Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit bf22f41

Browse filesBrowse files
MylesBorinsMylesBorins
committed
deps: patch V8 to 6.6.346.27
PR-URL: #20480 Refs: v8/v8@6.6.346.24...6.6.346.27 Reviewed-By: Khaidi Chu <i@2333.moe> Reviewed-By: Michaël Zasso <targos@protonmail.com>
1 parent f604c04 commit bf22f41
Copy full SHA for bf22f41

File tree

Expand file treeCollapse file tree

6 files changed

+105
-46
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

6 files changed

+105
-46
lines changed
Open diff view settings
Collapse file

‎deps/v8/include/v8-version.h‎

Copy file name to clipboardExpand all lines: deps/v8/include/v8-version.h
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
#define V8_MAJOR_VERSION 6
1212
#define V8_MINOR_VERSION 6
1313
#define V8_BUILD_NUMBER 346
14-
#define V8_PATCH_LEVEL 24
14+
#define V8_PATCH_LEVEL 27
1515

1616
// Use 1 for candidates and 0 otherwise.
1717
// (Boolean macro values are not supported by all preprocessors.)
Collapse file

‎deps/v8/src/keys.cc‎

Copy file name to clipboardExpand all lines: deps/v8/src/keys.cc
+8-1Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,14 @@ void KeyAccumulator::AddKey(Handle<Object> key, AddKeyConversion convert) {
7777
Handle<String>::cast(key)->AsArrayIndex(&index)) {
7878
key = isolate_->factory()->NewNumberFromUint(index);
7979
}
80-
keys_ = OrderedHashSet::Add(keys(), key);
80+
Handle<OrderedHashSet> new_set = OrderedHashSet::Add(keys(), key);
81+
if (*new_set != *keys_) {
82+
// The keys_ Set is converted directly to a FixedArray in GetKeys which can
83+
// be left-trimmer. Hence the previous Set should not keep a pointer to the
84+
// new one.
85+
keys_->set(OrderedHashTableBase::kNextTableIndex, Smi::kZero);
86+
keys_ = new_set;
87+
}
8188
}
8289

8390
void KeyAccumulator::AddKeys(Handle<FixedArray> array,
Collapse file

‎deps/v8/src/wasm/wasm-js.cc‎

Copy file name to clipboardExpand all lines: deps/v8/src/wasm/wasm-js.cc
+43-44Lines changed: 43 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -330,42 +330,30 @@ MaybeLocal<Value> WebAssemblyInstantiateImpl(Isolate* isolate,
330330
i::MaybeHandle<i::Object> instance_object;
331331
{
332332
ScheduledErrorThrower thrower(i_isolate, "WebAssembly Instantiation");
333+
334+
// TODO(ahaas): These checks on the module should not be necessary here They
335+
// are just a workaround for https://crbug.com/837417.
336+
i::Handle<i::Object> module_obj = Utils::OpenHandle(*module);
337+
if (!module_obj->IsWasmModuleObject()) {
338+
thrower.TypeError("Argument 0 must be a WebAssembly.Module object");
339+
return {};
340+
}
341+
333342
i::MaybeHandle<i::JSReceiver> maybe_imports =
334343
GetValueAsImports(ffi, &thrower);
335344
if (thrower.error()) return {};
336345

337-
i::Handle<i::WasmModuleObject> module_obj =
338-
i::Handle<i::WasmModuleObject>::cast(
339-
Utils::OpenHandle(Object::Cast(*module)));
340346
instance_object = i_isolate->wasm_engine()->SyncInstantiate(
341-
i_isolate, &thrower, module_obj, maybe_imports,
342-
i::MaybeHandle<i::JSArrayBuffer>());
347+
i_isolate, &thrower, i::Handle<i::WasmModuleObject>::cast(module_obj),
348+
maybe_imports, i::MaybeHandle<i::JSArrayBuffer>());
343349
}
344350

345351
DCHECK_EQ(instance_object.is_null(), i_isolate->has_scheduled_exception());
346352
if (instance_object.is_null()) return {};
347353
return Utils::ToLocal(instance_object.ToHandleChecked());
348354
}
349355

350-
// Entered as internal implementation detail of sync and async instantiate.
351-
// args[0] *must* be a WebAssembly.Module.
352-
void WebAssemblyInstantiateImplCallback(
353-
const v8::FunctionCallbackInfo<v8::Value>& args) {
354-
DCHECK_GE(args.Length(), 1);
355-
v8::Isolate* isolate = args.GetIsolate();
356-
MicrotasksScope does_not_run_microtasks(isolate,
357-
MicrotasksScope::kDoNotRunMicrotasks);
358-
359-
HandleScope scope(args.GetIsolate());
360-
Local<Value> module = args[0];
361-
Local<Value> ffi = args.Data();
362-
Local<Value> instance;
363-
if (WebAssemblyInstantiateImpl(isolate, module, ffi).ToLocal(&instance)) {
364-
args.GetReturnValue().Set(instance);
365-
}
366-
}
367-
368-
void WebAssemblyInstantiateToPairCallback(
356+
void WebAssemblyInstantiateCallback(
369357
const v8::FunctionCallbackInfo<v8::Value>& args) {
370358
DCHECK_GE(args.Length(), 1);
371359
Isolate* isolate = args.GetIsolate();
@@ -454,7 +442,7 @@ void WebAssemblyInstantiateStreaming(
454442
DCHECK(!module_promise.IsEmpty());
455443
Local<Value> data = args[1];
456444
ASSIGN(Function, instantiate_impl,
457-
Function::New(context, WebAssemblyInstantiateToPairCallback, data));
445+
Function::New(context, WebAssemblyInstantiateCallback, data));
458446
ASSIGN(Promise, result, module_promise->Then(context, instantiate_impl));
459447
args.GetReturnValue().Set(result);
460448
}
@@ -476,10 +464,12 @@ void WebAssemblyInstantiate(const v8::FunctionCallbackInfo<v8::Value>& args) {
476464
Local<Context> context = isolate->GetCurrentContext();
477465

478466
ASSIGN(Promise::Resolver, resolver, Promise::Resolver::New(context));
479-
Local<Promise> module_promise = resolver->GetPromise();
480-
args.GetReturnValue().Set(module_promise);
467+
Local<Promise> promise = resolver->GetPromise();
468+
args.GetReturnValue().Set(promise);
481469

482470
Local<Value> first_arg_value = args[0];
471+
// If args.Length < 2, this will be undefined - see FunctionCallbackInfo.
472+
Local<Value> ffi = args[1];
483473
i::Handle<i::Object> first_arg = Utils::OpenHandle(*first_arg_value);
484474
if (!first_arg->IsJSObject()) {
485475
thrower.TypeError(
@@ -490,26 +480,35 @@ void WebAssemblyInstantiate(const v8::FunctionCallbackInfo<v8::Value>& args) {
490480
return;
491481
}
492482

493-
FunctionCallback instantiator = nullptr;
494483
if (first_arg->IsWasmModuleObject()) {
495-
module_promise = resolver->GetPromise();
496-
if (!resolver->Resolve(context, first_arg_value).IsJust()) return;
497-
instantiator = WebAssemblyInstantiateImplCallback;
498-
} else {
499-
ASSIGN(Function, async_compile, Function::New(context, WebAssemblyCompile));
500-
ASSIGN(Value, async_compile_retval,
501-
async_compile->Call(context, args.Holder(), 1, &first_arg_value));
502-
module_promise = Local<Promise>::Cast(async_compile_retval);
503-
instantiator = WebAssemblyInstantiateToPairCallback;
484+
i::Handle<i::WasmModuleObject> module_obj =
485+
i::Handle<i::WasmModuleObject>::cast(first_arg);
486+
// If args.Length < 2, this will be undefined - see FunctionCallbackInfo.
487+
i::MaybeHandle<i::JSReceiver> maybe_imports =
488+
GetValueAsImports(ffi, &thrower);
489+
490+
if (thrower.error()) {
491+
auto maybe = resolver->Reject(context, Utils::ToLocal(thrower.Reify()));
492+
CHECK_IMPLIES(!maybe.FromMaybe(false),
493+
i_isolate->has_scheduled_exception());
494+
return;
495+
}
496+
497+
i_isolate->wasm_engine()->AsyncInstantiate(
498+
i_isolate, Utils::OpenHandle(*promise), module_obj, maybe_imports);
499+
return;
504500
}
505-
DCHECK(!module_promise.IsEmpty());
506-
DCHECK_NOT_NULL(instantiator);
507-
// If args.Length < 2, this will be undefined - see FunctionCallbackInfo.
508-
// We'll check for that in WebAssemblyInstantiateImpl.
509-
Local<Value> data = args[1];
501+
502+
// We did not get a WasmModuleObject as input, we first have to compile the
503+
// input.
504+
ASSIGN(Function, async_compile, Function::New(context, WebAssemblyCompile));
505+
ASSIGN(Value, async_compile_retval,
506+
async_compile->Call(context, args.Holder(), 1, &first_arg_value));
507+
promise = Local<Promise>::Cast(async_compile_retval);
508+
DCHECK(!promise.IsEmpty());
510509
ASSIGN(Function, instantiate_impl,
511-
Function::New(context, instantiator, data));
512-
ASSIGN(Promise, result, module_promise->Then(context, instantiate_impl));
510+
Function::New(context, WebAssemblyInstantiateCallback, ffi));
511+
ASSIGN(Promise, result, promise->Then(context, instantiate_impl));
513512
args.GetReturnValue().Set(result);
514513
}
515514

Collapse file

‎deps/v8/test/mjsunit/regress/regress-crbug-831984.js‎

Copy file name to clipboard
+10Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
// Copyright 2018 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
6+
let arr = [...Array(9000)];
7+
for (let j = 0; j < 40; j++) {
8+
Reflect.ownKeys(arr).shift();
9+
Array(64386);
10+
}
Collapse file

‎deps/v8/test/mjsunit/regress/wasm/regress-836141.js‎

Copy file name to clipboard
+20Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
// Copyright 2018 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
load('test/mjsunit/wasm/wasm-constants.js');
6+
load('test/mjsunit/wasm/wasm-module-builder.js');
7+
8+
const builder = new WasmModuleBuilder();
9+
builder.addMemory(16, 32);
10+
builder.addFunction("test", kSig_i_v).addBody([
11+
kExprI32Const, 12, // i32.const 0
12+
]);
13+
14+
let module = new WebAssembly.Module(builder.toBuffer());
15+
module.then = () => {
16+
// Use setTimeout to get out of the promise chain.
17+
setTimeout(assertUnreachable);
18+
};
19+
20+
WebAssembly.instantiate(module);
Collapse file

‎deps/v8/test/mjsunit/regress/wasm/regress-837417.js‎

Copy file name to clipboard
+23Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
// Copyright 2018 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
load('test/mjsunit/wasm/wasm-constants.js');
6+
load('test/mjsunit/wasm/wasm-module-builder.js');
7+
8+
const builder = new WasmModuleBuilder();
9+
builder.addMemory(16, 32);
10+
builder.addFunction("test", kSig_i_v).addBody([
11+
kExprI32Const, 12, // i32.const 0
12+
]);
13+
14+
WebAssembly.Module.prototype.then = resolve => resolve(
15+
String.fromCharCode(null, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41));
16+
17+
// WebAssembly.instantiate should not actually throw a TypeError in this case.
18+
// However, this is a workaround for
19+
assertPromiseResult(
20+
WebAssembly.instantiate(builder.toBuffer()), assertUnreachable,
21+
exception => {
22+
assertInstanceof(exception, TypeError);
23+
});

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.