAD +#define DEFINE_KIND(kind) kind, + OBJECT_LITERAL_PROPERTY_KIND_LIST(DEFINE_KIND) +#undef DEFINE_KIND }; Kind kind() const { return kind_; } @@ -1270,6 +1277,36 @@ class ObjectLiteralProperty final : public LiteralProperty { void set_emit_store(bool emit_store); bool emit_store() const; + // For the first instance of a property name in an object literal (by + // insertion order), this is the index of the last instance. The last + // instance is the one that provides the value actually serialized into the + // boilerplate. + void set_last_instance_index(int index) { + DCHECK(is_first_instance_of_key()); + value_index_ = index; + } + int last_instance_index() const { + DCHECK(is_first_instance_of_key()); + return value_index_; + } + + void set_is_first_instance_of_key(bool is_first) { + is_first_instance_of_key_ = is_first; + } + bool is_first_instance_of_key() const { return is_first_instance_of_key_; } + + // For an instance of a property name in an object literal, this indicates + // whether the last instance of this property name is an accessor that can + // still be paired with a complementary accessor earlier in the object + // literal. + void set_is_complementary_accessor_candidate(bool is_candidate) { + DCHECK(!is_candidate || kind() == GETTER || kind() == SETTER); + is_complementary_accessor_candidate_ = is_candidate; + } + bool is_complementary_accessor_candidate() const { + return is_complementary_accessor_candidate_; + } + bool IsNullPrototype() const { return IsPrototype() && value()->IsNullLiteral(); } @@ -1285,7 +1322,10 @@ class ObjectLiteralProperty final : public LiteralProperty { Expression* value, bool is_computed_name); Kind kind_; - bool emit_store_; + bool emit_store_ = true; + bool is_first_instance_of_key_ = true; + bool is_complementary_accessor_candidate_ = false; + int value_index_ = -1; }; // class for build object boilerplate @@ -1497,7 +1537,7 @@ class VariableProxy final : public Expression { public: bool IsValidReferenceExpression() const { return !is_new_target(); } - DirectHandle name() const { return raw_name()->string(); } + DirectHandle name() const { return raw_name()->string(); } const AstRawString* raw_name() const { return is_resolved() ? var_->raw_name() : raw_name_; } @@ -1537,6 +1577,13 @@ class VariableProxy final : public Expression { bit_field_ = IsNewTargetField::update(bit_field_, true); } + bool is_inside_try_catch() const { + return IsInsideTryCatchField::decode(bit_field_); + } + void set_is_inside_try_catch() { + bit_field_ = IsInsideTryCatchField::update(bit_field_, true); + } + HoleCheckMode hole_check_mode() const { HoleCheckMode mode = HoleCheckModeField::decode(bit_field_); DCHECK_IMPLIES(mode == HoleCheckMode::kRequired, @@ -1606,6 +1653,7 @@ class VariableProxy final : public Expression { IsResolvedField::encode(false) | IsRemovedFromUnresolvedField::encode(false) | IsHomeObjectField::encode(false) | + IsInsideTryCatchField::encode(false) | HoleCheckModeField::encode(HoleCheckMode::kElided); } @@ -1616,7 +1664,8 @@ class VariableProxy final : public Expression { using IsRemovedFromUnresolvedField = IsResolvedField::Next; using IsNewTargetField = IsRemovedFromUnresolvedField::Next; using IsHomeObjectField = IsNewTargetField::Next; - using HoleCheckModeField = IsHomeObjectField::Next; + using IsInsideTryCatchField = IsHomeObjectField::Next; + using HoleCheckModeField = IsInsideTryCatchField::Next; union { const AstRawString* raw_name_; // if !is_resolved_ @@ -2176,7 +2225,7 @@ class Assignment : public Expression { // The assignment was generated as part of block-scoped sloppy-mode // function hoisting, see - // ES#sec-block-level-function-declarations-web-legacy-compatibility-semantics + // https://tc39.es/ecma262/#sec-block-level-function-declarations-web-legacy-compatibility-semantics LookupHoistingMode lookup_hoisting_mode() const { return static_cast( LookupHoistingModeField::decode(bit_field_)); @@ -2780,7 +2829,7 @@ class ClassLiteral final : public Expression { class NativeFunctionLiteral final : public Expression { public: - DirectHandle name() const { return name_->string(); } + DirectHandle name() const { return name_->string(); } const AstRawString* raw_name() const { return name_; } v8::Extension* extension() const { return extension_; } @@ -2880,7 +2929,7 @@ class EmptyParentheses final : public Expression { }; // Represents the spec operation `GetTemplateObject(templateLiteral)` -// (defined at https://tc39.github.io/ecma262/#sec-gettemplateobject). +// (defined at https://tc39.es/ecma262/#sec-gettemplateobject). class GetTemplateObject final : public Expression { public: const ZonePtrList* cooked_strings() const { diff --git a/deps/v8/src/ast/prettyprinter.cc b/deps/v8/src/ast/prettyprinter.cc index b3be1e57d2bc88..3ee7cf3fd0973a 100644 --- a/deps/v8/src/ast/prettyprinter.cc +++ b/deps/v8/src/ast/prettyprinter.cc @@ -6,6 +6,9 @@ #include +#include +#include + #include "src/ast/ast-value-factory.h" #include "src/ast/scopes.h" #include "src/base/strings.h" @@ -1281,30 +1284,38 @@ void AstPrinter::PrintObjectProperties( ObjectLiteral::Property* property = properties->at(i); const char* prop_kind = nullptr; switch (property->kind()) { - case ObjectLiteral::Property::CONSTANT: - prop_kind = "CONSTANT"; - break; - case ObjectLiteral::Property::COMPUTED: - prop_kind = "COMPUTED"; - break; - case ObjectLiteral::Property::MATERIALIZED_LITERAL: - prop_kind = "MATERIALIZED_LITERAL"; - break; - case ObjectLiteral::Property::PROTOTYPE: - prop_kind = "PROTOTYPE"; - break; - case ObjectLiteral::Property::GETTER: - prop_kind = "GETTER"; - break; - case ObjectLiteral::Property::SETTER: - prop_kind = "SETTER"; - break; - case ObjectLiteral::Property::SPREAD: - prop_kind = "SPREAD"; - break; +#define CASE(kind) \ + case ObjectLiteral::Property::kind: \ + prop_kind = #kind; \ + break; + OBJECT_LITERAL_PROPERTY_KIND_LIST(CASE) +#undef CASE + } + + // Calculate the max print size for the buffer. + constexpr size_t kMaxKindLen = std::max({ +#define KIND_LEN(kind) std::string_view(#kind).size(), + OBJECT_LITERAL_PROPERTY_KIND_LIST(KIND_LEN) +#undef KIND_LEN + }); + constexpr int kMaxIntLen = 11; + constexpr int kPrintMaxLen = static_cast( + std::string_view("PROPERTY - ").size() + kMaxKindLen + + std::string_view(" (no emit store, first instance, last at )").size() + + kMaxIntLen + 1); + + base::EmbeddedVector buf; + int pos = SNPrintF(buf, "PROPERTY - %s", prop_kind); + if (!property->emit_store()) { + if (property->is_first_instance_of_key()) { + pos += + SNPrintF(buf + pos, " (no emit store, first instance, last at %d)", + property->last_instance_index()); + } else { + pos += SNPrintF(buf + pos, " (no emit store)"); + } } - base::EmbeddedVector buf; - SNPrintF(buf, "PROPERTY - %s", prop_kind); + IndentedScope prop(this, buf.begin()); PrintIndentedVisit("KEY", properties->at(i)->key()); PrintIndentedVisit("VALUE", properties->at(i)->value()); diff --git a/deps/v8/src/ast/scopes.cc b/deps/v8/src/ast/scopes.cc index f7cc25027cf177..d6a4533a20fe2d 100644 --- a/deps/v8/src/ast/scopes.cc +++ b/deps/v8/src/ast/scopes.cc @@ -223,7 +223,7 @@ ClassScope::ClassScope(IsolateT* isolate, Zone* zone, DCHECK_EQ(scope_info->ContextLocalInitFlag(index), InitializationFlag::kNeedsInitialization); DCHECK_EQ(scope_info->ContextLocalMaybeAssignedFlag(index), - MaybeAssignedFlag::kMaybeAssigned); + MaybeAssignedFlag::kNotAssigned); Variable* var = DeclareClassVariable( ast_value_factory, ast_value_factory->GetString(name, @@ -276,6 +276,7 @@ Scope::Scope(Zone* zone, ScopeType scope_type, } } set_has_context_cells(scope_info->HasContextCells()); + set_is_hoisted_in_context(scope_info->is_hoisted_in_context()); } DeclarationScope::DeclarationScope(Zone* zone, ScopeType scope_type, @@ -427,40 +428,68 @@ bool Scope::is_debug_evaluate_scope() const { } template -Scope* Scope::DeserializeScopeChain(IsolateT* isolate, Zone* zone, - Tagged scope_info, - DeclarationScope* script_scope, - AstValueFactory* ast_value_factory, - DeserializationMode deserialization_mode, - ParseInfo* parse_info) { +Scope* Scope::DeserializeScopeChain( + IsolateT* isolate, Zone* zone, Tagged scope_info, + DeclarationScope* script_scope, AstValueFactory* ast_value_factory, + DeserializationMode deserialization_mode, Tagged