deps: patch V8 to 7.4.288.27

Refs: v8/v8@7.4.288.21...7.4.288.27

PR-URL: #27615
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Rich Trott <[email protected]>

Author: mmarchini

deps/v8/include/v8-version.h

@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 7
 #define V8_MINOR_VERSION 4
 #define V8_BUILD_NUMBER 288
-#define V8_PATCH_LEVEL 21
+#define V8_PATCH_LEVEL 27
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)

deps/v8/src/api.cc

@@ -8538,7 +8538,8 @@ void Isolate::EnqueueMicrotask(Local<Function> v8_function) {
   if (!i::JSReceiver::GetContextForMicrotask(function).ToHandle(
           &handler_context))
     handler_context = isolate->native_context();
-  handler_context->microtask_queue()->EnqueueMicrotask(this, v8_function);
+  MicrotaskQueue* microtask_queue = handler_context->microtask_queue();
+  if (microtask_queue) microtask_queue->EnqueueMicrotask(this, v8_function);
 }
 
 void Isolate::EnqueueMicrotask(MicrotaskCallback callback, void* data) {

deps/v8/src/arm64/assembler-arm64.cc

@@ -109,14 +109,9 @@ CPURegList CPURegList::GetCalleeSavedV(int size) {
 
 
 CPURegList CPURegList::GetCallerSaved(int size) {
-#if defined(V8_OS_WIN)
-  // x18 is reserved as platform register on Windows arm64.
+  // x18 is the platform register and is reserved for the use of platform ABIs.
   // Registers x0-x17 and lr (x30) are caller-saved.
   CPURegList list = CPURegList(CPURegister::kRegister, size, 0, 17);
-#else
-  // Registers x0-x18 and lr (x30) are caller-saved.
-  CPURegList list = CPURegList(CPURegister::kRegister, size, 0, 18);
-#endif
   list.Combine(lr);
   return list;
 }
@@ -149,13 +144,7 @@ CPURegList CPURegList::GetSafepointSavedRegisters() {
   list.Remove(16);
   list.Remove(17);
 
-// Don't add x18 to safepoint list on Windows arm64 because it is reserved
-// as platform register.
-#if !defined(V8_OS_WIN)
-  // Add x18 to the safepoint list, as although it's not in kJSCallerSaved, it
-  // is a caller-saved register according to the procedure call standard.
-  list.Combine(18);
-#endif
+  // x18 is the platform register and is reserved for the use of platform ABIs.
 
   // Add the link register (x30) to the safepoint list.
   list.Combine(30);

deps/v8/src/arm64/deoptimizer-arm64.cc

@@ -55,6 +55,12 @@ void CopyRegListToFrame(MacroAssembler* masm, const Register& dst,
   masm->Sub(dst, dst, dst_offset);
 }
 
+// TODO(jgruber): There's a hack here to explicitly skip restoration of the
+// so-called 'arm64 platform register' x18. The register may be in use by the
+// OS, thus we should not clobber it. Instead of this hack, it would be nicer
+// not to add x18 to the list of saved registers in the first place. The
+// complication here is that we require `reg_list.Count() % 2 == 0` in multiple
+// spots.
 void RestoreRegList(MacroAssembler* masm, const CPURegList& reg_list,
                     const Register& src_base, int src_offset) {
   DCHECK_EQ(reg_list.Count() % 2, 0);
@@ -68,23 +74,19 @@ void RestoreRegList(MacroAssembler* masm, const CPURegList& reg_list,
   Register src = temps.AcquireX();
   masm->Add(src, src_base, src_offset);
 
-#if defined(V8_OS_WIN)
-  // x18 is reserved as platform register on Windows.
+  // x18 is the platform register and is reserved for the use of platform ABIs.
   restore_list.Remove(x18);
-#endif
 
   // Restore every register in restore_list from src.
   while (!restore_list.IsEmpty()) {
     CPURegister reg0 = restore_list.PopLowestIndex();
     CPURegister reg1 = restore_list.PopLowestIndex();
     int offset0 = reg0.code() * reg_size;
 
-#if defined(V8_OS_WIN)
     if (reg1 == NoCPUReg) {
       masm->Ldr(reg0, MemOperand(src, offset0));
       break;
     }
-#endif
 
     int offset1 = reg1.code() * reg_size;
 

deps/v8/src/arm64/macro-assembler-arm64.cc

@@ -48,20 +48,15 @@ int TurboAssembler::RequiredStackSizeForCallerSaved(SaveFPRegsMode fp_mode,
   // However, we leave it in the argument list to mirror the prototype for
   // Push/PopCallerSaved().
 
-#if defined(V8_OS_WIN)
-  // X18 is excluded from caller-saved register list on Windows ARM64 which
-  // makes caller-saved registers in odd number. padreg is used accordingly
-  // to maintain the alignment.
+  // X18 is excluded from caller-saved register list on ARM64 which makes
+  // caller-saved registers in odd number. padreg is used accordingly to
+  // maintain the alignment.
   DCHECK_EQ(list.Count() % 2, 1);
   if (exclusion.Is(no_reg)) {
     bytes += kXRegSizeInBits / 8;
   } else {
     bytes -= kXRegSizeInBits / 8;
   }
-#else
-  DCHECK_EQ(list.Count() % 2, 0);
-  USE(exclusion);
-#endif
 
   bytes += list.Count() * kXRegSizeInBits / 8;
 
@@ -77,21 +72,13 @@ int TurboAssembler::PushCallerSaved(SaveFPRegsMode fp_mode,
   int bytes = 0;
   auto list = kCallerSaved;
 
-#if defined(V8_OS_WIN)
-  // X18 is excluded from caller-saved register list on Windows ARM64, use
-  // padreg accordingly to maintain alignment.
+  // X18 is excluded from caller-saved register list on ARM64, use padreg
+  // accordingly to maintain alignment.
   if (!exclusion.Is(no_reg)) {
     list.Remove(exclusion);
   } else {
     list.Combine(padreg);
   }
-#else
-  if (!exclusion.Is(no_reg)) {
-    // Replace the excluded register with padding to maintain alignment.
-    list.Remove(exclusion);
-    list.Combine(padreg);
-  }
-#endif
 
   DCHECK_EQ(list.Count() % 2, 0);
   PushCPURegList(list);
@@ -115,21 +102,13 @@ int TurboAssembler::PopCallerSaved(SaveFPRegsMode fp_mode, Register exclusion) {
 
   auto list = kCallerSaved;
 
-#if defined(V8_OS_WIN)
-  // X18 is excluded from caller-saved register list on Windows ARM64, use
-  // padreg accordingly to maintain alignment.
+  // X18 is excluded from caller-saved register list on ARM64, use padreg
+  // accordingly to maintain alignment.
   if (!exclusion.Is(no_reg)) {
     list.Remove(exclusion);
   } else {
     list.Combine(padreg);
   }
-#else
-  if (!exclusion.Is(no_reg)) {
-    // Replace the excluded register with padding to maintain alignment.
-    list.Remove(exclusion);
-    list.Combine(padreg);
-  }
-#endif
 
   DCHECK_EQ(list.Count() % 2, 0);
   PopCPURegList(list);
@@ -3389,14 +3368,20 @@ void MacroAssembler::Printf(const char * format,
   TmpList()->set_list(0);
   FPTmpList()->set_list(0);
 
+  // x18 is the platform register and is reserved for the use of platform ABIs.
+  // It is not part of the kCallerSaved list, but we add it here anyway to
+  // ensure `reg_list.Count() % 2 == 0` which is required in multiple spots.
+  CPURegList saved_registers = kCallerSaved;
+  saved_registers.Combine(x18.code());
+
   // Preserve all caller-saved registers as well as NZCV.
   // PushCPURegList asserts that the size of each list is a multiple of 16
   // bytes.
-  PushCPURegList(kCallerSaved);
+  PushCPURegList(saved_registers);
   PushCPURegList(kCallerSavedV);
 
   // We can use caller-saved registers as scratch values (except for argN).
-  CPURegList tmp_list = kCallerSaved;
+  CPURegList tmp_list = saved_registers;
   CPURegList fp_tmp_list = kCallerSavedV;
   tmp_list.Remove(arg0, arg1, arg2, arg3);
   fp_tmp_list.Remove(arg0, arg1, arg2, arg3);
@@ -3416,7 +3401,8 @@ void MacroAssembler::Printf(const char * format,
       // to PrintfNoPreserve as an argument.
       Register arg_sp = temps.AcquireX();
       Add(arg_sp, sp,
-          kCallerSaved.TotalSizeInBytes() + kCallerSavedV.TotalSizeInBytes());
+          saved_registers.TotalSizeInBytes() +
+              kCallerSavedV.TotalSizeInBytes());
       if (arg0_sp) arg0 = Register::Create(arg_sp.code(), arg0.SizeInBits());
       if (arg1_sp) arg1 = Register::Create(arg_sp.code(), arg1.SizeInBits());
       if (arg2_sp) arg2 = Register::Create(arg_sp.code(), arg2.SizeInBits());
@@ -3441,7 +3427,7 @@ void MacroAssembler::Printf(const char * format,
   }
 
   PopCPURegList(kCallerSavedV);
-  PopCPURegList(kCallerSaved);
+  PopCPURegList(saved_registers);
 
   TmpList()->set_list(old_tmp_list);
   FPTmpList()->set_list(old_fp_tmp_list);

deps/v8/src/arm64/register-arm64.h

@@ -28,20 +28,13 @@ namespace internal {
   R(x16) R(x17) R(x18) R(x19) R(x20) R(x21) R(x22) R(x23) \
   R(x24) R(x25) R(x26) R(x27) R(x28) R(x29) R(x30) R(x31)
 
-#if defined(V8_OS_WIN)
-// x18 is reserved as platform register on Windows ARM64.
+// x18 is the platform register and is reserved for the use of platform ABIs.
+// It is known to be reserved by the OS at least on Windows and iOS.
 #define ALLOCATABLE_GENERAL_REGISTERS(R)                  \
   R(x0)  R(x1)  R(x2)  R(x3)  R(x4)  R(x5)  R(x6)  R(x7)  \
   R(x8)  R(x9)  R(x10) R(x11) R(x12) R(x13) R(x14) R(x15) \
          R(x19) R(x20) R(x21) R(x22) R(x23) R(x24) R(x25) \
   R(x27) R(x28)
-#else
-#define ALLOCATABLE_GENERAL_REGISTERS(R)                  \
-  R(x0)  R(x1)  R(x2)  R(x3)  R(x4)  R(x5)  R(x6)  R(x7)  \
-  R(x8)  R(x9)  R(x10) R(x11) R(x12) R(x13) R(x14) R(x15) \
-  R(x18) R(x19) R(x20) R(x21) R(x22) R(x23) R(x24) R(x25) \
-  R(x27) R(x28)
-#endif
 
 #define FLOAT_REGISTERS(V)                                \
   V(s0)  V(s1)  V(s2)  V(s3)  V(s4)  V(s5)  V(s6)  V(s7)  \
@@ -728,12 +721,7 @@ constexpr Register kJSFunctionRegister = x1;
 constexpr Register kContextRegister = cp;
 constexpr Register kAllocateSizeRegister = x1;
 
-#if defined(V8_OS_WIN)
-// x18 is reserved as platform register on Windows ARM64.
 constexpr Register kSpeculationPoisonRegister = x23;
-#else
-constexpr Register kSpeculationPoisonRegister = x18;
-#endif
 
 constexpr Register kInterpreterAccumulatorRegister = x0;
 constexpr Register kInterpreterBytecodeOffsetRegister = x19;

deps/v8/src/builtins/arm64/builtins-arm64.cc

@@ -1278,15 +1278,9 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) {
   __ Mov(
       kInterpreterDispatchTableRegister,
       ExternalReference::interpreter_dispatch_table_address(masm->isolate()));
-#if defined(V8_OS_WIN)
   __ Ldrb(x23, MemOperand(kInterpreterBytecodeArrayRegister,
                           kInterpreterBytecodeOffsetRegister));
   __ Mov(x1, Operand(x23, LSL, kSystemPointerSizeLog2));
-#else
-  __ Ldrb(x18, MemOperand(kInterpreterBytecodeArrayRegister,
-                          kInterpreterBytecodeOffsetRegister));
-  __ Mov(x1, Operand(x18, LSL, kSystemPointerSizeLog2));
-#endif
   __ Ldr(kJavaScriptCallCodeStartRegister,
          MemOperand(kInterpreterDispatchTableRegister, x1));
   __ Call(kJavaScriptCallCodeStartRegister);
@@ -1531,15 +1525,9 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ SmiUntag(kInterpreterBytecodeOffsetRegister);
 
   // Dispatch to the target bytecode.
-#if defined(V8_OS_WIN)
   __ Ldrb(x23, MemOperand(kInterpreterBytecodeArrayRegister,
                           kInterpreterBytecodeOffsetRegister));
   __ Mov(x1, Operand(x23, LSL, kSystemPointerSizeLog2));
-#else
-  __ Ldrb(x18, MemOperand(kInterpreterBytecodeArrayRegister,
-                          kInterpreterBytecodeOffsetRegister));
-  __ Mov(x1, Operand(x18, LSL, kSystemPointerSizeLog2));
-#endif
   __ Ldr(kJavaScriptCallCodeStartRegister,
          MemOperand(kInterpreterDispatchTableRegister, x1));
   __ Jump(kJavaScriptCallCodeStartRegister);

deps/v8/src/compiler/access-info.cc

@@ -327,6 +327,14 @@ bool AccessInfoFactory::ComputeDataFieldAccessInfo(
   PropertyDetails const details = descriptors->GetDetails(number);
   int index = descriptors->GetFieldIndex(number);
   Representation details_representation = details.representation();
+  if (details_representation.IsNone()) {
+    // The ICs collect feedback in PREMONOMORPHIC state already,
+    // but at this point the {receiver_map} might still contain
+    // fields for which the representation has not yet been
+    // determined by the runtime. So we need to catch this case
+    // here and fall back to use the regular IC logic instead.
+    return false;
+  }
   FieldIndex field_index =
       FieldIndex::ForPropertyIndex(*map, index, details_representation);
   Type field_type = Type::NonInternal();

deps/v8/src/compiler/int64-lowering.cc

@@ -119,6 +119,7 @@ int GetReturnCountAfterLowering(Signature<MachineRepresentation>* signature) {
 
 void Int64Lowering::LowerWord64AtomicBinop(Node* node, const Operator* op) {
   DCHECK_EQ(5, node->InputCount());
+  LowerMemoryBaseAndIndex(node);
   Node* value = node->InputAt(2);
   node->ReplaceInput(2, GetReplacementLow(value));
   node->InsertInput(zone(), 3, GetReplacementHigh(value));
@@ -143,9 +144,6 @@ int Int64Lowering::GetParameterCountAfterLowering(
 
 void Int64Lowering::GetIndexNodes(Node* index, Node*& index_low,
                                   Node*& index_high) {
-  if (HasReplacementLow(index)) {
-    index = GetReplacementLow(index);
-  }
 #if defined(V8_TARGET_LITTLE_ENDIAN)
   index_low = index;
   index_high = graph()->NewNode(machine()->Int32Add(), index,
@@ -179,6 +177,7 @@ void Int64Lowering::LowerNode(Node* node) {
       }
 
       if (rep == MachineRepresentation::kWord64) {
+        LowerMemoryBaseAndIndex(node);
         Node* base = node->InputAt(0);
         Node* index = node->InputAt(1);
         Node* index_low;
@@ -228,6 +227,7 @@ void Int64Lowering::LowerNode(Node* node) {
         // a new store node to store the high word. The effect and control edges
         // are copied from the original store to the new store node, the effect
         // edge of the original store is redirected to the new store.
+        LowerMemoryBaseAndIndex(node);
         Node* base = node->InputAt(0);
         Node* index = node->InputAt(1);
         Node* index_low;
@@ -900,6 +900,7 @@ void Int64Lowering::LowerNode(Node* node) {
       DCHECK_EQ(5, node->InputCount());
       MachineRepresentation rep = AtomicStoreRepresentationOf(node->op());
       if (rep == MachineRepresentation::kWord64) {
+        LowerMemoryBaseAndIndex(node);
         Node* value = node->InputAt(2);
         node->ReplaceInput(2, GetReplacementLow(value));
         node->InsertInput(zone(), 3, GetReplacementHigh(value));
@@ -930,6 +931,7 @@ void Int64Lowering::LowerNode(Node* node) {
     case IrOpcode::kWord64AtomicCompareExchange: {
       MachineType type = AtomicOpType(node->op());
       if (type == MachineType::Uint64()) {
+        LowerMemoryBaseAndIndex(node);
         Node* old_value = node->InputAt(2);
         Node* new_value = node->InputAt(3);
         node->ReplaceInput(2, GetReplacementLow(old_value));
@@ -1051,6 +1053,19 @@ void Int64Lowering::ReplaceNodeWithProjections(Node* node) {
   ReplaceNode(node, low_node, high_node);
 }
 
+void Int64Lowering::LowerMemoryBaseAndIndex(Node* node) {
+  DCHECK(node != nullptr);
+  // Low word only replacements for memory operands for 32-bit address space.
+  Node* base = node->InputAt(0);
+  Node* index = node->InputAt(1);
+  if (HasReplacementLow(base)) {
+    node->ReplaceInput(0, GetReplacementLow(base));
+  }
+  if (HasReplacementLow(index)) {
+    node->ReplaceInput(1, GetReplacementLow(index));
+  }
+}
+
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8

deps/v8/src/compiler/int64-lowering.h

@@ -61,6 +61,7 @@ class V8_EXPORT_PRIVATE Int64Lowering {
   void PreparePhiReplacement(Node* phi);
   void GetIndexNodes(Node* index, Node*& index_low, Node*& index_high);
   void ReplaceNodeWithProjections(Node* node);
+  void LowerMemoryBaseAndIndex(Node* node);
 
   struct NodeState {
     Node* node;

deps/v8/src/conversions-inl.h

@@ -59,9 +59,24 @@ inline unsigned int FastD2UI(double x) {
 
 
 inline float DoubleToFloat32(double x) {
-  typedef std::numeric_limits<float> limits;
-  if (x > limits::max()) return limits::infinity();
-  if (x < limits::lowest()) return -limits::infinity();
+  using limits = std::numeric_limits<float>;
+  if (x > limits::max()) {
+    // kRoundingThreshold is the maximum double that rounds down to
+    // the maximum representable float. Its mantissa bits are:
+    // 1111111111111111111111101111111111111111111111111111
+    // [<--- float range --->]
+    // Note the zero-bit right after the float mantissa range, which
+    // determines the rounding-down.
+    static const double kRoundingThreshold = 3.4028235677973362e+38;
+    if (x <= kRoundingThreshold) return limits::max();
+    return limits::infinity();
+  }
+  if (x < limits::lowest()) {
+    // Same as above, mirrored to negative numbers.
+    static const double kRoundingThreshold = -3.4028235677973362e+38;
+    if (x >= kRoundingThreshold) return limits::lowest();
+    return -limits::infinity();
+  }
   return static_cast<float>(x);
 }