From 8402a9c16c9bd7a3ebda71e0d188f8eb49790350 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Thu, 14 Apr 2022 17:45:01 +0200
Subject: [PATCH] deps: patch V8 to 10.1.124.8

Refs: https://github.com/v8/v8/compare/10.1.124.6...10.1.124.8

PR-URL: https://github.com/nodejs/node/pull/42730
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
---
 deps/v8/include/v8-version.h                  |  2 +-
 deps/v8/src/compiler/escape-analysis.cc       | 25 +++++++++++-
 deps/v8/src/wasm/baseline/liftoff-compiler.cc | 39 ++++++++++++-------
 3 files changed, 49 insertions(+), 17 deletions(-)

diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h
index 4e3fa99ea67917..4312c9ff8b01a3 100644
--- a/deps/v8/include/v8-version.h
+++ b/deps/v8/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 10
 #define V8_MINOR_VERSION 1
 #define V8_BUILD_NUMBER 124
-#define V8_PATCH_LEVEL 6
+#define V8_PATCH_LEVEL 8
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
diff --git a/deps/v8/src/compiler/escape-analysis.cc b/deps/v8/src/compiler/escape-analysis.cc
index bf693c71dc670f..fe8126f9638e77 100644
--- a/deps/v8/src/compiler/escape-analysis.cc
+++ b/deps/v8/src/compiler/escape-analysis.cc
@@ -5,10 +5,12 @@
 #include "src/compiler/escape-analysis.h"
 
 #include "src/codegen/tick-counter.h"
+#include "src/compiler/frame-states.h"
 #include "src/compiler/linkage.h"
 #include "src/compiler/node-matchers.h"
 #include "src/compiler/operator-properties.h"
 #include "src/compiler/simplified-operator.h"
+#include "src/compiler/state-values-utils.h"
 #include "src/handles/handles-inl.h"
 #include "src/init/bootstrapper.h"
 #include "src/objects/map-inl.h"
@@ -224,6 +226,11 @@ class EscapeAnalysisTracker : public ZoneObject {
       return tracker_->ResolveReplacement(
           NodeProperties::GetContextInput(current_node()));
     }
+    // Accessing the current node is fine for `FrameState nodes.
+    Node* CurrentNode() {
+      DCHECK_EQ(current_node()->opcode(), IrOpcode::kFrameState);
+      return current_node();
+    }
 
     void SetReplacement(Node* replacement) {
       replacement_ = replacement;
@@ -799,9 +806,25 @@ void ReduceNode(const Operator* op, EscapeAnalysisTracker::Scope* current,
       break;
     }
     case IrOpcode::kStateValues:
-    case IrOpcode::kFrameState:
       // These uses are always safe.
       break;
+    case IrOpcode::kFrameState: {
+      // We mark the receiver as escaping due to the non-standard `.getThis`
+      // API.
+      FrameState frame_state{current->CurrentNode()};
+      if (frame_state.frame_state_info().type() !=
+          FrameStateType::kUnoptimizedFunction)
+        break;
+      StateValuesAccess::iterator it =
+          StateValuesAccess(frame_state.parameters()).begin();
+      if (!it.done()) {
+        if (Node* receiver = it.node()) {
+          current->SetEscaped(receiver);
+        }
+        current->SetEscaped(frame_state.function());
+      }
+      break;
+    }
     default: {
       // For unknown nodes, treat all value inputs as escaping.
       int value_input_count = op->ValueInputCount();
diff --git a/deps/v8/src/wasm/baseline/liftoff-compiler.cc b/deps/v8/src/wasm/baseline/liftoff-compiler.cc
index 8c8a24783755de..4c1931cb3fcd08 100644
--- a/deps/v8/src/wasm/baseline/liftoff-compiler.cc
+++ b/deps/v8/src/wasm/baseline/liftoff-compiler.cc
@@ -727,16 +727,14 @@ class LiftoffCompiler {
   }
 
   void TierupCheck(FullDecoder* decoder, WasmCodePosition position,
-                   int budget_used, Register scratch_reg) {
+                   int budget_used) {
     if (for_debugging_ != kNoDebugging) return;
     CODE_COMMENT("tierup check");
     // We never want to blow the entire budget at once.
     const int kMax = FLAG_wasm_tiering_budget / 4;
     if (budget_used > kMax) budget_used = kMax;
 
-    LiftoffRegister budget_reg = scratch_reg == no_reg
-                                     ? __ GetUnusedRegister(kGpReg, {})
-                                     : LiftoffRegister(scratch_reg);
+    LiftoffRegister budget_reg = __ GetUnusedRegister(kGpReg, {});
     __ Fill(budget_reg, liftoff::kTierupBudgetOffset, ValueKind::kI32);
     LiftoffRegList regs_to_save = __ cache_state()->used_registers;
     // The cached instance will be reloaded separately.
@@ -2241,7 +2239,8 @@ class LiftoffCompiler {
 
   void TierupCheckOnExit(FullDecoder* decoder) {
     if (!dynamic_tiering()) return;
-    TierupCheck(decoder, decoder->position(), __ pc_offset(), no_reg);
+    TierupCheck(decoder, decoder->position(), __ pc_offset());
+    CODE_COMMENT("update tiering budget");
     LiftoffRegList pinned;
     LiftoffRegister budget = pinned.set(__ GetUnusedRegister(kGpReg, pinned));
     LiftoffRegister array = pinned.set(__ GetUnusedRegister(kGpReg, pinned));
@@ -2586,12 +2585,12 @@ class LiftoffCompiler {
     __ PushRegister(kind, dst);
   }
 
-  void BrImpl(FullDecoder* decoder, Control* target, Register scratch_reg) {
+  void BrImpl(FullDecoder* decoder, Control* target) {
     if (dynamic_tiering()) {
       if (target->is_loop()) {
         DCHECK(target->label.get()->is_bound());
         int jump_distance = __ pc_offset() - target->label.get()->pos();
-        TierupCheck(decoder, decoder->position(), jump_distance, scratch_reg);
+        TierupCheck(decoder, decoder->position(), jump_distance);
       } else {
         // To estimate time spent in this function more accurately, we could
         // increment the tiering budget on forward jumps. However, we don't
@@ -2612,14 +2611,14 @@ class LiftoffCompiler {
 
   void BrOrRet(FullDecoder* decoder, uint32_t depth,
                uint32_t /* drop_values */) {
-    BrOrRetImpl(decoder, depth, no_reg);
+    BrOrRetImpl(decoder, depth);
   }
 
-  void BrOrRetImpl(FullDecoder* decoder, uint32_t depth, Register scratch_reg) {
+  void BrOrRetImpl(FullDecoder* decoder, uint32_t depth) {
     if (depth == decoder->control_depth() - 1) {
       DoReturn(decoder, 0);
     } else {
-      BrImpl(decoder, decoder->control_at(depth), scratch_reg);
+      BrImpl(decoder, decoder->control_at(depth));
     }
   }
 
@@ -2632,16 +2631,26 @@ class LiftoffCompiler {
           decoder->control_at(depth)->br_merge()->arity);
     }
 
-    Register scratch_reg = no_reg;
-    if (dynamic_tiering()) {
-      scratch_reg = __ GetUnusedRegister(kGpReg, {}).gp();
-    }
     Label cont_false;
 
     // Test the condition on the value stack, jump to {cont_false} if zero.
     JumpIfFalse(decoder, &cont_false);
 
-    BrOrRetImpl(decoder, depth, scratch_reg);
+    // As a quickfix for https://crbug.com/1314184 we store the cache state
+    // before calling {BrOrRetImpl} under dynamic tiering, because the tier up
+    // check modifies the cache state (GetUnusedRegister,
+    // LoadInstanceIntoRegister).
+    // TODO(wasm): This causes significant overhead during compilation; try to
+    // avoid this, maybe by passing in scratch registers.
+    if (dynamic_tiering()) {
+      LiftoffAssembler::CacheState old_cache_state;
+      old_cache_state.Split(*__ cache_state());
+      BrOrRetImpl(decoder, depth);
+      __ cache_state()->Steal(old_cache_state);
+    } else {
+      BrOrRetImpl(decoder, depth);
+    }
+
     __ bind(&cont_false);
   }