From 16c9348e6089238cf266aa2dedf678a7729687a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Sun, 21 Apr 2024 14:06:27 +0200 Subject: [PATCH] deps: V8: revert CL 5331688 On Windows debug builds, it is not allowed to dereference empty iterators. Refs: https://chromium-review.googlesource.com/c/v8/v8/+/5331688 PR-URL: https://github.com/nodejs/node/pull/52465 Reviewed-By: Matteo Collina Reviewed-By: Rafael Gonzaga Reviewed-By: Michael Dawson PR-URL: https://github.com/nodejs/node/pull/54077 Reviewed-By: Jiawen Geng Reviewed-By: Richard Lau Reviewed-By: Joyee Cheung Reviewed-By: Marco Ippolito --- common.gypi | 2 +- deps/v8/src/compiler/js-heap-broker.cc | 5 +---- deps/v8/src/ic/ic.cc | 20 +++++++------------ deps/v8/src/ic/ic.h | 2 +- deps/v8/src/objects/map.cc | 7 ++++--- deps/v8/src/objects/map.h | 4 +--- .../test/cctest/test-field-type-tracking.cc | 3 ++- 7 files changed, 17 insertions(+), 26 deletions(-) diff --git a/common.gypi b/common.gypi index 74c4b120c11..af2f3d9cb1a 100644 --- a/common.gypi +++ b/common.gypi @@ -36,7 +36,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.6', + 'v8_embedder_string': '-node.7', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/compiler/js-heap-broker.cc b/deps/v8/src/compiler/js-heap-broker.cc index 52ed543c19c..f614e441fd2 100644 --- a/deps/v8/src/compiler/js-heap-broker.cc +++ b/deps/v8/src/compiler/js-heap-broker.cc @@ -865,10 +865,7 @@ ElementAccessFeedback const& JSHeapBroker::ProcessFeedbackMapsForElementAccess( MapUpdaterGuardIfNeeded mumd_scope(this); transition_target = map.object()->FindElementsKindTransitionedMap( - isolate(), - MapHandlesSpan(possible_transition_targets.begin(), - possible_transition_targets.end()), - ConcurrencyMode::kConcurrent); + isolate(), possible_transition_targets, ConcurrencyMode::kConcurrent); } if (transition_target.is_null()) { diff --git a/deps/v8/src/ic/ic.cc b/deps/v8/src/ic/ic.cc index dfa63ffc399..f97d3a7d6d0 100644 --- a/deps/v8/src/ic/ic.cc +++ b/deps/v8/src/ic/ic.cc @@ -375,7 +375,7 @@ void IC::ConfigureVectorState(Handle name, DirectHandle map, OnFeedbackChanged(IsLoadGlobalIC() ? "LoadGlobal" : "Monomorphic"); } -void IC::ConfigureVectorState(Handle name, MapHandlesSpan maps, +void IC::ConfigureVectorState(Handle name, MapHandles const& maps, MaybeObjectHandles* handlers) { DCHECK(!IsGlobalIC()); std::vector maps_and_handlers; @@ -741,9 +741,10 @@ bool IC::IsTransitionOfMonomorphicTarget(Tagged source_map, source_map->elements_kind(), target_elements_kind); Tagged transitioned_map; if (more_general_transition) { - Handle single_map[1] = {handle(target_map, isolate_)}; + MapHandles map_list; + map_list.push_back(handle(target_map, isolate_)); transitioned_map = source_map->FindElementsKindTransitionedMap( - isolate(), single_map, ConcurrencyMode::kSynchronous); + isolate(), map_list, ConcurrencyMode::kSynchronous); } return transitioned_map == target_map; } @@ -1245,10 +1246,7 @@ void KeyedLoadIC::UpdateLoadElement(Handle receiver, } else if (target_receiver_maps.size() == 1) { ConfigureVectorState(Handle(), target_receiver_maps[0], handlers[0]); } else { - ConfigureVectorState(Handle(), - MapHandlesSpan(target_receiver_maps.begin(), - target_receiver_maps.end()), - &handlers); + ConfigureVectorState(Handle(), target_receiver_maps, &handlers); } } @@ -1447,9 +1445,7 @@ void KeyedLoadIC::LoadElementPolymorphicHandlers( // generate an elements kind transition for this kind of receivers. if (receiver_map->is_stable()) { Tagged tmap = receiver_map->FindElementsKindTransitionedMap( - isolate(), - MapHandlesSpan(receiver_maps->begin(), receiver_maps->end()), - ConcurrencyMode::kSynchronous); + isolate(), *receiver_maps, ConcurrencyMode::kSynchronous); if (!tmap.is_null()) { receiver_map->NotifyLeafMapLayoutChange(isolate()); } @@ -2478,9 +2474,7 @@ void KeyedStoreIC::StoreElementPolymorphicHandlers( } else { { Tagged tmap = receiver_map->FindElementsKindTransitionedMap( - isolate(), - MapHandlesSpan(receiver_maps.begin(), receiver_maps.end()), - ConcurrencyMode::kSynchronous); + isolate(), receiver_maps, ConcurrencyMode::kSynchronous); if (!tmap.is_null()) { if (receiver_map->is_stable()) { receiver_map->NotifyLeafMapLayoutChange(isolate()); diff --git a/deps/v8/src/ic/ic.h b/deps/v8/src/ic/ic.h index 4e101aee14f..3d182a681c0 100644 --- a/deps/v8/src/ic/ic.h +++ b/deps/v8/src/ic/ic.h @@ -88,7 +88,7 @@ class IC { void ConfigureVectorState(Handle name, DirectHandle map, const MaybeObjectHandle& handler); // Configure the vector for POLYMORPHIC. - void ConfigureVectorState(Handle name, MapHandlesSpan maps, + void ConfigureVectorState(Handle name, MapHandles const& maps, MaybeObjectHandles* handlers); void ConfigureVectorState( Handle name, std::vector const& maps_and_handlers); diff --git a/deps/v8/src/objects/map.cc b/deps/v8/src/objects/map.cc index 2f7b885bf04..bb2aad2d908 100644 --- a/deps/v8/src/objects/map.cc +++ b/deps/v8/src/objects/map.cc @@ -922,7 +922,7 @@ Handle Map::GetDerivedMap(Isolate* isolate, Handle from, prototype); } -static bool ContainsMap(MapHandlesSpan maps, Tagged map) { +static bool ContainsMap(MapHandles const& maps, Tagged map) { DCHECK(!map.is_null()); for (Handle current : maps) { if (!current.is_null() && *current == map) return true; @@ -930,7 +930,8 @@ static bool ContainsMap(MapHandlesSpan maps, Tagged map) { return false; } -static bool HasElementsKind(MapHandlesSpan maps, ElementsKind elements_kind) { +static bool HasElementsKind(MapHandles const& maps, + ElementsKind elements_kind) { for (Handle current : maps) { if (!current.is_null() && current->elements_kind() == elements_kind) return true; @@ -939,7 +940,7 @@ static bool HasElementsKind(MapHandlesSpan maps, ElementsKind elements_kind) { } Tagged Map::FindElementsKindTransitionedMap(Isolate* isolate, - MapHandlesSpan candidates, + MapHandles const& candidates, ConcurrencyMode cmode) { DisallowGarbageCollection no_gc; diff --git a/deps/v8/src/objects/map.h b/deps/v8/src/objects/map.h index 15cc7ffc6cf..bfb1091086a 100644 --- a/deps/v8/src/objects/map.h +++ b/deps/v8/src/objects/map.h @@ -5,7 +5,6 @@ #ifndef V8_OBJECTS_MAP_H_ #define V8_OBJECTS_MAP_H_ -#include "include/v8-memory-span.h" #include "src/base/bit-field.h" #include "src/common/globals.h" #include "src/objects/code.h" @@ -138,7 +137,6 @@ enum class ObjectFields { }; using MapHandles = std::vector>; -using MapHandlesSpan = v8::MemorySpan>; #include "torque-generated/src/objects/map-tq.inc" @@ -851,7 +849,7 @@ class Map : public TorqueGeneratedMap { // elements_kind that's found in |candidates|, or |nullptr| if no match is // found at all. V8_EXPORT_PRIVATE Tagged FindElementsKindTransitionedMap( - Isolate* isolate, MapHandlesSpan candidates, ConcurrencyMode cmode); + Isolate* isolate, MapHandles const& candidates, ConcurrencyMode cmode); inline bool CanTransition() const; diff --git a/deps/v8/test/cctest/test-field-type-tracking.cc b/deps/v8/test/cctest/test-field-type-tracking.cc index 6159f7d69da..bd596b9186d 100644 --- a/deps/v8/test/cctest/test-field-type-tracking.cc +++ b/deps/v8/test/cctest/test-field-type-tracking.cc @@ -1841,7 +1841,8 @@ static void TestReconfigureElementsKind_GeneralizeFieldInPlace( // Ensure Map::FindElementsKindTransitionedMap() is able to find the // transitioned map. { - Handle map_list[1]{updated_map}; + MapHandles map_list; + map_list.push_back(updated_map); Tagged transitioned_map = map2->FindElementsKindTransitionedMap( isolate, map_list, ConcurrencyMode::kSynchronous); CHECK_EQ(*updated_map, transitioned_map);