From 26ea5418cfb8f31b06b8a3b9984163ec02bd2ded Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Fri, 3 Apr 2026 10:06:00 +0200 Subject: [PATCH 01/31] deps: update V8 to 14.8.178.1 --- deps/v8/.clang-format | 5 + deps/v8/.git-blame-ignore-revs | 3 + deps/v8/.gitignore | 2 + deps/v8/.gn | 9 +- deps/v8/AUTHORS | 9 +- deps/v8/BUILD.bazel | 173 +- deps/v8/BUILD.gn | 689 +- deps/v8/COMMON_OWNERS | 1 + deps/v8/DEPS | 331 +- deps/v8/GEMINI.md | 62 - deps/v8/MODULE.bazel | 180 +- deps/v8/README.md | 2 +- deps/v8/RISCV_OWNERS | 2 +- deps/v8/WATCHLISTS | 7 + deps/v8/agents/OWNERS | 1 + .../skills/port-to-heapobjectlayout/SKILL.md | 346 + deps/v8/agents/skills/torque/SKILL.md | 87 + deps/v8/bazel/config/BUILD.bazel | 25 + deps/v8/bazel/defs.bzl | 6 +- deps/v8/bazel/toolchain/BUILD.bazel | 2 + deps/v8/bazel/toolchain/libcxx_repository.bzl | 99 + deps/v8/bazel/toolchain/llvm_repository.bzl | 40 + deps/v8/docs/OWNERS | 2 +- deps/v8/docs/README.md | 2 +- deps/v8/docs/security/triaging.md | 111 + deps/v8/gni/cluster_build.gni | 221 + deps/v8/gni/v8.gni | 82 +- deps/v8/include/cppgc/allocation.h | 13 +- deps/v8/include/cppgc/heap.h | 19 +- .../v8/include/cppgc/internal/api-constants.h | 2 +- deps/v8/include/libplatform/v8-tracing.h | 15 +- deps/v8/include/v8-array-buffer.h | 10 + deps/v8/include/v8-callbacks.h | 9 + deps/v8/include/v8-context.h | 47 +- deps/v8/include/v8-cppgc.h | 5 + deps/v8/include/v8-data.h | 3 +- deps/v8/include/v8-debug.h | 47 +- deps/v8/include/v8-exception.h | 11 +- deps/v8/include/v8-extension.h | 2 - deps/v8/include/v8-external.h | 29 +- deps/v8/include/v8-function-callback.h | 353 +- deps/v8/include/v8-function.h | 4 +- deps/v8/include/v8-initialization.h | 41 + deps/v8/include/v8-inspector.h | 24 + deps/v8/include/v8-internal.h | 345 +- deps/v8/include/v8-isolate.h | 37 +- deps/v8/include/v8-message.h | 6 +- deps/v8/include/v8-metrics.h | 1 + deps/v8/include/v8-object.h | 155 +- deps/v8/include/v8-persistent-handle.h | 12 +- deps/v8/include/v8-platform.h | 220 +- deps/v8/include/v8-primitive-object.h | 2 +- deps/v8/include/v8-primitive.h | 50 +- deps/v8/include/v8-profiler.h | 53 +- deps/v8/include/v8-promise.h | 21 +- deps/v8/include/v8-sandbox.h | 87 +- deps/v8/include/v8-script.h | 44 +- deps/v8/include/v8-source-location.h | 17 +- deps/v8/include/v8-template.h | 414 +- deps/v8/include/v8-trace-categories.h | 6 +- deps/v8/include/v8-version.h | 6 +- deps/v8/include/v8-wasm.h | 149 +- deps/v8/include/v8config.h | 17 +- deps/v8/infra/mb/mb_config.pyl | 105 +- deps/v8/infra/testing/builders.pyl | 209 +- deps/v8/samples/hello-world.cc | 5 +- deps/v8/samples/process.cc | 17 +- deps/v8/samples/shell.cc | 5 +- deps/v8/src/DEPS | 10 +- deps/v8/src/api/api-arguments-inl.h | 443 +- deps/v8/src/api/api-arguments.cc | 62 +- deps/v8/src/api/api-arguments.h | 335 +- deps/v8/src/api/api.cc | 1033 +-- deps/v8/src/api/api.h | 23 +- deps/v8/src/asmjs/asm-js.cc | 5 +- deps/v8/src/asmjs/asm-parser.cc | 23 +- deps/v8/src/asmjs/asm-parser.h | 2 + .../ast/ast-function-literal-id-reindexer.cc | 19 +- deps/v8/src/ast/ast-traversal-visitor.h | 12 + deps/v8/src/ast/ast-value-factory.cc | 34 +- deps/v8/src/ast/ast-value-factory.h | 6 +- deps/v8/src/ast/ast.cc | 190 +- deps/v8/src/ast/ast.h | 84 +- deps/v8/src/ast/modules.cc | 23 +- deps/v8/src/ast/modules.h | 13 +- deps/v8/src/ast/prettyprinter.cc | 57 +- deps/v8/src/ast/scopes.cc | 533 +- deps/v8/src/ast/scopes.h | 453 +- deps/v8/src/ast/variables.h | 7 +- deps/v8/src/base/DEPS | 3 + deps/v8/src/base/algorithm.h | 51 + deps/v8/src/base/atomic-utils.h | 5 + deps/v8/src/base/bits.h | 31 + deps/v8/src/base/bounded-page-allocator.h | 13 + deps/v8/src/base/bounds.h | 9 + deps/v8/src/base/cpu.cc | 1053 --- deps/v8/src/base/cpu/cpu-arm.cc | 468 ++ deps/v8/src/base/cpu/cpu-helper.h | 44 + deps/v8/src/base/cpu/cpu-loong64.cc | 60 + deps/v8/src/base/cpu/cpu-mips64.cc | 43 + deps/v8/src/base/cpu/cpu-ppc.cc | 92 + deps/v8/src/base/cpu/cpu-riscv.cc | 81 + deps/v8/src/base/cpu/cpu-s390.cc | 11 + deps/v8/src/base/cpu/cpu-x86.cc | 246 + deps/v8/src/base/cpu/cpu.cc | 226 + deps/v8/src/base/{ => cpu}/cpu.h | 176 +- deps/v8/src/base/debug/stack_trace.h | 2 +- .../base/emulated-virtual-address-subspace.cc | 4 +- .../base/emulated-virtual-address-subspace.h | 6 +- deps/v8/src/base/flags.h | 4 + deps/v8/src/{wasm => base}/float16.h | 12 +- deps/v8/src/base/ieee754.cc | 67 - deps/v8/src/base/ieee754.h | 4 +- deps/v8/src/base/logging.cc | 33 +- deps/v8/src/base/logging.h | 85 +- deps/v8/src/base/macros.h | 80 + deps/v8/src/base/memcopy.h | 261 + deps/v8/src/base/numbers/diy-fp.cc | 23 - deps/v8/src/base/numbers/diy-fp.h | 19 +- deps/v8/src/base/numbers/fixed-dtoa.cc | 77 +- .../base/platform/memory-protection-key.cc | 34 +- .../src/base/platform/memory-protection-key.h | 6 +- deps/v8/src/base/platform/platform-darwin.cc | 20 +- deps/v8/src/base/platform/platform-fuchsia.cc | 92 +- deps/v8/src/base/platform/platform-linux.cc | 232 +- deps/v8/src/base/platform/platform-linux.h | 36 +- deps/v8/src/base/platform/platform-posix.cc | 75 +- deps/v8/src/base/platform/platform-posix.h | 3 +- .../src/base/platform/platform-starboard.cc | 6 +- deps/v8/src/base/platform/platform-win32.cc | 41 +- deps/v8/src/base/platform/platform-zos.cc | 8 +- deps/v8/src/base/platform/platform.h | 40 +- deps/v8/src/base/platform/time.cc | 2 +- deps/v8/src/base/sanitizer/asan.h | 10 + .../sanitizer/lsan-virtual-address-space.cc | 4 +- .../sanitizer/lsan-virtual-address-space.h | 6 +- deps/v8/src/base/small-map.h | 28 +- deps/v8/src/base/small-vector.h | 61 +- .../src/base/template-meta-programming/list.h | 73 +- deps/v8/src/base/timezone-cache.h | 4 +- .../src/base/utils/random-number-generator.cc | 10 +- .../src/base/utils/random-number-generator.h | 8 +- deps/v8/src/base/vector.h | 132 +- .../virtual-address-space-page-allocator.cc | 28 +- deps/v8/src/base/virtual-address-space.cc | 128 +- deps/v8/src/base/virtual-address-space.h | 26 +- .../baseline/arm/baseline-assembler-arm-inl.h | 39 +- .../arm64/baseline-assembler-arm64-inl.h | 71 +- deps/v8/src/baseline/baseline-assembler.h | 11 +- .../src/baseline/baseline-batch-compiler.cc | 4 +- .../v8/src/baseline/baseline-batch-compiler.h | 4 +- deps/v8/src/baseline/baseline-compiler.cc | 443 +- deps/v8/src/baseline/baseline-compiler.h | 22 +- .../src/baseline/bytecode-offset-iterator.cc | 4 +- .../src/baseline/bytecode-offset-iterator.h | 9 +- .../ia32/baseline-assembler-ia32-inl.h | 31 +- .../loong64/baseline-assembler-loong64-inl.h | 78 +- .../mips64/baseline-assembler-mips64-inl.h | 41 +- .../baseline/ppc/baseline-assembler-ppc-inl.h | 39 +- .../riscv/baseline-assembler-riscv-inl.h | 72 +- .../s390/baseline-assembler-s390-inl.h | 48 +- .../baseline/x64/baseline-assembler-x64-inl.h | 73 +- deps/v8/src/bigint/DEPS | 4 + deps/v8/src/bigint/bigint-inl.h | 1355 ++++ deps/v8/src/bigint/bigint-internal.cc | 191 +- deps/v8/src/bigint/bigint-internal.h | 69 +- deps/v8/src/bigint/bigint.h | 471 +- deps/v8/src/bigint/bitwise.cc | 346 - deps/v8/src/bigint/digit-arithmetic.h | 197 - deps/v8/src/bigint/div-barrett.cc | 36 +- deps/v8/src/bigint/div-burnikel.cc | 40 +- deps/v8/src/bigint/div-helpers-inl.h | 166 + deps/v8/src/bigint/div-helpers.cc | 68 - deps/v8/src/bigint/div-helpers.h | 82 - deps/v8/src/bigint/div-schoolbook.cc | 180 +- deps/v8/src/bigint/fromstring.cc | 31 +- deps/v8/src/bigint/mul-fft.cc | 120 +- deps/v8/src/bigint/mul-karatsuba.cc | 32 +- deps/v8/src/bigint/mul-schoolbook.cc | 97 - deps/v8/src/bigint/mul-toom.cc | 8 +- deps/v8/src/bigint/tostring.cc | 54 +- deps/v8/src/bigint/util.h | 36 - deps/v8/src/bigint/vector-arithmetic-inl.h | 63 + deps/v8/src/bigint/vector-arithmetic.cc | 144 - deps/v8/src/bigint/vector-arithmetic.h | 63 - deps/v8/src/builtins/DEPS | 3 + deps/v8/src/builtins/accessors.cc | 120 +- deps/v8/src/builtins/accessors.h | 27 +- deps/v8/src/builtins/arm/builtins-arm.cc | 723 +- deps/v8/src/builtins/arm64/builtins-arm64.cc | 816 ++- deps/v8/src/builtins/array-copywithin.tq | 2 +- deps/v8/src/builtins/array-every.tq | 2 +- deps/v8/src/builtins/array-filter.tq | 2 +- deps/v8/src/builtins/array-find.tq | 2 +- deps/v8/src/builtins/array-findindex.tq | 2 +- deps/v8/src/builtins/array-flat.tq | 342 +- deps/v8/src/builtins/array-foreach.tq | 2 +- deps/v8/src/builtins/array-from.tq | 2 +- deps/v8/src/builtins/array-isarray.tq | 2 +- deps/v8/src/builtins/array-join.tq | 21 +- deps/v8/src/builtins/array-lastindexof.tq | 2 +- deps/v8/src/builtins/array-map.tq | 10 +- deps/v8/src/builtins/array-of.tq | 2 +- deps/v8/src/builtins/array-reduce-right.tq | 2 +- deps/v8/src/builtins/array-reduce.tq | 2 +- deps/v8/src/builtins/array-reverse.tq | 2 +- deps/v8/src/builtins/array-shift.tq | 2 +- deps/v8/src/builtins/array-slice.tq | 2 +- deps/v8/src/builtins/array-some.tq | 2 +- deps/v8/src/builtins/array-splice.tq | 2 +- deps/v8/src/builtins/array-unshift.tq | 2 +- deps/v8/src/builtins/arraybuffer.tq | 35 +- deps/v8/src/builtins/base.tq | 46 +- deps/v8/src/builtins/boolean.tq | 4 +- deps/v8/src/builtins/builtins-api.cc | 126 +- deps/v8/src/builtins/builtins-array-gen.cc | 90 +- deps/v8/src/builtins/builtins-array-gen.h | 2 +- deps/v8/src/builtins/builtins-array.cc | 149 +- deps/v8/src/builtins/builtins-arraybuffer.cc | 441 +- .../builtins/builtins-async-function-gen.cc | 82 +- deps/v8/src/builtins/builtins-async-gen.cc | 253 +- deps/v8/src/builtins/builtins-async-gen.h | 42 +- .../builtins/builtins-async-generator-gen.cc | 131 +- .../builtins/builtins-async-iterator-gen.cc | 15 +- .../builtins-atomics-synchronization.cc | 143 - deps/v8/src/builtins/builtins-bigint-gen.cc | 8 +- deps/v8/src/builtins/builtins-bigint-gen.h | 62 +- deps/v8/src/builtins/builtins-bigint.tq | 69 +- deps/v8/src/builtins/builtins-call-gen.cc | 28 +- deps/v8/src/builtins/builtins-callsite.cc | 65 +- .../src/builtins/builtins-collections-gen.cc | 37 +- .../src/builtins/builtins-constructor-gen.cc | 51 +- deps/v8/src/builtins/builtins-dataview.cc | 20 +- deps/v8/src/builtins/builtins-date-gen.cc | 20 + deps/v8/src/builtins/builtins-date.cc | 10 +- deps/v8/src/builtins/builtins-definitions.h | 627 +- deps/v8/src/builtins/builtins-function.cc | 3 +- .../v8/src/builtins/builtins-generator-gen.cc | 35 +- deps/v8/src/builtins/builtins-global-gen.cc | 4 +- deps/v8/src/builtins/builtins-ic-gen.cc | 60 +- deps/v8/src/builtins/builtins-inl.h | 80 +- deps/v8/src/builtins/builtins-internal-gen.cc | 329 +- deps/v8/src/builtins/builtins-intl-gen.cc | 4 + deps/v8/src/builtins/builtins-intl.cc | 168 +- deps/v8/src/builtins/builtins-iterator-gen.cc | 117 + deps/v8/src/builtins/builtins-iterator-gen.h | 16 +- deps/v8/src/builtins/builtins-iterator-inl.h | 541 ++ deps/v8/src/builtins/builtins-iterator.h | 47 + deps/v8/src/builtins/builtins-math-xsum.cc | 312 + deps/v8/src/builtins/builtins-math-xsum.h | 146 + deps/v8/src/builtins/builtins-math.cc | 102 + .../builtins/builtins-microtask-queue-gen.cc | 337 +- deps/v8/src/builtins/builtins-number-gen.cc | 271 +- deps/v8/src/builtins/builtins-object-gen.cc | 69 +- deps/v8/src/builtins/builtins-object.cc | 34 +- deps/v8/src/builtins/builtins-proxy-gen.cc | 4 + deps/v8/src/builtins/builtins-regexp-gen.cc | 88 +- deps/v8/src/builtins/builtins-regexp-gen.h | 3 + deps/v8/src/builtins/builtins-regexp.cc | 10 +- .../src/builtins/builtins-shadow-realm-gen.cc | 6 +- deps/v8/src/builtins/builtins-shared-array.cc | 2 +- .../builtins-sharedarraybuffer-gen.cc | 159 +- .../builtins/builtins-sharedarraybuffer.cc | 9 +- deps/v8/src/builtins/builtins-string-gen.cc | 116 +- deps/v8/src/builtins/builtins-string-gen.h | 2 +- .../v8/src/builtins/builtins-string-tsa-inl.h | 694 ++ deps/v8/src/builtins/builtins-string-tsa.cc | 143 +- deps/v8/src/builtins/builtins-string.cc | 11 +- deps/v8/src/builtins/builtins-string.tq | 34 +- deps/v8/src/builtins/builtins-symbol.cc | 8 +- deps/v8/src/builtins/builtins-temporal.cc | 520 +- deps/v8/src/builtins/builtins-trace.cc | 9 +- .../src/builtins/builtins-typed-array-gen.cc | 154 +- .../src/builtins/builtins-typed-array-gen.h | 27 +- deps/v8/src/builtins/builtins-typed-array.cc | 95 +- deps/v8/src/builtins/builtins-utils.h | 23 +- deps/v8/src/builtins/builtins-wasm-gen.cc | 48 +- deps/v8/src/builtins/builtins-wasm-gen.h | 8 - deps/v8/src/builtins/builtins.cc | 57 +- deps/v8/src/builtins/builtins.h | 78 +- deps/v8/src/builtins/cast.tq | 51 +- .../src/builtins/constants-table-builder.cc | 16 +- deps/v8/src/builtins/constructor.tq | 4 +- deps/v8/src/builtins/conversion.tq | 28 +- deps/v8/src/builtins/convert.tq | 8 + deps/v8/src/builtins/data-view.tq | 42 +- deps/v8/src/builtins/function.tq | 6 +- .../generate-bytecodes-builtins-list.cc | 15 +- deps/v8/src/builtins/ia32/builtins-ia32.cc | 1112 ++- deps/v8/src/builtins/iterator-from.tq | 8 +- deps/v8/src/builtins/iterator-helpers.tq | 895 ++- deps/v8/src/builtins/iterator.tq | 56 +- deps/v8/src/builtins/js-to-js.tq | 2 +- deps/v8/src/builtins/js-to-wasm.tq | 100 +- .../src/builtins/js-trampoline-assembler.cc | 139 +- .../v8/src/builtins/js-trampoline-assembler.h | 15 - .../src/builtins/loong64/builtins-loong64.cc | 1113 +-- deps/v8/src/builtins/math.tq | 75 +- .../v8/src/builtins/mips64/builtins-mips64.cc | 549 +- deps/v8/src/builtins/number.tq | 16 +- deps/v8/src/builtins/object.tq | 6 +- deps/v8/src/builtins/ppc/builtins-ppc.cc | 749 +- deps/v8/src/builtins/profile-data-reader.cc | 27 +- deps/v8/src/builtins/profile-data-reader.h | 7 +- .../builtins/promise-abstract-operations.tq | 25 +- deps/v8/src/builtins/promise-all.tq | 4 +- deps/v8/src/builtins/promise-misc.tq | 28 +- deps/v8/src/builtins/proxy-constructor.tq | 6 +- deps/v8/src/builtins/proxy-delete-property.tq | 2 +- deps/v8/src/builtins/proxy-get-property.tq | 4 +- .../v8/src/builtins/proxy-get-prototype-of.tq | 4 +- deps/v8/src/builtins/proxy-has-property.tq | 4 +- deps/v8/src/builtins/proxy-is-extensible.tq | 4 +- .../src/builtins/proxy-prevent-extensions.tq | 2 +- deps/v8/src/builtins/proxy-revocable.tq | 2 +- deps/v8/src/builtins/proxy-revoke.tq | 2 +- deps/v8/src/builtins/proxy-set-property.tq | 4 +- .../v8/src/builtins/proxy-set-prototype-of.tq | 2 +- deps/v8/src/builtins/reflect.tq | 6 +- deps/v8/src/builtins/regexp-exec.tq | 2 +- deps/v8/src/builtins/regexp-match-all.tq | 4 +- deps/v8/src/builtins/regexp-match.tq | 10 +- deps/v8/src/builtins/regexp-replace.tq | 12 +- deps/v8/src/builtins/regexp-search.tq | 2 +- deps/v8/src/builtins/regexp-source.tq | 2 +- deps/v8/src/builtins/regexp-split.tq | 2 +- deps/v8/src/builtins/regexp-test.tq | 2 +- deps/v8/src/builtins/regexp.tq | 26 +- deps/v8/src/builtins/riscv/builtins-riscv.cc | 1065 +-- deps/v8/src/builtins/s390/builtins-s390.cc | 700 +- .../src/builtins/setup-builtins-internal.cc | 4 +- deps/v8/src/builtins/string-endswith.tq | 2 +- deps/v8/src/builtins/string-html.tq | 28 +- deps/v8/src/builtins/string-iterator.tq | 4 +- deps/v8/src/builtins/string-pad.tq | 4 +- deps/v8/src/builtins/string-repeat.tq | 2 +- deps/v8/src/builtins/string-slice.tq | 4 +- deps/v8/src/builtins/string-startswith.tq | 2 +- deps/v8/src/builtins/string-substr.tq | 2 +- deps/v8/src/builtins/string-substring.tq | 2 +- deps/v8/src/builtins/string-trim.tq | 2 +- deps/v8/src/builtins/superspread.h | 39 + deps/v8/src/builtins/symbol.tq | 8 +- deps/v8/src/builtins/typed-array-at.tq | 3 +- .../builtins/typed-array-createtypedarray.tq | 92 +- deps/v8/src/builtins/typed-array-entries.tq | 8 +- deps/v8/src/builtins/typed-array-every.tq | 15 +- deps/v8/src/builtins/typed-array-filter.tq | 16 +- deps/v8/src/builtins/typed-array-find.tq | 15 +- deps/v8/src/builtins/typed-array-findindex.tq | 14 +- deps/v8/src/builtins/typed-array-findlast.tq | 12 +- .../src/builtins/typed-array-findlastindex.tq | 11 +- deps/v8/src/builtins/typed-array-foreach.tq | 14 +- deps/v8/src/builtins/typed-array-from.tq | 14 +- deps/v8/src/builtins/typed-array-keys.tq | 7 +- deps/v8/src/builtins/typed-array-of.tq | 5 +- deps/v8/src/builtins/typed-array-reduce.tq | 16 +- .../src/builtins/typed-array-reduceright.tq | 18 +- deps/v8/src/builtins/typed-array-set.tq | 23 +- deps/v8/src/builtins/typed-array-slice.tq | 25 +- deps/v8/src/builtins/typed-array-some.tq | 13 +- deps/v8/src/builtins/typed-array-sort.tq | 15 +- deps/v8/src/builtins/typed-array-subarray.tq | 11 +- .../src/builtins/typed-array-to-reversed.tq | 5 +- deps/v8/src/builtins/typed-array-to-sorted.tq | 4 +- deps/v8/src/builtins/typed-array-values.tq | 7 +- deps/v8/src/builtins/typed-array-with.tq | 49 +- deps/v8/src/builtins/typed-array.tq | 59 +- deps/v8/src/builtins/wasm-strings.tq | 129 +- deps/v8/src/builtins/wasm-to-js.tq | 2 +- deps/v8/src/builtins/wasm.tq | 122 +- deps/v8/src/builtins/x64/builtins-x64.cc | 971 ++- deps/v8/src/codegen/DEPS | 2 +- deps/v8/src/codegen/arm/assembler-arm.cc | 34 +- .../arm/interface-descriptors-arm-inl.h | 14 +- .../v8/src/codegen/arm/macro-assembler-arm.cc | 248 +- deps/v8/src/codegen/arm/macro-assembler-arm.h | 28 +- deps/v8/src/codegen/arm/reglist-arm.h | 2 + .../src/codegen/arm64/assembler-arm64-inl.h | 10 + deps/v8/src/codegen/arm64/assembler-arm64.cc | 113 +- deps/v8/src/codegen/arm64/assembler-arm64.h | 27 + deps/v8/src/codegen/arm64/constants-arm64.h | 16 + deps/v8/src/codegen/arm64/decoder-arm64-inl.h | 7 +- deps/v8/src/codegen/arm64/decoder-arm64.h | 1 + .../src/codegen/arm64/instructions-arm64.cc | 42 + .../v8/src/codegen/arm64/instructions-arm64.h | 17 + .../arm64/interface-descriptors-arm64-inl.h | 24 +- .../codegen/arm64/macro-assembler-arm64-inl.h | 61 +- .../codegen/arm64/macro-assembler-arm64.cc | 693 +- .../src/codegen/arm64/macro-assembler-arm64.h | 85 +- deps/v8/src/codegen/arm64/register-arm64.cc | 8 + deps/v8/src/codegen/arm64/register-arm64.h | 67 +- deps/v8/src/codegen/arm64/reglist-arm64.h | 2 + deps/v8/src/codegen/assembler.cc | 7 +- deps/v8/src/codegen/assembler.h | 13 +- deps/v8/src/codegen/atomic-memory-order.h | 7 +- deps/v8/src/codegen/background-merge-task.h | 2 + deps/v8/src/codegen/bailout-reason.h | 238 +- deps/v8/src/codegen/code-stub-assembler-inl.h | 26 + deps/v8/src/codegen/code-stub-assembler.cc | 1701 +++-- deps/v8/src/codegen/code-stub-assembler.h | 366 +- deps/v8/src/codegen/compilation-cache.cc | 20 +- deps/v8/src/codegen/compilation-cache.h | 10 +- deps/v8/src/codegen/compiler.cc | 255 +- deps/v8/src/codegen/compiler.h | 14 +- deps/v8/src/codegen/cpu-features.h | 23 +- .../define-code-stub-assembler-macros.inc | 7 +- .../src/codegen/external-reference-table.cc | 32 +- .../v8/src/codegen/external-reference-table.h | 7 +- deps/v8/src/codegen/external-reference.cc | 219 +- deps/v8/src/codegen/external-reference.h | 118 +- deps/v8/src/codegen/handler-table.cc | 72 +- deps/v8/src/codegen/handler-table.h | 38 +- deps/v8/src/codegen/ia32/assembler-ia32.cc | 7 +- .../ia32/interface-descriptors-ia32-inl.h | 9 +- .../src/codegen/ia32/macro-assembler-ia32.cc | 236 +- .../src/codegen/ia32/macro-assembler-ia32.h | 27 +- deps/v8/src/codegen/ia32/reglist-ia32.h | 2 + .../src/codegen/interface-descriptors-inl.h | 90 +- deps/v8/src/codegen/interface-descriptors.h | 664 +- deps/v8/src/codegen/label.h | 8 +- .../codegen/loong64/assembler-loong64-inl.h | 2 +- .../src/codegen/loong64/assembler-loong64.cc | 3922 ++++++++++- .../src/codegen/loong64/assembler-loong64.h | 733 +- .../src/codegen/loong64/constants-loong64.cc | 40 + .../src/codegen/loong64/constants-loong64.h | 1796 ++++- .../interface-descriptors-loong64-inl.h | 30 +- .../loong64/macro-assembler-loong64.cc | 1504 ++-- .../codegen/loong64/macro-assembler-loong64.h | 307 +- .../v8/src/codegen/loong64/register-loong64.h | 47 +- deps/v8/src/codegen/loong64/reglist-loong64.h | 2 + deps/v8/src/codegen/maglev-safepoint-table.cc | 36 +- deps/v8/src/codegen/maglev-safepoint-table.h | 38 + .../v8/src/codegen/mips64/assembler-mips64.cc | 20 +- deps/v8/src/codegen/mips64/assembler-mips64.h | 6 +- deps/v8/src/codegen/mips64/constants-mips64.h | 2 +- .../mips64/interface-descriptors-mips64-inl.h | 14 +- .../codegen/mips64/macro-assembler-mips64.cc | 368 +- .../codegen/mips64/macro-assembler-mips64.h | 43 +- deps/v8/src/codegen/mips64/reglist-mips64.h | 1 + .../src/codegen/optimized-compilation-info.cc | 3 + deps/v8/src/codegen/ppc/assembler-ppc.cc | 29 +- deps/v8/src/codegen/ppc/assembler-ppc.h | 6 +- .../ppc/interface-descriptors-ppc-inl.h | 11 +- .../v8/src/codegen/ppc/macro-assembler-ppc.cc | 346 +- deps/v8/src/codegen/ppc/macro-assembler-ppc.h | 39 +- deps/v8/src/codegen/ppc/register-ppc.h | 9 - deps/v8/src/codegen/reloc-info-inl.h | 4 - deps/v8/src/codegen/reloc-info.cc | 19 +- .../src/codegen/riscv/assembler-riscv-inl.h | 6 - deps/v8/src/codegen/riscv/assembler-riscv.cc | 84 +- deps/v8/src/codegen/riscv/assembler-riscv.h | 65 +- .../src/codegen/riscv/base-assembler-riscv.cc | 2 +- .../src/codegen/riscv/base-assembler-riscv.h | 9 +- .../src/codegen/riscv/base-constants-riscv.h | 33 +- .../src/codegen/riscv/constant-pool-riscv.cc | 131 +- .../src/codegen/riscv/constant-pool-riscv.h | 99 +- deps/v8/src/codegen/riscv/constant-riscv-v.h | 33 + .../src/codegen/riscv/extension-riscv-zicsr.h | 1 + .../src/codegen/riscv/extension-riscv-zimop.h | 8 +- .../riscv/interface-descriptors-riscv-inl.h | 14 +- .../codegen/riscv/macro-assembler-riscv.cc | 848 ++- .../src/codegen/riscv/macro-assembler-riscv.h | 118 +- deps/v8/src/codegen/riscv/register-riscv.h | 34 +- deps/v8/src/codegen/riscv/reglist-riscv.h | 4 +- deps/v8/src/codegen/s390/assembler-s390.cc | 54 +- deps/v8/src/codegen/s390/assembler-s390.h | 6 +- .../s390/interface-descriptors-s390-inl.h | 11 +- .../src/codegen/s390/macro-assembler-s390.cc | 595 +- .../src/codegen/s390/macro-assembler-s390.h | 64 +- deps/v8/src/codegen/s390/reglist-s390.h | 2 + deps/v8/src/codegen/safepoint-table-base.h | 13 +- deps/v8/src/codegen/safepoint-table.cc | 742 +- deps/v8/src/codegen/safepoint-table.h | 364 +- .../macro-assembler-shared-ia32-x64.cc | 1 + deps/v8/src/codegen/signature.h | 29 +- deps/v8/src/codegen/source-position-table.cc | 8 +- deps/v8/src/codegen/tnode.h | 10 +- .../turboshaft-builtins-assembler-inl.h | 584 +- deps/v8/src/codegen/x64/assembler-x64-inl.h | 110 +- deps/v8/src/codegen/x64/assembler-x64.cc | 739 +- deps/v8/src/codegen/x64/assembler-x64.h | 486 +- .../x64/interface-descriptors-x64-inl.h | 18 +- .../v8/src/codegen/x64/macro-assembler-x64.cc | 539 +- deps/v8/src/codegen/x64/macro-assembler-x64.h | 86 +- deps/v8/src/codegen/x64/register-x64.h | 7 + deps/v8/src/codegen/x64/reglist-x64.h | 2 + deps/v8/src/common/assert-scope.h | 3 + deps/v8/src/common/checks.h | 19 + deps/v8/src/common/code-memory-access-inl.h | 14 + deps/v8/src/common/code-memory-access.cc | 37 +- deps/v8/src/common/code-memory-access.h | 30 +- deps/v8/src/common/globals.h | 342 +- deps/v8/src/common/message-template.h | 31 +- deps/v8/src/common/segmented-table-inl.h | 21 +- deps/v8/src/common/simd128.h | 2 +- .../lazy-compile-dispatcher.cc | 134 +- .../lazy-compile-dispatcher.h | 17 +- .../optimizing-compile-dispatcher.cc | 22 +- deps/v8/src/compiler/access-builder.cc | 138 +- deps/v8/src/compiler/access-builder.h | 19 +- deps/v8/src/compiler/access-info.cc | 89 +- .../backend/arm/code-generator-arm.cc | 79 +- .../backend/arm/instruction-selector-arm.cc | 108 +- .../backend/arm64/code-generator-arm64.cc | 736 +- .../backend/arm64/instruction-codes-arm64.h | 118 +- .../arm64/instruction-scheduler-arm64.cc | 93 +- .../arm64/instruction-selector-arm64.cc | 1165 +++- .../v8/src/compiler/backend/block-position.cc | 97 + deps/v8/src/compiler/backend/block-position.h | 41 + .../compiler/backend/code-generator-impl.h | 15 + .../v8/src/compiler/backend/code-generator.cc | 98 +- deps/v8/src/compiler/backend/code-generator.h | 31 +- .../backend/ia32/code-generator-ia32.cc | 114 +- .../backend/ia32/instruction-selector-ia32.cc | 24 +- .../src/compiler/backend/instruction-codes.h | 8 +- .../compiler/backend/instruction-scheduler.cc | 7 + .../compiler/backend/instruction-selector.cc | 219 +- .../compiler/backend/instruction-selector.h | 86 +- deps/v8/src/compiler/backend/instruction.cc | 6 + deps/v8/src/compiler/backend/instruction.h | 122 +- .../backend/loong64/code-generator-loong64.cc | 2804 +++++++- .../loong64/instruction-codes-loong64.h | 22 +- .../loong64/instruction-selector-loong64.cc | 714 +- .../backend/mips64/code-generator-mips64.cc | 73 +- .../mips64/instruction-selector-mips64.cc | 51 +- .../backend/ppc/code-generator-ppc.cc | 145 +- .../backend/ppc/instruction-selector-ppc.cc | 8 +- .../backend/register-allocator-verifier.cc | 14 +- .../backend/riscv/code-generator-riscv.cc | 604 +- .../backend/riscv/instruction-codes-riscv.h | 8 +- .../riscv/instruction-scheduler-riscv.cc | 12 +- .../riscv/instruction-selector-riscv.h | 151 +- .../riscv/instruction-selector-riscv32.cc | 17 +- .../riscv/instruction-selector-riscv64.cc | 261 +- .../riscv/register-constraints-riscv.h | 4 +- .../backend/s390/code-generator-s390.cc | 222 +- .../backend/s390/instruction-selector-s390.cc | 78 +- deps/v8/src/compiler/backend/spill-placer.cc | 10 +- .../backend/x64/code-generator-x64.cc | 184 +- .../backend/x64/instruction-codes-x64.h | 7 +- .../backend/x64/instruction-scheduler-x64.cc | 9 +- .../backend/x64/instruction-selector-x64.cc | 151 +- .../basic-block-call-graph-profiler.cc | 79 + ...or.h => basic-block-call-graph-profiler.h} | 18 +- .../src/compiler/basic-block-instrumentor.cc | 269 - deps/v8/src/compiler/bytecode-analysis.cc | 9 +- .../v8/src/compiler/bytecode-graph-builder.cc | 455 +- deps/v8/src/compiler/code-assembler.cc | 30 +- deps/v8/src/compiler/code-assembler.h | 110 +- deps/v8/src/compiler/common-operator.cc | 9 + deps/v8/src/compiler/common-operator.h | 1 + .../src/compiler/compilation-dependencies.cc | 15 +- .../src/compiler/compilation-dependencies.h | 11 +- .../src/compiler/escape-analysis-reducer.cc | 17 + deps/v8/src/compiler/fast-api-calls.cc | 14 +- deps/v8/src/compiler/feedback-source.cc | 18 + deps/v8/src/compiler/feedback-source.h | 39 + deps/v8/src/compiler/frame-states.cc | 19 +- deps/v8/src/compiler/frame-states.h | 4 + deps/v8/src/compiler/globals.h | 2 +- deps/v8/src/compiler/graph-assembler.cc | 21 +- deps/v8/src/compiler/graph-assembler.h | 6 +- deps/v8/src/compiler/heap-refs.cc | 470 +- deps/v8/src/compiler/heap-refs.h | 86 +- deps/v8/src/compiler/js-call-reducer.cc | 416 +- deps/v8/src/compiler/js-call-reducer.h | 1 + deps/v8/src/compiler/js-create-lowering.cc | 113 +- deps/v8/src/compiler/js-create-lowering.h | 7 +- deps/v8/src/compiler/js-generic-lowering.cc | 37 +- deps/v8/src/compiler/js-graph.cc | 7 +- deps/v8/src/compiler/js-heap-broker.cc | 92 +- deps/v8/src/compiler/js-heap-broker.h | 9 +- deps/v8/src/compiler/js-inlining-heuristic.cc | 58 +- deps/v8/src/compiler/js-intrinsic-lowering.cc | 30 +- deps/v8/src/compiler/js-intrinsic-lowering.h | 2 + .../js-native-context-specialization.cc | 117 +- .../js-native-context-specialization.h | 12 +- deps/v8/src/compiler/js-operator.cc | 145 +- deps/v8/src/compiler/js-operator.h | 158 +- deps/v8/src/compiler/js-type-hint-lowering.cc | 126 +- deps/v8/src/compiler/js-type-hint-lowering.h | 11 +- deps/v8/src/compiler/js-typed-lowering.cc | 367 +- deps/v8/src/compiler/js-typed-lowering.h | 2 + deps/v8/src/compiler/linkage.cc | 84 +- deps/v8/src/compiler/linkage.h | 23 +- .../v8/src/compiler/machine-graph-verifier.cc | 7 +- .../src/compiler/machine-operator-reducer.cc | 2 +- deps/v8/src/compiler/machine-operator.cc | 154 +- deps/v8/src/compiler/machine-operator.h | 8 +- deps/v8/src/compiler/memory-lowering.cc | 2 +- deps/v8/src/compiler/memory-optimizer.cc | 32 +- deps/v8/src/compiler/memory-optimizer.h | 6 +- deps/v8/src/compiler/node-matchers.h | 4 +- deps/v8/src/compiler/node-properties.cc | 10 +- deps/v8/src/compiler/opcodes.h | 54 +- deps/v8/src/compiler/operator-properties.cc | 2 + .../src/compiler/pair-load-store-reducer.cc | 94 - .../v8/src/compiler/pair-load-store-reducer.h | 46 - deps/v8/src/compiler/phase.h | 1 + deps/v8/src/compiler/pipeline-statistics.h | 16 + deps/v8/src/compiler/pipeline.cc | 141 +- deps/v8/src/compiler/processed-feedback.h | 21 + .../src/compiler/property-access-builder.cc | 5 +- deps/v8/src/compiler/raw-machine-assembler.cc | 11 +- deps/v8/src/compiler/raw-machine-assembler.h | 9 +- deps/v8/src/compiler/representation-change.cc | 8 +- deps/v8/src/compiler/revectorizer.cc | 38 +- deps/v8/src/compiler/schedule.h | 2 - .../compiler/simplified-lowering-verifier.cc | 9 +- deps/v8/src/compiler/simplified-lowering.cc | 73 +- .../compiler/simplified-operator-reducer.cc | 12 +- deps/v8/src/compiler/simplified-operator.cc | 23 +- deps/v8/src/compiler/simplified-operator.h | 18 +- .../src/compiler/turbofan-graph-visualizer.cc | 21 +- deps/v8/src/compiler/turbofan-typer.cc | 36 +- deps/v8/src/compiler/turbofan-types.cc | 14 +- .../src/compiler/turboshaft/access-builder.h | 26 + deps/v8/src/compiler/turboshaft/assembler.h | 1299 ++-- .../turboshaft/branch-elimination-reducer.h | 8 +- .../compiler/turboshaft/build-graph-phase.cc | 5 +- .../turboshaft/builtin-call-descriptors.h | 214 +- .../compiler/turboshaft/builtin-compiler.cc | 2 +- .../turboshaft/call-descriptors-util.h | 46 +- ...de-elimination-and-simplification-phase.cc | 14 +- .../src/compiler/turboshaft/copying-phase.h | 81 +- .../turboshaft/csa-effects-computation.cc | 3 +- .../turboshaft/dataview-lowering-reducer.h | 2 + .../turboshaft/decompression-optimization.cc | 4 +- .../turboshaft/define-assembler-macros.inc | 16 +- .../duplication-optimization-reducer.h | 26 +- .../fast-api-call-lowering-reducer.h | 13 +- .../src/compiler/turboshaft/graph-builder.cc | 107 +- .../compiler/turboshaft/graph-visualizer.cc | 4 + deps/v8/src/compiler/turboshaft/graph.cc | 9 + deps/v8/src/compiler/turboshaft/graph.h | 70 +- deps/v8/src/compiler/turboshaft/index.h | 61 +- ...truction-selection-normalization-reducer.h | 2 +- .../turboshaft/instruction-selection-phase.cc | 40 +- .../turboshaft/int64-lowering-reducer.h | 25 +- .../late-escape-analysis-reducer.cc | 2 +- .../late-load-elimination-reducer.cc | 72 +- .../late-load-elimination-reducer.h | 169 +- ...ion-phase.cc => load-elimination-phase.cc} | 13 +- ...imize-phase.h => load-elimination-phase.h} | 10 +- .../load-store-simplification-reducer.h | 72 +- .../load-store-verification-reducer.h | 117 + .../turboshaft/loop-peeling-reducer.h | 19 +- .../turboshaft/loop-unrolling-reducer.cc | 39 +- .../turboshaft/loop-unrolling-reducer.h | 58 +- .../turboshaft/machine-lowering-reducer-inl.h | 265 +- .../turboshaft/machine-optimization-reducer.h | 387 +- .../turboshaft/maglev-assert-types-reducer.h | 41 + ...-phase.cc => memory-optimization-phase.cc} | 4 +- ...on-phase.h => memory-optimization-phase.h} | 10 +- .../turboshaft/memory-optimization-reducer.h | 59 +- .../compiler/turboshaft/operation-matcher.h | 8 + deps/v8/src/compiler/turboshaft/operations.cc | 259 +- deps/v8/src/compiler/turboshaft/operations.h | 877 ++- deps/v8/src/compiler/turboshaft/opmasks.h | 7 + deps/v8/src/compiler/turboshaft/phase.cc | 10 +- deps/v8/src/compiler/turboshaft/phase.h | 40 +- deps/v8/src/compiler/turboshaft/pipelines.cc | 4 +- deps/v8/src/compiler/turboshaft/pipelines.h | 87 +- .../src/compiler/turboshaft/reducer-traits.h | 61 +- .../turboshaft/register-allocation-phase.h | 18 + .../src/compiler/turboshaft/representations.h | 11 +- .../turboshaft/runtime-call-descriptors.h | 83 +- .../turboshaft/select-lowering-reducer.h | 42 +- .../simplified-optimization-reducer.h | 114 +- .../store-store-elimination-reducer-inl.h | 58 +- deps/v8/src/compiler/turboshaft/string-view.h | 4 +- .../turbolev-early-lowering-reducer-inl.h | 63 +- .../turboshaft/turbolev-frontend-pipeline.cc | 333 +- .../turboshaft/turbolev-frontend-pipeline.h | 34 +- .../turboshaft/turbolev-graph-builder.cc | 1863 +++-- .../turboshaft/turbolev-graph-builder.h | 6 +- .../turboshaft/type-inference-analysis.h | 21 +- .../turboshaft/type-inference-reducer.h | 4 +- .../turboshaft/typed-optimizations-reducer.h | 12 +- deps/v8/src/compiler/turboshaft/typeswitch.h | 163 +- .../turboshaft/undef-assembler-macros.inc | 7 +- deps/v8/src/compiler/turboshaft/use-map.cc | 14 +- .../turboshaft/value-numbering-reducer.h | 68 +- .../compiler/turboshaft/variable-reducer.h | 36 + .../turboshaft/wasm-assembler-helpers.h | 28 - .../wasm-gc-typed-optimization-reducer.h | 31 +- .../turboshaft/wasm-in-js-inlining-phase.cc | 5 +- .../wasm-in-js-inlining-reducer-inl.h | 512 +- .../turboshaft/wasm-js-lowering-reducer.h | 32 +- .../wasm-load-elimination-reducer.h | 18 +- .../turboshaft/wasm-lowering-reducer.h | 286 +- .../compiler/turboshaft/wasm-revec-reducer.cc | 181 +- .../compiler/turboshaft/wasm-revec-reducer.h | 80 +- .../turboshaft/wasm-shuffle-reducer.cc | 567 +- .../turboshaft/wasm-shuffle-reducer.h | 386 +- .../turboshaft/wasm-turboshaft-compiler.cc | 7 - deps/v8/src/compiler/verifier.cc | 15 +- .../compiler/wasm-address-reassociation.cc | 20 +- .../src/compiler/wasm-address-reassociation.h | 2 +- .../src/compiler/wasm-compiler-definitions.cc | 40 +- .../src/compiler/wasm-compiler-definitions.h | 11 + deps/v8/src/compiler/wasm-compiler.cc | 56 +- deps/v8/src/compiler/wasm-compiler.h | 6 +- deps/v8/src/compiler/wasm-gc-lowering.cc | 9 +- deps/v8/src/compiler/wasm-graph-assembler.cc | 89 +- deps/v8/src/compiler/wasm-graph-assembler.h | 13 +- deps/v8/src/compiler/wasm-inlining-into-js.cc | 9 +- deps/v8/src/compiler/wasm-load-elimination.cc | 3 +- deps/v8/src/d8/OWNERS | 1 + deps/v8/src/d8/d8-console.cc | 22 +- deps/v8/src/d8/d8-posix.cc | 17 +- deps/v8/src/d8/d8-windows.cc | 4 +- deps/v8/src/d8/d8.cc | 607 +- deps/v8/src/d8/d8.h | 33 +- deps/v8/src/d8/hardware-watchpoints.cc | 647 ++ deps/v8/src/d8/hardware-watchpoints.h | 36 + deps/v8/src/date/date.cc | 2 +- deps/v8/src/date/date.h | 8 +- deps/v8/src/date/dateparser-inl.h | 5 +- deps/v8/src/debug/debug-coverage.cc | 6 +- deps/v8/src/debug/debug-evaluate.cc | 258 +- deps/v8/src/debug/debug-interface.cc | 60 +- deps/v8/src/debug/debug-interface.h | 2 - deps/v8/src/debug/debug-property-iterator.cc | 11 +- deps/v8/src/debug/debug-scopes.cc | 19 +- deps/v8/src/debug/debug-wasm-objects-inl.h | 2 - deps/v8/src/debug/debug-wasm-objects.cc | 117 +- deps/v8/src/debug/debug-wasm-objects.h | 4 - deps/v8/src/debug/debug.cc | 131 +- deps/v8/src/debug/debug.h | 12 +- deps/v8/src/debug/liveedit.cc | 48 +- .../src/debug/wasm/gdb-server/gdb-server.cc | 2 +- deps/v8/src/debug/wasm/gdb-server/target.cc | 2 + .../wasm/gdb-server/wasm-module-debug.cc | 10 +- deps/v8/src/deoptimizer/deoptimize-reason.h | 3 +- deps/v8/src/deoptimizer/deoptimizer.cc | 322 +- deps/v8/src/deoptimizer/deoptimizer.h | 94 +- .../deoptimizer/frame-translation-builder.cc | 15 +- .../deoptimizer/frame-translation-builder.h | 8 +- .../deoptimizer/materialized-object-store.cc | 50 +- .../deoptimizer/materialized-object-store.h | 6 +- .../deoptimizer/riscv/deoptimizer-riscv.cc | 1 + deps/v8/src/deoptimizer/translated-state.cc | 186 +- deps/v8/src/deoptimizer/translated-state.h | 41 +- deps/v8/src/diagnostics/arm64/disasm-arm64.cc | 60 +- deps/v8/src/diagnostics/arm64/disasm-arm64.h | 1 + .../src/diagnostics/basic-block-profiler.cc | 59 +- deps/v8/src/diagnostics/code-tracer.h | 2 +- deps/v8/src/diagnostics/disasm.h | 10 +- deps/v8/src/diagnostics/disassembler.cc | 12 +- .../src/diagnostics/loong64/disasm-loong64.cc | 2027 ++++-- deps/v8/src/diagnostics/objects-debug.cc | 737 +- deps/v8/src/diagnostics/objects-printer.cc | 921 ++- deps/v8/src/diagnostics/perf-jit.cc | 76 +- deps/v8/src/diagnostics/perf-jit.h | 2 - deps/v8/src/diagnostics/ppc/disasm-ppc.cc | 96 +- deps/v8/src/diagnostics/riscv/disasm-riscv.cc | 2 +- deps/v8/src/diagnostics/x64/disasm-x64.cc | 593 +- deps/v8/src/dumpling/OWNERS | 1 + deps/v8/src/dumpling/dumpling-manager.cc | 288 + deps/v8/src/dumpling/dumpling-manager.h | 181 + deps/v8/src/dumpling/object-dumping.cc | 570 ++ deps/v8/src/dumpling/object-dumping.h | 27 + deps/v8/src/execution/arguments.h | 1 + .../src/execution/arm/frame-constants-arm.h | 1 + deps/v8/src/execution/arm/simulator-arm.cc | 107 +- .../execution/arm64/frame-constants-arm64.h | 5 + .../arm64/pointer-authentication-arm64.h | 2 +- .../v8/src/execution/arm64/simulator-arm64.cc | 90 +- deps/v8/src/execution/arm64/simulator-arm64.h | 24 +- .../execution/arm64/simulator-logic-arm64.cc | 54 + deps/v8/src/execution/execution.cc | 41 +- deps/v8/src/execution/frame-constants.h | 193 +- deps/v8/src/execution/frames-inl.h | 130 +- deps/v8/src/execution/frames.cc | 694 +- deps/v8/src/execution/frames.h | 215 +- deps/v8/src/execution/futex-emulation.cc | 335 +- deps/v8/src/execution/futex-emulation.h | 118 +- .../src/execution/ia32/frame-constants-ia32.h | 1 + deps/v8/src/execution/isolate-data-fields.h | 212 + deps/v8/src/execution/isolate-data.h | 268 +- deps/v8/src/execution/isolate-inl.h | 2 +- deps/v8/src/execution/isolate.cc | 1271 ++-- deps/v8/src/execution/isolate.h | 154 +- deps/v8/src/execution/local-isolate-inl.h | 4 + deps/v8/src/execution/local-isolate.cc | 30 +- deps/v8/src/execution/local-isolate.h | 6 + .../loong64/frame-constants-loong64.h | 11 +- .../execution/loong64/simulator-loong64.cc | 183 +- .../src/execution/loong64/simulator-loong64.h | 27 +- deps/v8/src/execution/messages.cc | 54 +- .../execution/mips64/frame-constants-mips64.h | 5 + .../src/execution/mips64/simulator-mips64.cc | 39 +- .../execution/pointer-authentication-dummy.h | 2 +- .../v8/src/execution/pointer-authentication.h | 7 +- .../src/execution/ppc/frame-constants-ppc.h | 4 +- deps/v8/src/execution/ppc/simulator-ppc.cc | 73 +- deps/v8/src/execution/ppc/simulator-ppc.h | 9 + deps/v8/src/execution/protectors.h | 2 + .../execution/riscv/frame-constants-riscv.h | 13 +- .../src/execution/riscv/shadow-stack-riscv.cc | 45 + .../src/execution/riscv/shadow-stack-riscv.h | 63 + .../v8/src/execution/riscv/simulator-riscv.cc | 502 +- deps/v8/src/execution/riscv/simulator-riscv.h | 110 +- .../src/execution/s390/frame-constants-s390.h | 1 + deps/v8/src/execution/s390/simulator-s390.cc | 92 +- deps/v8/src/execution/s390/simulator-s390.h | 8 + deps/v8/src/execution/simulator.h | 18 +- deps/v8/src/execution/thread-local-top.h | 4 - deps/v8/src/execution/tiering-manager.cc | 6 +- deps/v8/src/execution/v8threads.cc | 2 +- .../src/execution/x64/frame-constants-x64.h | 1 + .../externalize-string-extension.cc | 56 +- .../extensions/externalize-string-extension.h | 1 - deps/v8/src/extensions/gc-extension.cc | 15 +- .../v8/src/extensions/statistics-extension.cc | 14 +- deps/v8/src/flags/flag-definitions.h | 764 ++- deps/v8/src/flags/flags-impl.h | 20 +- deps/v8/src/flags/flags.cc | 256 +- deps/v8/src/fuzzilli/cov.cc | 228 +- deps/v8/src/fuzzilli/cov.h | 2 +- deps/v8/src/fuzzilli/fuzzilli.cc | 25 + deps/v8/src/handles/handles.h | 3 +- deps/v8/src/handles/maybe-handles-inl.h | 71 +- deps/v8/src/handles/maybe-handles.h | 12 +- deps/v8/src/handles/traced-handles.cc | 53 +- deps/v8/src/handles/traced-handles.h | 16 +- deps/v8/src/heap/WRITE_BARRIER.md | 25 +- deps/v8/src/heap/allocation-stats.h | 11 +- deps/v8/src/heap/array-buffer-sweeper.cc | 29 +- deps/v8/src/heap/array-buffer-sweeper.h | 12 +- deps/v8/src/heap/base-page-inl.h | 72 + ...{memory-chunk-metadata.cc => base-page.cc} | 26 +- .../{memory-chunk-metadata.h => base-page.h} | 128 +- deps/v8/src/heap/base/bytes.h | 34 +- deps/v8/src/heap/base/memory-tagging.cc | 2 +- deps/v8/src/heap/base/stack.h | 8 +- deps/v8/src/heap/code-range.cc | 118 +- deps/v8/src/heap/concurrent-marking.cc | 45 +- deps/v8/src/heap/concurrent-marking.h | 2 +- .../src/heap/conservative-stack-visitor-inl.h | 15 +- deps/v8/src/heap/cppgc-js/cpp-heap.cc | 29 +- deps/v8/src/heap/cppgc-js/cpp-heap.h | 3 +- deps/v8/src/heap/cppgc-js/cpp-snapshot.cc | 107 +- deps/v8/src/heap/cppgc-js/cpp-snapshot.h | 5 +- deps/v8/src/heap/cppgc/caged-heap.cc | 34 +- deps/v8/src/heap/cppgc/compactor.cc | 4 +- deps/v8/src/heap/cppgc/concurrent-marker.cc | 5 + deps/v8/src/heap/cppgc/gc-invoker.cc | 2 +- deps/v8/src/heap/cppgc/heap-base.cc | 14 +- deps/v8/src/heap/cppgc/heap-base.h | 7 +- deps/v8/src/heap/cppgc/heap-config.h | 21 +- deps/v8/src/heap/cppgc/heap-object-header.h | 34 +- deps/v8/src/heap/cppgc/heap-page.h | 5 +- deps/v8/src/heap/cppgc/heap.cc | 5 +- deps/v8/src/heap/cppgc/logging.cc | 11 +- deps/v8/src/heap/cppgc/marker.cc | 5 +- deps/v8/src/heap/cppgc/marking-state.cc | 5 +- deps/v8/src/heap/cppgc/marking-verifier.h | 8 +- deps/v8/src/heap/cppgc/marking-worklists.h | 11 +- deps/v8/src/heap/cppgc/name-trait.cc | 14 +- deps/v8/src/heap/cppgc/object-allocator.cc | 2 +- deps/v8/src/heap/cppgc/object-start-bitmap.h | 9 +- deps/v8/src/heap/cppgc/page-memory.cc | 78 +- deps/v8/src/heap/cppgc/page-memory.h | 17 +- deps/v8/src/heap/cppgc/platform.cc | 13 +- deps/v8/src/heap/cppgc/stats-collector.h | 4 + deps/v8/src/heap/cppgc/sweeper.cc | 30 +- deps/v8/src/heap/ephemeron-remembered-set.h | 13 +- deps/v8/src/heap/evacuation-allocator-inl.h | 21 +- deps/v8/src/heap/evacuation-verifier.cc | 4 +- deps/v8/src/heap/factory-base.cc | 141 +- deps/v8/src/heap/factory-base.h | 81 +- deps/v8/src/heap/factory-inl.h | 6 +- deps/v8/src/heap/factory.cc | 881 ++- deps/v8/src/heap/factory.h | 173 +- deps/v8/src/heap/free-list-inl.h | 6 +- deps/v8/src/heap/free-list.cc | 30 +- deps/v8/src/heap/free-list.h | 21 +- deps/v8/src/heap/gc-callbacks.h | 9 +- deps/v8/src/heap/gc-tracer-inl.h | 29 +- deps/v8/src/heap/gc-tracer.cc | 97 +- deps/v8/src/heap/gc-tracer.h | 87 +- deps/v8/src/heap/heap-allocator-inl.h | 21 +- deps/v8/src/heap/heap-allocator.cc | 83 +- deps/v8/src/heap/heap-allocator.h | 17 +- deps/v8/src/heap/heap-controller.cc | 339 +- deps/v8/src/heap/heap-controller.h | 243 +- deps/v8/src/heap/heap-inl.h | 61 +- deps/v8/src/heap/heap-layout-inl.h | 20 +- deps/v8/src/heap/heap-layout-tracer.cc | 17 +- deps/v8/src/heap/heap-layout-tracer.h | 5 +- deps/v8/src/heap/heap-layout.cc | 2 +- deps/v8/src/heap/heap-layout.h | 8 +- deps/v8/src/heap/heap-verifier.cc | 70 +- deps/v8/src/heap/heap-verifier.h | 6 +- deps/v8/src/heap/heap-visitor.h | 3 + deps/v8/src/heap/heap-write-barrier-inl.h | 34 +- deps/v8/src/heap/heap-write-barrier.cc | 81 +- deps/v8/src/heap/heap-write-barrier.h | 10 + deps/v8/src/heap/heap.cc | 2228 +++--- deps/v8/src/heap/heap.h | 657 +- deps/v8/src/heap/incremental-marking-job.cc | 30 +- deps/v8/src/heap/incremental-marking-job.h | 6 +- deps/v8/src/heap/incremental-marking.cc | 138 +- deps/v8/src/heap/incremental-marking.h | 6 +- deps/v8/src/heap/large-page-inl.h | 24 + deps/v8/src/heap/large-page-metadata-inl.h | 25 - deps/v8/src/heap/large-page-metadata.h | 69 - .../{large-page-metadata.cc => large-page.cc} | 29 +- deps/v8/src/heap/large-page.h | 60 + deps/v8/src/heap/large-spaces.cc | 82 +- deps/v8/src/heap/large-spaces.h | 34 +- deps/v8/src/heap/live-object-range-inl.h | 4 +- deps/v8/src/heap/live-object-range.h | 10 +- deps/v8/src/heap/local-heap.cc | 22 +- deps/v8/src/heap/local-heap.h | 8 +- deps/v8/src/heap/main-allocator-inl.h | 26 +- deps/v8/src/heap/main-allocator.cc | 99 +- deps/v8/src/heap/main-allocator.h | 28 +- deps/v8/src/heap/mark-compact-inl.h | 17 +- deps/v8/src/heap/mark-compact.cc | 1780 ++--- deps/v8/src/heap/mark-compact.h | 77 +- deps/v8/src/heap/mark-sweep-utilities.cc | 27 +- deps/v8/src/heap/mark-sweep-utilities.h | 15 +- deps/v8/src/heap/marking-barrier-inl.h | 11 +- deps/v8/src/heap/marking-barrier.cc | 13 +- deps/v8/src/heap/marking-barrier.h | 6 +- deps/v8/src/heap/marking-inl.h | 67 +- deps/v8/src/heap/marking-state-inl.h | 6 +- deps/v8/src/heap/marking-state.h | 4 +- deps/v8/src/heap/marking-visitor-inl.h | 178 +- deps/v8/src/heap/marking-visitor.h | 5 +- deps/v8/src/heap/marking.h | 4 +- deps/v8/src/heap/memory-allocator.cc | 172 +- deps/v8/src/heap/memory-allocator.h | 68 +- deps/v8/src/heap/memory-balancer.cc | 9 +- deps/v8/src/heap/memory-chunk-inl.h | 39 +- deps/v8/src/heap/memory-chunk-metadata-inl.h | 48 - deps/v8/src/heap/memory-chunk.cc | 44 +- deps/v8/src/heap/memory-chunk.h | 171 +- deps/v8/src/heap/memory-measurement.cc | 26 +- deps/v8/src/heap/memory-measurement.h | 2 +- deps/v8/src/heap/memory-pool.cc | 454 +- deps/v8/src/heap/memory-pool.h | 132 +- deps/v8/src/heap/memory-reducer.cc | 40 +- deps/v8/src/heap/memory-reducer.h | 4 - deps/v8/src/heap/minor-gc-job.cc | 4 +- deps/v8/src/heap/minor-mark-sweep-inl.h | 2 +- deps/v8/src/heap/minor-mark-sweep.cc | 61 +- deps/v8/src/heap/minor-mark-sweep.h | 10 +- deps/v8/src/heap/mutable-page-inl.h | 107 + deps/v8/src/heap/mutable-page-metadata-inl.h | 135 - ...table-page-metadata.cc => mutable-page.cc} | 65 +- ...mutable-page-metadata.h => mutable-page.h} | 122 +- deps/v8/src/heap/new-spaces-inl.h | 14 +- deps/v8/src/heap/new-spaces.cc | 208 +- deps/v8/src/heap/new-spaces.h | 118 +- deps/v8/src/heap/normal-page-inl.h | 47 + .../heap/{page-metadata.cc => normal-page.cc} | 60 +- .../heap/{page-metadata.h => normal-page.h} | 80 +- deps/v8/src/heap/object-lock-inl.h | 10 +- deps/v8/src/heap/object-lock.h | 2 +- deps/v8/src/heap/object-stats.cc | 59 +- deps/v8/src/heap/object-stats.h | 4 +- deps/v8/src/heap/page-metadata-inl.h | 51 - deps/v8/src/heap/paged-spaces-inl.h | 10 +- deps/v8/src/heap/paged-spaces.cc | 120 +- deps/v8/src/heap/paged-spaces.h | 94 +- deps/v8/src/heap/parked-scope.h | 5 +- deps/v8/src/heap/pretenuring-handler-inl.h | 8 +- deps/v8/src/heap/pretenuring-handler.cc | 62 +- deps/v8/src/heap/read-only-heap-inl.h | 7 +- deps/v8/src/heap/read-only-heap.cc | 76 +- deps/v8/src/heap/read-only-heap.h | 26 +- deps/v8/src/heap/read-only-promotion.cc | 52 +- deps/v8/src/heap/read-only-spaces.cc | 159 +- deps/v8/src/heap/read-only-spaces.h | 53 +- deps/v8/src/heap/remembered-set.h | 56 +- deps/v8/src/heap/safepoint.cc | 74 +- deps/v8/src/heap/safepoint.h | 13 +- deps/v8/src/heap/scavenger.cc | 359 +- deps/v8/src/heap/setup-heap-internal.cc | 205 +- deps/v8/src/heap/slot-set.h | 2 +- deps/v8/src/heap/spaces-inl.h | 37 +- deps/v8/src/heap/spaces.cc | 2 +- deps/v8/src/heap/spaces.h | 72 +- deps/v8/src/heap/sweeper.cc | 221 +- deps/v8/src/heap/sweeper.h | 72 +- .../heap/traced-handles-marking-visitor.cc | 16 +- .../src/heap/traced-handles-marking-visitor.h | 2 +- deps/v8/src/heap/trusted-range.cc | 12 +- deps/v8/src/heap/weak-object-worklists.h | 2 +- .../young-generation-marking-visitor-inl.h | 49 +- .../heap/young-generation-marking-visitor.h | 12 +- deps/v8/src/heap/zapping.cc | 4 +- deps/v8/src/ic/accessor-assembler.cc | 957 ++- deps/v8/src/ic/accessor-assembler.h | 180 +- deps/v8/src/ic/handler-configuration-inl.h | 84 +- deps/v8/src/ic/handler-configuration.cc | 146 +- deps/v8/src/ic/handler-configuration.h | 102 +- deps/v8/src/ic/ic.cc | 661 +- deps/v8/src/ic/ic.h | 20 +- deps/v8/src/ic/keyed-store-generic.cc | 39 +- deps/v8/src/ic/stub-cache.h | 4 +- deps/v8/src/init/OWNERS | 1 + deps/v8/src/init/bootstrapper.cc | 501 +- deps/v8/src/init/bootstrapper.h | 5 + deps/v8/src/init/heap-symbols.h | 146 +- deps/v8/src/init/icu_util.cc | 5 + deps/v8/src/init/icu_util.h | 8 +- deps/v8/src/init/isolate-group.cc | 150 +- deps/v8/src/init/isolate-group.h | 43 +- deps/v8/src/init/v8.cc | 93 +- deps/v8/src/inspector/custom-preview.cc | 2 +- deps/v8/src/inspector/injected-script.cc | 4 +- deps/v8/src/inspector/injected-script.h | 9 + deps/v8/src/inspector/search-util.cc | 7 +- deps/v8/src/inspector/search-util.h | 4 +- .../v8/src/inspector/v8-console-agent-impl.cc | 12 +- deps/v8/src/inspector/v8-console-message.cc | 15 +- deps/v8/src/inspector/v8-console-message.h | 6 +- deps/v8/src/inspector/v8-console.cc | 37 +- deps/v8/src/inspector/v8-console.h | 6 +- .../src/inspector/v8-debugger-agent-impl.cc | 37 +- .../v8/src/inspector/v8-debugger-agent-impl.h | 2 +- deps/v8/src/inspector/v8-debugger-script.cc | 4 +- deps/v8/src/inspector/v8-debugger-script.h | 6 +- deps/v8/src/inspector/v8-debugger.cc | 25 +- .../inspector/v8-heap-profiler-agent-impl.cc | 5 +- deps/v8/src/inspector/v8-inspector-impl.cc | 66 +- deps/v8/src/inspector/v8-inspector-impl.h | 16 +- .../inspector/v8-inspector-session-impl.cc | 8 +- .../src/inspector/v8-inspector-session-impl.h | 13 +- .../src/inspector/v8-profiler-agent-impl.cc | 18 +- .../v8/src/inspector/v8-runtime-agent-impl.cc | 102 +- deps/v8/src/inspector/value-mirror.cc | 56 +- .../src/interpreter/bytecode-array-builder.cc | 65 +- .../src/interpreter/bytecode-array-builder.h | 26 +- .../interpreter/bytecode-array-iterator.cc | 172 +- .../src/interpreter/bytecode-array-iterator.h | 72 +- .../src/interpreter/bytecode-array-writer.cc | 112 +- .../src/interpreter/bytecode-array-writer.h | 7 +- deps/v8/src/interpreter/bytecode-decoder.cc | 69 +- deps/v8/src/interpreter/bytecode-decoder.h | 9 + .../interpreter/bytecode-flags-and-tokens.cc | 4 + .../interpreter/bytecode-flags-and-tokens.h | 1 + deps/v8/src/interpreter/bytecode-generator.cc | 364 +- deps/v8/src/interpreter/bytecode-generator.h | 58 +- deps/v8/src/interpreter/bytecode-jump-table.h | 13 +- deps/v8/src/interpreter/bytecode-operands.h | 25 +- deps/v8/src/interpreter/bytecodes.h | 309 +- .../src/interpreter/constant-array-builder.cc | 17 +- .../src/interpreter/control-flow-builders.cc | 3 +- .../src/interpreter/handler-table-builder.cc | 6 +- .../src/interpreter/interpreter-assembler.cc | 146 +- .../src/interpreter/interpreter-assembler.h | 37 +- .../interpreter/interpreter-generator-tsa.cc | 12 +- .../src/interpreter/interpreter-generator.cc | 247 +- deps/v8/src/interpreter/interpreter.cc | 16 +- .../prototype-assignment-sequence-builder.cc | 9 +- .../prototype-assignment-sequence-builder.h | 14 +- deps/v8/src/json/json-parser.cc | 791 +-- deps/v8/src/json/json-parser.h | 126 +- deps/v8/src/json/json-stringifier.cc | 78 +- .../libplatform/tracing/tracing-controller.cc | 47 +- deps/v8/src/libsampler/sampler.cc | 3 +- deps/v8/src/logging/code-events.h | 9 +- deps/v8/src/logging/counters-definitions.h | 11 +- deps/v8/src/logging/log-file.cc | 2 - deps/v8/src/logging/log.cc | 74 +- deps/v8/src/logging/log.h | 12 +- deps/v8/src/logging/runtime-call-stats.h | 23 +- .../src/maglev/arm/maglev-assembler-arm-inl.h | 104 +- .../v8/src/maglev/arm/maglev-assembler-arm.cc | 28 +- deps/v8/src/maglev/arm/maglev-ir-arm.cc | 371 +- .../maglev/arm64/maglev-assembler-arm64-inl.h | 104 +- .../maglev/arm64/maglev-assembler-arm64.cc | 25 +- deps/v8/src/maglev/arm64/maglev-ir-arm64.cc | 382 +- deps/v8/src/maglev/hamt.h | 513 ++ .../loong64/maglev-assembler-loong64-inl.h | 1849 +++++ .../loong64/maglev-assembler-loong64.cc | 690 ++ .../src/maglev/loong64/maglev-ir-loong64.cc | 1270 ++++ deps/v8/src/maglev/maglev-assembler-inl.h | 33 +- deps/v8/src/maglev/maglev-assembler.cc | 205 +- deps/v8/src/maglev/maglev-assembler.h | 74 +- deps/v8/src/maglev/maglev-code-generator.cc | 52 +- deps/v8/src/maglev/maglev-compilation-info.cc | 24 +- deps/v8/src/maglev/maglev-compilation-info.h | 120 +- deps/v8/src/maglev/maglev-compiler.cc | 5 +- .../src/maglev/maglev-deopt-frame-visitor.h | 12 +- deps/v8/src/maglev/maglev-graph-builder.cc | 6000 +++++++++------- deps/v8/src/maglev/maglev-graph-builder.h | 564 +- deps/v8/src/maglev/maglev-graph-labeller.h | 25 + deps/v8/src/maglev/maglev-graph-optimizer.cc | 1172 +++- deps/v8/src/maglev/maglev-graph-optimizer.h | 56 +- deps/v8/src/maglev/maglev-graph-printer.cc | 91 +- deps/v8/src/maglev/maglev-graph-printer.h | 4 + deps/v8/src/maglev/maglev-graph-processor.h | 5 + deps/v8/src/maglev/maglev-graph.cc | 71 +- deps/v8/src/maglev/maglev-graph.h | 58 +- deps/v8/src/maglev/maglev-inlining.cc | 212 +- deps/v8/src/maglev/maglev-inlining.h | 16 +- .../maglev/maglev-interpreter-frame-state.cc | 314 +- .../maglev/maglev-interpreter-frame-state.h | 85 +- deps/v8/src/maglev/maglev-ir-inl.h | 27 +- deps/v8/src/maglev/maglev-ir.cc | 3209 +++++---- deps/v8/src/maglev/maglev-ir.h | 6026 ++++++----------- deps/v8/src/maglev/maglev-kna-processor.h | 161 +- .../src/maglev/maglev-known-node-aspects.cc | 291 +- .../v8/src/maglev/maglev-known-node-aspects.h | 472 +- deps/v8/src/maglev/maglev-map-inference.h | 121 + deps/v8/src/maglev/maglev-node-type.cc | 168 + deps/v8/src/maglev/maglev-node-type.h | 294 + .../maglev-phi-representation-selector.cc | 1185 +++- .../maglev-phi-representation-selector.h | 107 +- ...maglev-post-hoc-optimizations-processors.h | 45 +- deps/v8/src/maglev/maglev-range-analysis.h | 704 +- .../src/maglev/maglev-range-verification.cc | 65 + .../v8/src/maglev/maglev-range-verification.h | 38 + deps/v8/src/maglev/maglev-range.h | 403 ++ deps/v8/src/maglev/maglev-reducer-inl.h | 1739 ++++- deps/v8/src/maglev/maglev-reducer.h | 288 +- .../v8/src/maglev/maglev-regalloc-node-info.h | 23 +- deps/v8/src/maglev/maglev-regalloc.cc | 57 +- deps/v8/src/maglev/maglev-regalloc.h | 2 +- deps/v8/src/maglev/maglev-tracer.h | 234 + deps/v8/src/maglev/maglev-truncation.cc | 80 +- deps/v8/src/maglev/maglev-truncation.h | 142 +- .../src/maglev/ppc/maglev-assembler-ppc-inl.h | 189 +- .../v8/src/maglev/ppc/maglev-assembler-ppc.cc | 27 +- deps/v8/src/maglev/ppc/maglev-ir-ppc.cc | 450 +- .../maglev/riscv/maglev-assembler-riscv-inl.h | 160 +- .../maglev/riscv/maglev-assembler-riscv.cc | 35 +- deps/v8/src/maglev/riscv/maglev-ir-riscv.cc | 390 +- .../maglev/s390/maglev-assembler-s390-inl.h | 171 +- .../src/maglev/s390/maglev-assembler-s390.cc | 24 +- deps/v8/src/maglev/s390/maglev-ir-s390.cc | 390 +- .../src/maglev/x64/maglev-assembler-x64-inl.h | 120 +- .../v8/src/maglev/x64/maglev-assembler-x64.cc | 21 +- deps/v8/src/maglev/x64/maglev-ir-x64.cc | 358 +- deps/v8/src/numbers/conversions-inl.h | 4 +- deps/v8/src/numbers/conversions.cc | 12 +- deps/v8/src/numbers/conversions.h | 2 +- deps/v8/src/numbers/math-random.cc | 5 +- deps/v8/src/objects/abstract-code-inl.h | 12 +- deps/v8/src/objects/abstract-code.h | 1 + deps/v8/src/objects/allocation-site-inl.h | 17 - deps/v8/src/objects/allocation-site.h | 18 +- deps/v8/src/objects/api-callbacks-inl.h | 140 +- deps/v8/src/objects/api-callbacks.h | 103 +- deps/v8/src/objects/api-callbacks.tq | 15 +- deps/v8/src/objects/arguments-inl.h | 20 +- deps/v8/src/objects/arguments.h | 34 +- deps/v8/src/objects/arguments.tq | 1 + deps/v8/src/objects/backing-store.cc | 120 +- deps/v8/src/objects/backing-store.h | 55 +- deps/v8/src/objects/bigint.cc | 281 +- deps/v8/src/objects/bigint.h | 47 +- deps/v8/src/objects/bytecode-array-inl.h | 55 +- deps/v8/src/objects/bytecode-array.cc | 49 +- deps/v8/src/objects/bytecode-array.h | 32 +- deps/v8/src/objects/bytecode-array.tq | 3 +- deps/v8/src/objects/call-site-info-inl.h | 51 +- deps/v8/src/objects/call-site-info.cc | 80 +- deps/v8/src/objects/call-site-info.h | 69 +- deps/v8/src/objects/call-site-info.tq | 7 +- deps/v8/src/objects/casting.h | 182 +- deps/v8/src/objects/cell-inl.h | 32 +- deps/v8/src/objects/cell.h | 34 +- deps/v8/src/objects/cell.tq | 1 + deps/v8/src/objects/code-inl.h | 34 +- deps/v8/src/objects/code.cc | 31 +- deps/v8/src/objects/code.h | 20 +- .../src/objects/compilation-cache-table-inl.h | 6 +- .../v8/src/objects/compilation-cache-table.cc | 46 +- deps/v8/src/objects/contexts-inl.h | 44 +- deps/v8/src/objects/contexts.cc | 22 +- deps/v8/src/objects/contexts.h | 81 +- deps/v8/src/objects/contexts.tq | 6 +- .../objects/cpp-heap-external-object-inl.h | 7 - deps/v8/src/objects/debug-objects-inl.h | 26 +- deps/v8/src/objects/debug-objects.cc | 68 +- deps/v8/src/objects/debug-objects.h | 8 +- deps/v8/src/objects/debug-objects.tq | 8 +- deps/v8/src/objects/deoptimization-data-inl.h | 18 +- deps/v8/src/objects/deoptimization-data.cc | 26 +- deps/v8/src/objects/deoptimization-data.h | 2 +- deps/v8/src/objects/dependent-code-inl.h | 2 - deps/v8/src/objects/dependent-code.cc | 8 +- deps/v8/src/objects/dependent-code.h | 2 - deps/v8/src/objects/descriptor-array-inl.h | 75 +- deps/v8/src/objects/descriptor-array.h | 56 +- deps/v8/src/objects/descriptor-array.tq | 1 + deps/v8/src/objects/dictionary-inl.h | 50 +- deps/v8/src/objects/dictionary.h | 13 +- deps/v8/src/objects/elements-kind.h | 12 +- deps/v8/src/objects/elements.cc | 815 ++- deps/v8/src/objects/elements.h | 9 +- deps/v8/src/objects/embedder-data-array-inl.h | 2 - deps/v8/src/objects/feedback-cell-inl.h | 60 +- deps/v8/src/objects/feedback-cell.h | 35 +- deps/v8/src/objects/feedback-cell.tq | 1 + deps/v8/src/objects/feedback-vector-inl.h | 54 +- deps/v8/src/objects/feedback-vector.cc | 138 +- deps/v8/src/objects/feedback-vector.h | 23 +- deps/v8/src/objects/field-index-inl.h | 55 +- deps/v8/src/objects/field-index.h | 56 +- deps/v8/src/objects/fixed-array-inl.h | 483 +- deps/v8/src/objects/fixed-array.cc | 140 +- deps/v8/src/objects/fixed-array.h | 400 +- deps/v8/src/objects/fixed-array.tq | 10 +- deps/v8/src/objects/foreign-inl.h | 36 +- deps/v8/src/objects/foreign.h | 49 +- deps/v8/src/objects/foreign.tq | 1 + deps/v8/src/objects/function-kind.h | 38 +- deps/v8/src/objects/hash-table-inl.h | 12 +- deps/v8/src/objects/hash-table.h | 1 + deps/v8/src/objects/heap-object-inl.h | 25 +- deps/v8/src/objects/heap-object.h | 105 +- deps/v8/src/objects/hole.h | 19 +- deps/v8/src/objects/hole.tq | 6 +- deps/v8/src/objects/instance-type.h | 36 +- deps/v8/src/objects/instruction-stream-inl.h | 16 +- deps/v8/src/objects/instruction-stream.cc | 13 + deps/v8/src/objects/instruction-stream.h | 4 +- deps/v8/src/objects/internal-index.h | 9 +- deps/v8/src/objects/intl-objects.cc | 253 +- deps/v8/src/objects/intl-objects.h | 58 +- deps/v8/src/objects/intl-objects.tq | 158 +- deps/v8/src/objects/js-array-buffer-inl.h | 96 +- deps/v8/src/objects/js-array-buffer.cc | 176 +- deps/v8/src/objects/js-array-buffer.h | 105 +- deps/v8/src/objects/js-array-buffer.tq | 24 +- deps/v8/src/objects/js-array-inl.h | 14 +- deps/v8/src/objects/js-array.h | 13 +- deps/v8/src/objects/js-array.tq | 6 +- .../objects/js-atomics-synchronization-inl.h | 6 - .../src/objects/js-atomics-synchronization.cc | 913 +-- .../src/objects/js-atomics-synchronization.h | 102 +- deps/v8/src/objects/js-break-iterator-inl.h | 10 +- deps/v8/src/objects/js-break-iterator.cc | 47 +- deps/v8/src/objects/js-break-iterator.h | 4 +- deps/v8/src/objects/js-break-iterator.tq | 3 +- deps/v8/src/objects/js-collator-inl.h | 4 +- deps/v8/src/objects/js-collator.cc | 56 +- deps/v8/src/objects/js-collator.h | 4 +- deps/v8/src/objects/js-collection-inl.h | 25 - .../src/objects/js-collection-iterator-inl.h | 4 +- .../src/objects/js-data-object-builder-inl.h | 634 ++ deps/v8/src/objects/js-data-object-builder.cc | 88 + deps/v8/src/objects/js-data-object-builder.h | 190 + deps/v8/src/objects/js-date-time-format-inl.h | 2 - deps/v8/src/objects/js-date-time-format.cc | 438 +- deps/v8/src/objects/js-date-time-format.h | 10 +- deps/v8/src/objects/js-display-names-inl.h | 1 - deps/v8/src/objects/js-display-names.cc | 16 +- deps/v8/src/objects/js-display-names.h | 4 +- deps/v8/src/objects/js-disposable-stack-inl.h | 8 +- deps/v8/src/objects/js-duration-format-inl.h | 2 - deps/v8/src/objects/js-duration-format.cc | 150 +- deps/v8/src/objects/js-function-inl.h | 149 +- deps/v8/src/objects/js-function.cc | 89 +- deps/v8/src/objects/js-function.h | 82 +- deps/v8/src/objects/js-function.tq | 27 +- deps/v8/src/objects/js-generator-inl.h | 37 +- deps/v8/src/objects/js-generator.h | 27 +- deps/v8/src/objects/js-generator.tq | 5 + deps/v8/src/objects/js-iterator-helpers-inl.h | 9 +- deps/v8/src/objects/js-iterator-helpers.h | 63 +- deps/v8/src/objects/js-iterator-helpers.tq | 50 +- deps/v8/src/objects/js-list-format-inl.h | 2 - deps/v8/src/objects/js-list-format.cc | 12 +- deps/v8/src/objects/js-list-format.h | 8 +- deps/v8/src/objects/js-locale-inl.h | 2 - deps/v8/src/objects/js-locale.cc | 50 +- deps/v8/src/objects/js-number-format-inl.h | 2 - deps/v8/src/objects/js-number-format.cc | 125 +- deps/v8/src/objects/js-number-format.h | 18 +- deps/v8/src/objects/js-objects-inl.h | 73 +- deps/v8/src/objects/js-objects.cc | 476 +- deps/v8/src/objects/js-objects.h | 52 +- deps/v8/src/objects/js-objects.tq | 27 +- deps/v8/src/objects/js-plural-rules-inl.h | 2 - deps/v8/src/objects/js-plural-rules.cc | 19 +- deps/v8/src/objects/js-promise-inl.h | 5 +- deps/v8/src/objects/js-promise.h | 20 +- deps/v8/src/objects/js-promise.tq | 2 +- deps/v8/src/objects/js-proxy-inl.h | 6 +- deps/v8/src/objects/js-proxy.h | 9 +- deps/v8/src/objects/js-raw-json-inl.h | 2 - deps/v8/src/objects/js-raw-json.cc | 2 +- deps/v8/src/objects/js-raw-json.h | 6 +- deps/v8/src/objects/js-regexp-inl.h | 27 +- .../objects/js-regexp-string-iterator-inl.h | 4 +- deps/v8/src/objects/js-regexp.cc | 207 +- deps/v8/src/objects/js-regexp.h | 81 +- deps/v8/src/objects/js-regexp.tq | 20 +- .../src/objects/js-relative-time-format-inl.h | 2 - .../v8/src/objects/js-relative-time-format.cc | 12 +- deps/v8/src/objects/js-relative-time-format.h | 6 +- deps/v8/src/objects/js-segment-iterator-inl.h | 10 +- deps/v8/src/objects/js-segment-iterator.cc | 43 +- deps/v8/src/objects/js-segment-iterator.h | 16 +- deps/v8/src/objects/js-segment-iterator.tq | 3 +- deps/v8/src/objects/js-segmenter-inl.h | 2 - deps/v8/src/objects/js-segmenter.cc | 2 +- deps/v8/src/objects/js-segmenter.h | 2 +- deps/v8/src/objects/js-segments-inl.h | 8 +- deps/v8/src/objects/js-segments.cc | 41 +- deps/v8/src/objects/js-segments.h | 14 +- deps/v8/src/objects/js-segments.tq | 3 +- deps/v8/src/objects/js-shadow-realm-inl.h | 2 - deps/v8/src/objects/js-shared-array-inl.h | 2 - deps/v8/src/objects/js-struct-inl.h | 4 - deps/v8/src/objects/js-struct.cc | 59 +- deps/v8/src/objects/js-temporal-helpers.cc | 12 +- deps/v8/src/objects/js-temporal-helpers.h | 10 +- deps/v8/src/objects/js-temporal-objects-inl.h | 29 +- deps/v8/src/objects/js-temporal-objects.cc | 543 +- deps/v8/src/objects/js-temporal-objects.h | 290 +- deps/v8/src/objects/js-weak-refs-inl.h | 5 +- deps/v8/src/objects/js-weak-refs.cc | 2 +- deps/v8/src/objects/keys.cc | 200 +- deps/v8/src/objects/keys.h | 25 +- deps/v8/src/objects/literal-objects-inl.h | 174 +- deps/v8/src/objects/literal-objects.cc | 12 +- deps/v8/src/objects/literal-objects.h | 175 +- deps/v8/src/objects/literal-objects.tq | 13 +- deps/v8/src/objects/lookup-inl.h | 39 +- deps/v8/src/objects/lookup.cc | 139 +- deps/v8/src/objects/lookup.h | 38 +- deps/v8/src/objects/managed-inl.h | 19 +- deps/v8/src/objects/managed.cc | 29 +- deps/v8/src/objects/managed.h | 127 +- deps/v8/src/objects/map-inl.h | 94 +- deps/v8/src/objects/map-updater.cc | 123 +- deps/v8/src/objects/map-updater.h | 7 + deps/v8/src/objects/map.cc | 334 +- deps/v8/src/objects/map.h | 76 +- deps/v8/src/objects/map.tq | 25 +- deps/v8/src/objects/megadom-handler-inl.h | 4 +- deps/v8/src/objects/microtask-inl.h | 53 +- deps/v8/src/objects/microtask.h | 120 +- deps/v8/src/objects/microtask.tq | 15 +- deps/v8/src/objects/module-inl.h | 75 +- deps/v8/src/objects/module.cc | 142 +- deps/v8/src/objects/module.h | 99 +- deps/v8/src/objects/module.tq | 7 +- deps/v8/src/objects/name-inl.h | 58 +- deps/v8/src/objects/name.h | 102 +- deps/v8/src/objects/name.tq | 11 +- deps/v8/src/objects/number-string-cache-inl.h | 6 +- deps/v8/src/objects/number-string-cache.h | 9 +- deps/v8/src/objects/object-list-macros.h | 19 +- deps/v8/src/objects/object-macros-undef.h | 2 - deps/v8/src/objects/object-macros.h | 179 +- deps/v8/src/objects/object-type.cc | 19 +- .../objects/objects-body-descriptors-inl.h | 220 +- .../v8/src/objects/objects-body-descriptors.h | 28 +- deps/v8/src/objects/objects-definitions.h | 3 + deps/v8/src/objects/objects-inl.h | 402 +- deps/v8/src/objects/objects.cc | 570 +- deps/v8/src/objects/objects.h | 22 +- deps/v8/src/objects/oddball.h | 4 + deps/v8/src/objects/off-heap-hash-table-inl.h | 12 + deps/v8/src/objects/off-heap-hash-table.h | 2 + deps/v8/src/objects/option-utils.cc | 10 +- deps/v8/src/objects/option-utils.h | 16 +- deps/v8/src/objects/ordered-hash-table-inl.h | 11 - deps/v8/src/objects/ordered-hash-table.cc | 19 +- deps/v8/src/objects/ordered-hash-table.h | 4 +- deps/v8/src/objects/promise-inl.h | 137 +- deps/v8/src/objects/promise.h | 191 +- deps/v8/src/objects/promise.tq | 23 +- deps/v8/src/objects/property-array-inl.h | 37 +- deps/v8/src/objects/property-array.h | 14 +- deps/v8/src/objects/property-cell-inl.h | 2 - .../objects/property-descriptor-object-inl.h | 24 +- .../src/objects/property-descriptor-object.h | 36 +- .../src/objects/property-descriptor-object.tq | 1 + deps/v8/src/objects/property-descriptor.cc | 40 +- deps/v8/src/objects/property-details.h | 85 +- deps/v8/src/objects/property.cc | 43 +- deps/v8/src/objects/property.h | 38 +- deps/v8/src/objects/prototype-info-inl.h | 102 +- deps/v8/src/objects/prototype-info.h | 69 +- deps/v8/src/objects/prototype-info.tq | 5 + deps/v8/src/objects/regexp-match-info.cc | 13 +- deps/v8/src/objects/regexp-match-info.h | 2 +- deps/v8/src/objects/scope-info-inl.h | 6 +- deps/v8/src/objects/scope-info.cc | 211 +- deps/v8/src/objects/scope-info.h | 22 +- deps/v8/src/objects/scope-info.tq | 10 +- deps/v8/src/objects/script-inl.h | 15 +- deps/v8/src/objects/script.cc | 39 +- deps/v8/src/objects/script.h | 8 +- deps/v8/src/objects/script.tq | 1 + .../v8/src/objects/shared-function-info-inl.h | 145 +- deps/v8/src/objects/shared-function-info.cc | 110 +- deps/v8/src/objects/shared-function-info.h | 31 +- deps/v8/src/objects/shared-function-info.tq | 6 +- deps/v8/src/objects/simd.cc | 2 +- deps/v8/src/objects/slots-inl.h | 51 +- deps/v8/src/objects/slots.h | 115 +- deps/v8/src/objects/smi.h | 13 + deps/v8/src/objects/source-text-module-inl.h | 161 +- deps/v8/src/objects/source-text-module.cc | 269 +- deps/v8/src/objects/source-text-module.h | 176 +- deps/v8/src/objects/source-text-module.tq | 3 + .../src/objects/string-forwarding-table-inl.h | 13 +- .../v8/src/objects/string-forwarding-table.cc | 10 +- deps/v8/src/objects/string-forwarding-table.h | 8 +- deps/v8/src/objects/string-inl.h | 109 +- deps/v8/src/objects/string-table.cc | 94 +- deps/v8/src/objects/string-table.h | 12 +- deps/v8/src/objects/string.cc | 116 +- deps/v8/src/objects/string.h | 66 +- deps/v8/src/objects/struct-inl.h | 16 +- deps/v8/src/objects/struct.h | 6 + .../v8/src/objects/swiss-hash-table-helpers.h | 6 +- .../src/objects/swiss-hash-table-helpers.tq | 6 +- .../src/objects/swiss-name-dictionary-inl.h | 14 +- deps/v8/src/objects/synthetic-module-inl.h | 22 +- deps/v8/src/objects/synthetic-module.cc | 14 +- deps/v8/src/objects/synthetic-module.h | 31 +- deps/v8/src/objects/synthetic-module.tq | 1 + deps/v8/src/objects/tagged-field.h | 33 +- deps/v8/src/objects/tagged-impl.cc | 9 +- deps/v8/src/objects/tagged.h | 474 +- deps/v8/src/objects/template-objects-inl.h | 16 +- deps/v8/src/objects/template-objects.cc | 6 +- deps/v8/src/objects/template-objects.h | 25 +- deps/v8/src/objects/template-objects.tq | 1 + deps/v8/src/objects/templates-inl.h | 137 +- deps/v8/src/objects/templates.cc | 27 +- deps/v8/src/objects/templates.h | 111 +- deps/v8/src/objects/templates.tq | 7 +- deps/v8/src/objects/transitions-inl.h | 41 +- deps/v8/src/objects/transitions.cc | 89 +- deps/v8/src/objects/transitions.h | 32 +- deps/v8/src/objects/trusted-object-inl.h | 75 +- deps/v8/src/objects/trusted-object.h | 46 +- deps/v8/src/objects/trusted-pointer-inl.h | 221 + deps/v8/src/objects/trusted-pointer.h | 185 + deps/v8/src/objects/turboshaft-types-inl.h | 14 - deps/v8/src/objects/union.h | 14 +- deps/v8/src/objects/value-serializer.cc | 176 +- deps/v8/src/objects/value-serializer.h | 3 +- deps/v8/src/objects/visitors.h | 5 + deps/v8/src/objects/waiter-queue-node.cc | 113 +- deps/v8/src/objects/waiter-queue-node.h | 43 +- deps/v8/src/parsing/expression-scope.h | 16 +- deps/v8/src/parsing/parse-info.cc | 12 +- deps/v8/src/parsing/parse-info.h | 11 +- deps/v8/src/parsing/parser-base.h | 173 +- deps/v8/src/parsing/parser.cc | 163 +- deps/v8/src/parsing/parser.h | 11 +- .../pending-compilation-error-handler.cc | 8 + deps/v8/src/parsing/preparser.cc | 33 +- deps/v8/src/parsing/preparser.h | 21 +- deps/v8/src/parsing/rewriter.cc | 33 +- .../src/parsing/scanner-character-streams.cc | 6 +- deps/v8/src/parsing/scanner.cc | 10 +- deps/v8/src/parsing/scanner.h | 6 +- deps/v8/src/parsing/token.h | 4 + deps/v8/src/profiler/allocation-tracker.cc | 6 +- deps/v8/src/profiler/cpu-profiler.cc | 3 +- deps/v8/src/profiler/heap-profiler.cc | 50 +- deps/v8/src/profiler/heap-profiler.h | 21 +- deps/v8/src/profiler/heap-snapshot-common.h | 10 +- .../profiler/heap-snapshot-generator-inl.h | 75 - .../src/profiler/heap-snapshot-generator.cc | 663 +- .../v8/src/profiler/heap-snapshot-generator.h | 91 +- deps/v8/src/profiler/output-stream-writer.h | 4 +- deps/v8/src/profiler/profile-generator.cc | 43 +- deps/v8/src/profiler/profiler-listener.cc | 15 +- deps/v8/src/profiler/profiler-listener.h | 4 +- .../v8/src/profiler/sampling-heap-profiler.cc | 7 +- deps/v8/src/profiler/strings-storage.cc | 2 +- deps/v8/src/profiler/tick-sample.cc | 10 +- deps/v8/src/profiler/tracing-cpu-profiler.cc | 6 +- .../regexp/arm/regexp-macro-assembler-arm.cc | 162 +- .../regexp/arm/regexp-macro-assembler-arm.h | 15 +- .../arm64/regexp-macro-assembler-arm64.cc | 507 +- .../arm64/regexp-macro-assembler-arm64.h | 24 +- .../experimental/experimental-bytecode.cc | 64 +- .../experimental/experimental-bytecode.h | 117 +- .../experimental/experimental-compiler.cc | 311 +- .../experimental/experimental-compiler.h | 14 +- .../experimental/experimental-interpreter.cc | 154 +- .../experimental/experimental-interpreter.h | 5 +- .../src/regexp/experimental/experimental.cc | 71 +- .../v8/src/regexp/experimental/experimental.h | 11 +- deps/v8/src/regexp/gen-regexp-special-case.cc | 18 +- .../ia32/regexp-macro-assembler-ia32.cc | 201 +- .../regexp/ia32/regexp-macro-assembler-ia32.h | 15 +- .../loong64/regexp-macro-assembler-loong64.cc | 99 +- .../loong64/regexp-macro-assembler-loong64.h | 15 +- .../mips64/regexp-macro-assembler-mips64.cc | 137 +- .../mips64/regexp-macro-assembler-mips64.h | 15 +- .../regexp/ppc/regexp-macro-assembler-ppc.cc | 138 +- .../regexp/ppc/regexp-macro-assembler-ppc.h | 15 +- deps/v8/src/regexp/regexp-ast-printer.cc | 258 + deps/v8/src/regexp/regexp-ast-printer.h | 57 + deps/v8/src/regexp/regexp-ast.cc | 415 +- deps/v8/src/regexp/regexp-ast.h | 367 +- .../v8/src/regexp/regexp-bytecode-analysis.cc | 512 ++ deps/v8/src/regexp/regexp-bytecode-analysis.h | 122 + .../regexp/regexp-bytecode-generator-inl.h | 93 +- .../src/regexp/regexp-bytecode-generator.cc | 724 +- .../v8/src/regexp/regexp-bytecode-generator.h | 163 +- .../src/regexp/regexp-bytecode-iterator-inl.h | 27 +- .../v8/src/regexp/regexp-bytecode-iterator.cc | 29 +- deps/v8/src/regexp/regexp-bytecode-iterator.h | 16 +- .../v8/src/regexp/regexp-bytecode-peephole.cc | 1298 ++-- deps/v8/src/regexp/regexp-bytecode-peephole.h | 19 +- deps/v8/src/regexp/regexp-bytecodes-inl.h | 330 +- deps/v8/src/regexp/regexp-bytecodes.cc | 99 +- deps/v8/src/regexp/regexp-bytecodes.h | 696 +- deps/v8/src/regexp/regexp-code-generator.cc | 391 +- deps/v8/src/regexp/regexp-code-generator.h | 28 +- deps/v8/src/regexp/regexp-compiler-tonode.cc | 763 ++- deps/v8/src/regexp/regexp-compiler.cc | 1386 ++-- deps/v8/src/regexp/regexp-compiler.h | 164 +- deps/v8/src/regexp/regexp-dotprinter.cc | 37 +- deps/v8/src/regexp/regexp-dotprinter.h | 8 +- deps/v8/src/regexp/regexp-error.cc | 10 +- deps/v8/src/regexp/regexp-error.h | 12 +- deps/v8/src/regexp/regexp-flags.h | 32 +- deps/v8/src/regexp/regexp-graph-printer.cc | 651 ++ deps/v8/src/regexp/regexp-graph-printer.h | 94 + deps/v8/src/regexp/regexp-interpreter.cc | 946 +-- deps/v8/src/regexp/regexp-interpreter.h | 3 + .../regexp/regexp-macro-assembler-tracer.cc | 133 +- .../regexp/regexp-macro-assembler-tracer.h | 20 +- deps/v8/src/regexp/regexp-macro-assembler.cc | 124 +- deps/v8/src/regexp/regexp-macro-assembler.h | 99 +- deps/v8/src/regexp/regexp-node-printer.cc | 235 + deps/v8/src/regexp/regexp-node-printer.h | 44 + deps/v8/src/regexp/regexp-nodes.h | 446 +- deps/v8/src/regexp/regexp-parser.cc | 867 ++- deps/v8/src/regexp/regexp-parser.h | 14 +- deps/v8/src/regexp/regexp-printer.cc | 44 + deps/v8/src/regexp/regexp-printer.h | 184 + deps/v8/src/regexp/regexp-result-vector.cc | 19 +- deps/v8/src/regexp/regexp-result-vector.h | 12 +- deps/v8/src/regexp/regexp-stack.cc | 44 +- deps/v8/src/regexp/regexp-stack.h | 42 +- deps/v8/src/regexp/regexp-utils.cc | 38 +- deps/v8/src/regexp/regexp-utils.h | 9 +- deps/v8/src/regexp/regexp.cc | 944 ++- deps/v8/src/regexp/regexp.h | 74 +- .../riscv/regexp-macro-assembler-riscv.cc | 119 +- .../riscv/regexp-macro-assembler-riscv.h | 15 +- .../s390/regexp-macro-assembler-s390.cc | 110 +- .../regexp/s390/regexp-macro-assembler-s390.h | 15 +- deps/v8/src/regexp/special-case.h | 4 +- .../regexp/x64/regexp-macro-assembler-x64.cc | 712 +- .../regexp/x64/regexp-macro-assembler-x64.h | 54 +- deps/v8/src/roots/roots-inl.h | 30 +- deps/v8/src/roots/roots.h | 48 +- deps/v8/src/roots/static-roots-intl-nowasm.h | 1993 +++--- deps/v8/src/roots/static-roots-intl-wasm.h | 2033 +++--- .../v8/src/roots/static-roots-nointl-nowasm.h | 1709 ++--- deps/v8/src/roots/static-roots-nointl-wasm.h | 1749 ++--- deps/v8/src/runtime/runtime-array.cc | 40 +- deps/v8/src/runtime/runtime-atomics.cc | 21 +- deps/v8/src/runtime/runtime-classes.cc | 22 +- deps/v8/src/runtime/runtime-collections.cc | 4 +- deps/v8/src/runtime/runtime-compiler.cc | 234 +- deps/v8/src/runtime/runtime-debug.cc | 60 +- deps/v8/src/runtime/runtime-forin.cc | 15 +- deps/v8/src/runtime/runtime-function.cc | 4 +- deps/v8/src/runtime/runtime-internal.cc | 40 +- deps/v8/src/runtime/runtime-intl.cc | 4 +- deps/v8/src/runtime/runtime-literals.cc | 457 +- deps/v8/src/runtime/runtime-numbers.cc | 17 +- deps/v8/src/runtime/runtime-object.cc | 111 +- deps/v8/src/runtime/runtime-operators.cc | 19 +- deps/v8/src/runtime/runtime-promise.cc | 26 +- deps/v8/src/runtime/runtime-proxy.cc | 7 +- deps/v8/src/runtime/runtime-regexp.cc | 151 +- deps/v8/src/runtime/runtime-scopes.cc | 45 +- deps/v8/src/runtime/runtime-strings.cc | 90 +- deps/v8/src/runtime/runtime-symbol.cc | 7 +- deps/v8/src/runtime/runtime-test-wasm.cc | 222 +- deps/v8/src/runtime/runtime-test.cc | 610 +- deps/v8/src/runtime/runtime-trace.cc | 75 +- deps/v8/src/runtime/runtime-typedarray.cc | 9 +- deps/v8/src/runtime/runtime-wasm.cc | 950 ++- deps/v8/src/runtime/runtime.cc | 22 +- deps/v8/src/runtime/runtime.h | 117 +- deps/v8/src/sandbox/README.md | 2 + deps/v8/src/sandbox/bytecode-verifier.cc | 273 + deps/v8/src/sandbox/bytecode-verifier.h | 52 + deps/v8/src/sandbox/check.h | 9 +- deps/v8/src/sandbox/code-pointer-table-inl.h | 22 +- deps/v8/src/sandbox/code-pointer-table.cc | 22 + deps/v8/src/sandbox/code-pointer-table.h | 16 +- deps/v8/src/sandbox/code-sandboxing-mode.h | 13 + deps/v8/src/sandbox/cppheap-pointer-inl.h | 6 +- .../src/sandbox/cppheap-pointer-table-inl.h | 3 +- deps/v8/src/sandbox/cppheap-pointer-table.cc | 66 + deps/v8/src/sandbox/cppheap-pointer-table.h | 138 +- .../src/sandbox/external-entity-table-inl.h | 58 +- deps/v8/src/sandbox/external-entity-table.h | 13 + deps/v8/src/sandbox/external-pointer-inl.h | 34 +- .../src/sandbox/external-pointer-table-inl.h | 3 +- deps/v8/src/sandbox/external-pointer-table.cc | 74 +- deps/v8/src/sandbox/external-pointer-table.h | 131 +- deps/v8/src/sandbox/external-pointer.h | 19 +- deps/v8/src/sandbox/external-strings-cage.cc | 131 + deps/v8/src/sandbox/external-strings-cage.h | 106 + deps/v8/src/sandbox/hardware-support.cc | 99 +- deps/v8/src/sandbox/hardware-support.h | 41 +- deps/v8/src/sandbox/indirect-pointer-inl.h | 63 +- deps/v8/src/sandbox/indirect-pointer-tag.h | 358 +- deps/v8/src/sandbox/indirect-pointer.h | 5 +- deps/v8/src/sandbox/isolate-inl.h | 19 +- deps/v8/src/sandbox/isolate.h | 10 +- deps/v8/src/sandbox/js-dispatch-table-inl.h | 42 +- deps/v8/src/sandbox/js-dispatch-table.cc | 56 +- deps/v8/src/sandbox/js-dispatch-table.h | 41 +- deps/v8/src/sandbox/sandbox.cc | 36 +- deps/v8/src/sandbox/sandbox.h | 16 +- deps/v8/src/sandbox/sandboxable-thread.cc | 44 + deps/v8/src/sandbox/sandboxable-thread.h | 33 + deps/v8/src/sandbox/tagged-payload.h | 125 +- deps/v8/src/sandbox/testing.cc | 700 +- deps/v8/src/sandbox/testing.h | 55 + deps/v8/src/sandbox/trusted-pointer-scope.cc | 4 +- .../src/sandbox/trusted-pointer-table-inl.h | 116 +- deps/v8/src/sandbox/trusted-pointer-table.cc | 33 + deps/v8/src/sandbox/trusted-pointer-table.h | 81 +- deps/v8/src/snapshot/code-serializer.cc | 4 +- deps/v8/src/snapshot/context-serializer.cc | 9 +- deps/v8/src/snapshot/deserializer.cc | 77 +- deps/v8/src/snapshot/deserializer.h | 20 +- .../platform-embedded-file-writer-aix.cc | 14 +- .../platform-embedded-file-writer-generic.cc | 12 +- .../platform-embedded-file-writer-mac.cc | 14 +- .../platform-embedded-file-writer-win.cc | 14 +- deps/v8/src/snapshot/mksnapshot.cc | 5 +- deps/v8/src/snapshot/object-deserializer.cc | 4 +- .../v8/src/snapshot/read-only-deserializer.cc | 75 +- deps/v8/src/snapshot/read-only-serializer.cc | 76 +- .../src/snapshot/serializer-deserializer.cc | 12 - .../v8/src/snapshot/serializer-deserializer.h | 5 - deps/v8/src/snapshot/serializer.cc | 49 +- .../src/snapshot/shared-heap-deserializer.cc | 4 +- deps/v8/src/snapshot/snapshot-data.cc | 5 +- deps/v8/src/snapshot/snapshot-source-sink.cc | 4 +- deps/v8/src/snapshot/snapshot-source-sink.h | 18 +- deps/v8/src/snapshot/snapshot.cc | 6 +- deps/v8/src/snapshot/startup-deserializer.cc | 23 +- deps/v8/src/snapshot/startup-serializer.cc | 30 +- deps/v8/src/snapshot/startup-serializer.h | 1 + deps/v8/src/snapshot/static-roots-gen.cc | 16 +- deps/v8/src/strings/OWNERS | 1 + deps/v8/src/strings/char-predicates-inl.h | 16 +- deps/v8/src/strings/char-predicates.cc | 6 +- deps/v8/src/strings/char-predicates.h | 7 +- .../strings/owning-external-string-resource.h | 98 + deps/v8/src/strings/string-builder-inl.h | 2 +- deps/v8/src/strings/string-builder.cc | 45 +- deps/v8/src/strings/string-builder.h | 19 +- deps/v8/src/strings/string-hasher-inl.h | 22 +- deps/v8/src/strings/string-hasher.cc | 28 + deps/v8/src/strings/string-hasher.h | 6 + deps/v8/src/strings/string-stream.cc | 19 +- deps/v8/src/strings/unicode-inl.h | 20 +- deps/v8/src/strings/unicode.cc | 39 + deps/v8/src/strings/unicode.h | 10 +- deps/v8/src/strings/uri.cc | 200 +- deps/v8/src/tools/dumpling/dumpling_v8.patch | 5638 --------------- deps/v8/src/torque/ast-visitor.h | 518 ++ deps/v8/src/torque/ast.h | 38 +- deps/v8/src/torque/cc-generator.cc | 4 +- .../torque/class-debug-reader-generator.cc | 7 +- deps/v8/src/torque/constants.h | 3 +- deps/v8/src/torque/csa-generator.cc | 4 +- deps/v8/src/torque/declarable.cc | 7 +- deps/v8/src/torque/declarable.h | 15 +- deps/v8/src/torque/declaration-visitor.cc | 6 +- deps/v8/src/torque/earley-parser.cc | 6 +- deps/v8/src/torque/global-context.h | 32 +- deps/v8/src/torque/implementation-visitor.cc | 105 +- deps/v8/src/torque/implementation-visitor.h | 6 +- deps/v8/src/torque/runtime-support.h | 37 +- deps/v8/src/torque/torque-compiler.cc | 22 +- deps/v8/src/torque/torque-compiler.h | 3 + deps/v8/src/torque/torque-parser.cc | 86 +- deps/v8/src/torque/torque-parser.h | 5 + deps/v8/src/torque/torque.cc | 4 + deps/v8/src/torque/tsa-generator.cc | 1808 +++++ deps/v8/src/torque/tsa-generator.h | 16 + deps/v8/src/torque/type-oracle.h | 6 - deps/v8/src/torque/type-visitor.cc | 17 + deps/v8/src/torque/types.h | 1 + deps/v8/src/torque/utils.cc | 21 +- deps/v8/src/torque/utils.h | 11 +- deps/v8/src/tracing/code-data-source.cc | 7 +- deps/v8/src/tracing/code-data-source.h | 5 +- deps/v8/src/tracing/code-trace-context.h | 2 +- deps/v8/src/tracing/perfetto-logger.cc | 59 +- deps/v8/src/tracing/perfetto-logger.h | 13 +- deps/v8/src/tracing/perfetto-sdk.h | 42 + deps/v8/src/tracing/perfetto-utils.cc | 12 +- deps/v8/src/tracing/trace-categories.h | 9 +- deps/v8/src/tracing/trace-event.h | 19 +- deps/v8/src/tracing/traced-value.cc | 5 +- deps/v8/src/trap-handler/handler-inside.cc | 22 +- deps/v8/src/trap-handler/handler-outside.cc | 94 +- deps/v8/src/trap-handler/handler-shared.cc | 23 + .../src/trap-handler/trap-handler-internal.h | 28 +- .../src/trap-handler/trap-handler-simulator.h | 2 +- deps/v8/src/trap-handler/trap-handler.h | 16 +- deps/v8/src/utils/bit-vector.h | 198 +- deps/v8/src/utils/boxed-float.h | 31 + deps/v8/src/utils/identity-map.cc | 40 +- deps/v8/src/utils/identity-map.h | 17 +- deps/v8/src/utils/memcopy.cc | 59 - deps/v8/src/utils/memcopy.h | 276 +- deps/v8/src/utils/utils.cc | 15 +- deps/v8/src/utils/utils.h | 44 +- deps/v8/src/wasm/DEPS | 10 + .../baseline/arm/liftoff-assembler-arm-inl.h | 158 +- .../arm64/liftoff-assembler-arm64-inl.h | 203 +- .../ia32/liftoff-assembler-ia32-inl.h | 182 +- .../wasm/baseline/liftoff-assembler-defs.h | 37 +- .../src/wasm/baseline/liftoff-assembler-inl.h | 7 - .../v8/src/wasm/baseline/liftoff-assembler.cc | 11 +- deps/v8/src/wasm/baseline/liftoff-assembler.h | 96 +- deps/v8/src/wasm/baseline/liftoff-compiler.cc | 1110 +-- deps/v8/src/wasm/baseline/liftoff-register.h | 290 +- deps/v8/src/wasm/baseline/liftoff-varstate.h | 1 + .../loong64/liftoff-assembler-loong64-inl.h | 1354 ++-- .../mips64/liftoff-assembler-mips64-inl.h | 152 +- deps/v8/src/wasm/baseline/parallel-move.h | 13 +- .../baseline/ppc/liftoff-assembler-ppc-inl.h | 377 +- .../riscv/liftoff-assembler-riscv-inl.h | 778 ++- .../riscv/liftoff-assembler-riscv32-inl.h | 182 +- .../riscv/liftoff-assembler-riscv64-inl.h | 549 +- .../s390/liftoff-assembler-s390-inl.h | 159 +- .../baseline/x64/liftoff-assembler-x64-inl.h | 174 +- deps/v8/src/wasm/basic-block-calculator.cc | 4 +- deps/v8/src/wasm/c-api.cc | 101 +- deps/v8/src/wasm/c-api.h | 11 +- deps/v8/src/wasm/canonical-types.cc | 202 +- deps/v8/src/wasm/canonical-types.h | 76 +- .../v8/src/wasm/compilation-environment-inl.h | 8 +- deps/v8/src/wasm/compilation-environment.h | 31 +- .../src/wasm/compilation-hints-generation.cc | 215 + .../src/wasm/compilation-hints-generation.h | 25 + .../src/wasm/constant-expression-interface.cc | 204 +- .../src/wasm/constant-expression-interface.h | 5 + deps/v8/src/wasm/constant-expression.cc | 10 +- deps/v8/src/wasm/decoder.h | 22 +- deps/v8/src/wasm/effect-handler.h | 33 + deps/v8/src/wasm/function-body-decoder-impl.h | 655 +- deps/v8/src/wasm/function-body-decoder.cc | 19 +- deps/v8/src/wasm/function-body-decoder.h | 12 +- deps/v8/src/wasm/function-compiler.cc | 10 +- deps/v8/src/wasm/function-compiler.h | 18 +- .../wasm/fuzzing/random-module-generation.cc | 481 +- deps/v8/src/wasm/inlining-tree.h | 282 +- deps/v8/src/wasm/interpreter/OWNERS | 4 + .../arm64/interpreter-builtins-arm64.cc | 1601 ++++- .../wasm/interpreter/instruction-handlers.h | 2552 +++---- .../riscv/interpreter-builtins-riscv.cc | 1841 +++++ .../wasm/interpreter/wasm-interpreter-inl.h | 8 + .../wasm-interpreter-runtime-inl.h | 102 +- .../interpreter/wasm-interpreter-runtime.cc | 545 +- .../interpreter/wasm-interpreter-runtime.h | 122 +- .../wasm/interpreter/wasm-interpreter-simd.cc | 12 +- .../src/wasm/interpreter/wasm-interpreter.cc | 2240 +++--- .../src/wasm/interpreter/wasm-interpreter.h | 189 +- .../x64/interpreter-builtins-x64.cc | 138 +- deps/v8/src/wasm/leb-helper.h | 34 +- deps/v8/src/wasm/local-decl-encoder.cc | 37 +- deps/v8/src/wasm/local-decl-encoder.h | 17 +- deps/v8/src/wasm/module-compiler.cc | 745 +- deps/v8/src/wasm/module-compiler.h | 135 +- deps/v8/src/wasm/module-decoder-impl.h | 678 +- deps/v8/src/wasm/module-decoder.cc | 101 +- deps/v8/src/wasm/module-decoder.h | 37 +- deps/v8/src/wasm/module-instantiate.cc | 753 +- deps/v8/src/wasm/module-instantiate.h | 9 +- deps/v8/src/wasm/names-provider.cc | 22 +- deps/v8/src/wasm/names-provider.h | 2 - deps/v8/src/wasm/object-access.h | 26 - deps/v8/src/wasm/signature-hashing.h | 4 +- deps/v8/src/wasm/simd-shuffle.cc | 32 +- deps/v8/src/wasm/simd-shuffle.h | 13 +- deps/v8/src/wasm/stacks.cc | 34 +- deps/v8/src/wasm/stacks.h | 68 +- deps/v8/src/wasm/streaming-decoder.cc | 87 +- deps/v8/src/wasm/streaming-decoder.h | 24 +- deps/v8/src/wasm/struct-types.h | 56 +- deps/v8/src/wasm/sync-streaming-decoder.cc | 60 +- .../src/wasm/turboshaft-graph-interface-inl.h | 14 +- .../v8/src/wasm/turboshaft-graph-interface.cc | 2131 +++--- deps/v8/src/wasm/turboshaft-graph-interface.h | 8 +- deps/v8/src/wasm/value-type.cc | 45 +- deps/v8/src/wasm/value-type.h | 144 +- deps/v8/src/wasm/wasm-builtin-list.h | 14 + deps/v8/src/wasm/wasm-code-manager.cc | 252 +- deps/v8/src/wasm/wasm-code-manager.h | 232 +- .../v8/src/wasm/wasm-code-pointer-table-inl.h | 20 - deps/v8/src/wasm/wasm-code-pointer-table.h | 25 +- deps/v8/src/wasm/wasm-constants.h | 29 +- deps/v8/src/wasm/wasm-debug.cc | 70 +- deps/v8/src/wasm/wasm-debug.h | 2 +- deps/v8/src/wasm/wasm-disassembler-impl.h | 2 +- deps/v8/src/wasm/wasm-disassembler.cc | 34 +- deps/v8/src/wasm/wasm-engine-globals.h | 37 + deps/v8/src/wasm/wasm-engine.cc | 154 +- deps/v8/src/wasm/wasm-engine.h | 36 +- deps/v8/src/wasm/wasm-export-wrapper-cache.cc | 34 +- deps/v8/src/wasm/wasm-export-wrapper-cache.h | 8 +- deps/v8/src/wasm/wasm-external-refs.cc | 225 +- deps/v8/src/wasm/wasm-external-refs.h | 14 +- deps/v8/src/wasm/wasm-feature-flags.h | 74 +- deps/v8/src/wasm/wasm-features.cc | 3 +- deps/v8/src/wasm/wasm-features.h | 17 +- deps/v8/src/wasm/wasm-import-wrapper-cache.cc | 285 +- deps/v8/src/wasm/wasm-import-wrapper-cache.h | 160 +- deps/v8/src/wasm/wasm-init-expr.h | 25 +- deps/v8/src/wasm/wasm-js.cc | 608 +- deps/v8/src/wasm/wasm-js.h | 5 +- deps/v8/src/wasm/wasm-limits.h | 9 + deps/v8/src/wasm/wasm-linkage.h | 72 +- deps/v8/src/wasm/wasm-module-builder.cc | 22 +- deps/v8/src/wasm/wasm-module-builder.h | 22 +- deps/v8/src/wasm/wasm-module.cc | 52 +- deps/v8/src/wasm/wasm-module.h | 205 +- deps/v8/src/wasm/wasm-objects-inl.h | 227 +- deps/v8/src/wasm/wasm-objects.cc | 1042 ++- deps/v8/src/wasm/wasm-objects.h | 311 +- deps/v8/src/wasm/wasm-objects.tq | 38 +- deps/v8/src/wasm/wasm-opcodes-inl.h | 106 +- deps/v8/src/wasm/wasm-opcodes.cc | 3 + deps/v8/src/wasm/wasm-opcodes.h | 55 +- deps/v8/src/wasm/wasm-result.h | 2 - deps/v8/src/wasm/wasm-serialization.cc | 214 +- deps/v8/src/wasm/wasm-serialization.h | 33 +- deps/v8/src/wasm/wasm-stack-wrapper-cache.cc | 27 + deps/v8/src/wasm/wasm-stack-wrapper-cache.h | 53 + deps/v8/src/wasm/wasm-subtyping.cc | 12 +- deps/v8/src/wasm/wasm-subtyping.h | 3 +- deps/v8/src/wasm/wasm-tracing.h | 7 - deps/v8/src/wasm/wasm-value.h | 32 +- deps/v8/src/wasm/wasm-wrapper-cache-inl.h | 258 + deps/v8/src/wasm/wasm-wrapper-cache.cc | 28 + deps/v8/src/wasm/wasm-wrapper-cache.h | 112 + deps/v8/src/wasm/well-known-imports.cc | 17 + deps/v8/src/wasm/well-known-imports.h | 17 + deps/v8/src/wasm/wrappers-inl.h | 298 +- deps/v8/src/wasm/wrappers.cc | 13 +- deps/v8/src/wasm/wrappers.h | 386 +- deps/v8/src/zone/accounting-allocator.cc | 155 +- deps/v8/src/zone/accounting-allocator.h | 39 +- deps/v8/src/zone/zone-containers.h | 34 +- deps/v8/src/zone/zone-list-inl.h | 2 +- deps/v8/test/benchmarks/cpp/benchmark-main.cc | 3 +- deps/v8/test/benchmarks/cpp/bindings.cc | 11 +- deps/v8/test/benchmarks/csuite/benchmark.py | 10 +- deps/v8/test/bigint/BUILD.gn | 2 + deps/v8/test/bigint/DEPS | 1 + deps/v8/test/bigint/bigint-shell.cc | 641 +- deps/v8/test/cctest/BUILD.gn | 83 +- deps/v8/test/cctest/cctest.cc | 2 +- deps/v8/test/cctest/cctest.h | 30 +- deps/v8/test/cctest/cctest.status | 56 +- deps/v8/test/cctest/collector.h | 9 +- .../cctest/compiler/test-code-generator.cc | 29 +- .../cctest/compiler/test-js-typed-lowering.cc | 69 +- .../test-run-calls-to-external-references.cc | 6 + .../cctest/compiler/test-run-native-calls.cc | 6 +- .../compiler/turboshaft-codegen-tester.h | 9 +- .../turboshaft-test-select-combine.cc | 80 +- deps/v8/test/cctest/heap/heap-tester.h | 6 +- deps/v8/test/cctest/heap/heap-utils.cc | 114 +- deps/v8/test/cctest/heap/heap-utils.h | 36 +- deps/v8/test/cctest/heap/test-alloc.cc | 2 +- ...racker.cc => test-array-buffer-sweeper.cc} | 42 +- deps/v8/test/cctest/heap/test-compaction.cc | 72 +- .../cctest/heap/test-concurrent-allocation.cc | 37 +- .../heap/test-external-string-tracker.cc | 47 +- deps/v8/test/cctest/heap/test-heap.cc | 528 +- .../cctest/heap/test-incremental-marking.cc | 77 - deps/v8/test/cctest/heap/test-mark-compact.cc | 20 +- .../cctest/heap/test-memory-measurement.cc | 57 +- deps/v8/test/cctest/heap/test-spaces.cc | 56 +- .../test/cctest/heap/test-weak-references.cc | 52 +- .../cctest/manually-externalized-buffer.h | 12 +- .../v8/test/cctest/test-accessor-assembler.cc | 7 +- deps/v8/test/cctest/test-accessors.cc | 175 +- deps/v8/test/cctest/test-api-array-buffer.cc | 37 +- deps/v8/test/cctest/test-api-incumbent.cc | 16 +- deps/v8/test/cctest/test-api-interceptors.cc | 996 ++- deps/v8/test/cctest/test-api-stack-traces.cc | 812 ++- deps/v8/test/cctest/test-api-typed-array.cc | 22 +- deps/v8/test/cctest/test-api.cc | 486 +- deps/v8/test/cctest/test-api.h | 8 +- .../test/cctest/test-code-stub-assembler.cc | 32 +- deps/v8/test/cctest/test-cpu-profiler.cc | 336 +- deps/v8/test/cctest/test-debug-helper.cc | 4 +- deps/v8/test/cctest/test-debug.cc | 179 +- .../test/cctest/test-field-type-tracking.cc | 367 - deps/v8/test/cctest/test-heap-profiler.cc | 282 +- deps/v8/test/cctest/test-lockers.cc | 26 +- .../test/cctest/test-macro-assembler-arm.cc | 337 - .../cctest/test-macro-assembler-loong64.cc | 2906 -------- .../cctest/test-macro-assembler-mips64.cc | 1726 ----- deps/v8/test/cctest/test-profile-generator.cc | 4 +- deps/v8/test/cctest/test-sampler-api.cc | 24 +- deps/v8/test/cctest/test-serialize.cc | 25 +- deps/v8/test/cctest/test-shared-strings.cc | 82 +- deps/v8/test/cctest/test-strings.cc | 8 +- deps/v8/test/cctest/test-transitions.cc | 148 + .../test-unscopables-hidden-prototype.cc | 2 +- .../test/cctest/test-unwinder-code-pages.cc | 2 +- deps/v8/test/cctest/test-usecounters.cc | 51 +- deps/v8/test/cctest/test-verifiers.cc | 2 +- deps/v8/test/cctest/torque/test-torque.cc | 2 + .../v8/test/cctest/wasm/test-backing-store.cc | 9 +- .../cctest/wasm/test-compilation-cache.cc | 5 +- deps/v8/test/cctest/wasm/test-gc.cc | 39 +- deps/v8/test/cctest/wasm/test-grow-memory.cc | 13 +- .../cctest/wasm/test-liftoff-inspection.cc | 2 +- deps/v8/test/cctest/wasm/test-run-wasm-64.cc | 10 +- .../test/cctest/wasm/test-run-wasm-atomics.cc | 6 +- .../cctest/wasm/test-run-wasm-atomics64.cc | 6 +- deps/v8/test/cctest/wasm/test-run-wasm-f16.cc | 99 +- .../cctest/wasm/test-run-wasm-memory64.cc | 2 +- .../test/cctest/wasm/test-run-wasm-module.cc | 7 +- .../cctest/wasm/test-run-wasm-relaxed-simd.cc | 125 +- .../cctest/wasm/test-run-wasm-simd-liftoff.cc | 43 +- .../v8/test/cctest/wasm/test-run-wasm-simd.cc | 1852 +++-- .../cctest/wasm/test-run-wasm-wrappers.cc | 4 +- deps/v8/test/cctest/wasm/test-run-wasm.cc | 85 +- .../cctest/wasm/test-streaming-compilation.cc | 23 +- .../test/cctest/wasm/test-wasm-breakpoints.cc | 25 +- .../wasm/test-wasm-import-wrapper-cache.cc | 53 +- deps/v8/test/cctest/wasm/test-wasm-metrics.cc | 48 +- .../cctest/wasm/test-wasm-serialization.cc | 51 +- .../cctest/wasm/test-wasm-shared-engine.cc | 7 +- deps/v8/test/cctest/wasm/test-wasm-stack.cc | 2 +- .../cctest/wasm/test-wasm-trap-position.cc | 2 +- deps/v8/test/cctest/wasm/wasm-simd-utils.cc | 850 ++- deps/v8/test/cctest/wasm/wasm-simd-utils.h | 77 +- deps/v8/test/common/noop-bytecode-verifier.h | 27 + deps/v8/test/common/types-fuzz.h | 2 +- deps/v8/test/common/wasm/fuzzer-common.cc | 177 +- deps/v8/test/common/wasm/wasm-macro-gen.h | 12 +- .../v8/test/common/wasm/wasm-module-runner.cc | 1 + deps/v8/test/common/wasm/wasm-run-utils.cc | 286 +- deps/v8/test/common/wasm/wasm-run-utils.h | 81 +- .../debug-evaluate-no-side-effect-builtins.js | 17 +- deps/v8/test/debugger/debugger.status | 3 + .../debugger/regress/regress-483851884.js | 30 + .../debugger/regress/regress-485683107.js | 17 + .../debugger/regress/regress-486383560.js | 10 + .../debugger/regress/regress-488130830.js | 9 + deps/v8/test/debugging/testcfg.py | 12 +- .../crash/proto-assign-seq-opt-count-0.js | 10 + deps/v8/test/filecheck/filecheck.status | 40 +- .../js-wasm-wrapper-inlining-eager-deopt.js | 116 + .../js-wasm-wrapper-inlining-lazy-deopt.js | 2 +- .../filecheck/proto-assign-seq-opt-count.js | 49 + deps/v8/test/filecheck/testcfg.py | 3 +- .../wasm-in-js-inlining-turboshaft.js | 538 ++ .../wasm-turbolev-inlined-wrapper.js | 56 + .../crash/failed-type-assertion.js} | 0 .../filecheck/wasm/crash/regress-481074858.js | 220 + .../{wasm-pause.js => wasm/pause.js} | 0 deps/v8/test/fuzzer/fuzzer-support.cc | 2 +- deps/v8/test/fuzzer/fuzzer.status | 3 +- deps/v8/test/fuzzer/inspector-fuzzer.cc | 4 +- .../test/fuzzer/wasm/code/regress-470274340 | Bin 0 -> 124 bytes deps/v8/test/fuzzer/wasm/init-expr.cc | 10 +- .../wasm/interpreter/interpreter-diff.cc | 2 +- .../interpreter/interpreter-fuzzer-common.cc | 17 +- .../wasm/interpreter/interpreter-init-expr.cc | 161 +- .../fuzzer/wasm/module/regress-419922463.wasm | Bin 0 -> 287 bytes .../fuzzer/wasm/module/regress-478553475.wasm | Bin 0 -> 60 bytes deps/v8/test/fuzzer/wasm/streaming.cc | 7 +- deps/v8/test/inspector/BUILD.gn | 2 + .../paused-function-location-expected.txt | 212 + .../debugger/paused-function-location.js | 195 + ...point-by-url-in-broken-script-expected.txt | 21 + .../set-breakpoint-by-url-in-broken-script.js | 20 + .../debugger/set-script-source-repl-mode.js | 6 +- .../debugger/wasm-gc-anyref-expected.txt | 6 +- .../test/inspector/debugger/wasm-gc-anyref.js | 2 +- .../debugger/wasm-gc-breakpoints-expected.txt | 2 +- .../inspector/debugger/wasm-gc-breakpoints.js | 2 +- .../wasm-gc-multi-module-expected.txt | 8 +- .../debugger/wasm-gc-multi-module.js | 4 +- .../debugger/wasm-jspi-async-stack.js | 2 +- .../inspector/debugger/wasm-scope-info.js | 2 +- deps/v8/test/inspector/devtools-session.cc | 66 + deps/v8/test/inspector/devtools-session.h | 65 + deps/v8/test/inspector/frontend-channel.h | 38 +- deps/v8/test/inspector/inspector-test.cc | 12 +- deps/v8/test/inspector/inspector.status | 8 +- deps/v8/test/inspector/isolate-data.cc | 110 +- deps/v8/test/inspector/isolate-data.h | 28 +- .../regress-crbug-466244926-expected.txt | 3 + .../regress/regress-crbug-466244926.js | 51 + .../regress-crbug-486927780-expected.txt | 1 + .../regress/regress-crbug-486927780.js | 25 + .../regress-crbug-488754138-expected.txt | 3 + .../regress/regress-crbug-488754138.js | 29 + .../runtime/add-binding-expected.txt | 27 +- deps/v8/test/inspector/runtime/add-binding.js | 53 +- .../runtime/command-line-api-expected.txt | 56 + .../inspector/runtime/command-line-api.js | 16 + .../runtime/regress-485672657-expected.txt | 5 + .../inspector/runtime/regress-485672657.js | 34 + .../runtime/regress-488790217-expected.txt | 396 ++ .../inspector/runtime/regress-488790217.js | 39 + .../test/intl/date-format/check-nu-option.js | 2 +- .../date-format/check-numbering-system.js | 2 +- .../date-format/en-format-range-to-parts.js | 4 +- deps/v8/test/intl/date-format/format-range.js | 24 +- .../property-override-date-style.js | 2 +- .../property-override-date-time-style.js | 2 +- .../property-override-time-style.js | 2 +- .../intl/date-format/property-override.js | 2 +- deps/v8/test/intl/intl.status | 4 - .../intl/number-format/check-nu-option.js | 2 +- .../number-format/check-numbering-system.js | 2 +- .../intl/number-format/comma-compat-off.js | 22 - .../intl/number-format/comma-compat-on.js | 22 - .../intl/number-format/italian-compat-off.js | 15 - .../intl/number-format/italian-compat-on.js | 15 - deps/v8/test/intl/regress-450077863.js | 6 + deps/v8/test/intl/regress-463070442.js | 58 + deps/v8/test/intl/regress-7481.js | 2 +- deps/v8/test/intl/regress-9912.js | 6 +- .../check-numbering-system.js | 2 +- .../segment-iterator-ownPropertyDescriptor.js | 2 +- deps/v8/test/intl/temporal/calendar/fields.js | 24 - .../test/js-perf-test/BigInt/bigint-util.js | 2 +- deps/v8/test/js-perf-test/JSTests5.json | 2 +- .../TurboFan/wasm-inlining-loop-array.js | 2 +- deps/v8/test/message/debug-trace-minimal.js | 19 + deps/v8/test/message/debug-trace-minimal.out | 5 + .../message/fail/iterator-zip-return-error.js | 16 + .../fail/iterator-zip-return-error.out | 7 + .../js-wasm-wrapper-inlining-turbolev-32.js | 18 + ... js-wasm-wrapper-inlining-turbolev-32.out} | 49 +- .../js-wasm-wrapper-inlining-turbolev-64.js | 310 +- .../js-wasm-wrapper-inlining-turbolev-64.out | 58 + .../js-wasm-wrapper-inlining-turbolev.js | 310 - deps/v8/test/message/message.status | 27 +- deps/v8/test/message/testcfg.py | 12 +- ...m-compilation-hints-inlining-no-liftoff.js | 66 + ...-compilation-hints-inlining-no-liftoff.out | 11 + .../wasm-compilation-hints-inlining.js | 342 + .../wasm-compilation-hints-inlining.out | 56 + .../test/message/wasm-debug-trace-minimal.js | 39 + .../test/message/wasm-debug-trace-minimal.out | 7 + .../wasm-generate-compilation-hints.js | 84 + .../wasm-generate-compilation-hints.out | 19 + .../message/wasm-in-js-inlining-turboshaft.js | 288 - .../wasm-in-js-inlining-turboshaft.out | 329 - deps/v8/test/message/wasm-inlining-into-js.js | 2 +- .../v8/test/message/wasm-recognize-imports.js | 8 +- .../test/mjsunit/arbitrary-length-varargs.js | 126 + .../array-buffer-view-tracking-regress.js | 24 + .../mjsunit/array-buffer-view-tracking.js | 126 + .../mjsunit/array-constructor-subclass.js | 20 + .../test/mjsunit/array-flat-elements-kind.js | 48 + .../v8/test/mjsunit/call-intrinsic-fuzzing.js | 11 + .../compiler/bigint-add-no-deopt-loop.js | 5 +- .../mjsunit/compiler/dataview-detached.js | 8 +- .../test/mjsunit/compiler/deopt-pretenure.js | 5 +- .../compiler/fast-api-calls-exception.js | 28 + .../mjsunit/compiler/fast-api-calls-wasm.js | 2 +- deps/v8/test/mjsunit/compiler/no-fma.js | 25 + .../mjsunit/compiler/regress-461531853.js | 18 + .../mjsunit/compiler/regress-463606272.js | 15 + .../mjsunit/compiler/regress-475479135-1.js | 45 + .../mjsunit/compiler/regress-475479135-2.js | 45 + .../mjsunit/compiler/regress-477645118.js | 28 + .../mjsunit/compiler/regress-488078904.js | 21 + .../mjsunit/compiler/regress-488925413.js | 28 + .../compiler/regress-array-const-tracking.js | 33 + .../compiler/typed-array-js-call-reducer.js | 155 + .../compiler/typed-array-length-detached-1.js | 2 +- .../typedarray-resizablearraybuffer.js | 9 +- .../mjsunit/d8-builtins-not-constructors.js | 21 + deps/v8/test/mjsunit/d8/d8-realm-onerror.js | 26 + .../mjsunit/d8/d8-worker-onerror-arguments.js | 52 + .../mjsunit/d8/d8-worker-onerror-exception.js | 32 + .../d8/d8-worker-onerror-settimeout.js | 28 + deps/v8/test/mjsunit/d8/d8-worker-onerror.js | 32 + .../test/mjsunit/debug-trace-minimal-in-gc.js | 12 + ...ss-396461004.js => debug-trace-minimal.js} | 17 +- .../mjsunit/decorators/regress-456538025.js | 12 + .../mjsunit/decorators/regress-461485805.js | 13 + deps/v8/test/mjsunit/equals-feedback.js | 36 + .../mjsunit/es6/array-iterator-detached.js | 4 +- .../mjsunit/es6/block-eval-var-over-let.js | 2 +- ...of-array-iterator-optimization-baseline.js | 40 +- ...of-array-iterator-optimization-ignition.js | 34 +- ...ization-maglev-eager-check-missing-done.js | 69 + ...terator-optimization-maglev-eager-check.js | 66 + ...tor-optimization-maglev-eager-next-call.js | 59 + ...r-optimization-maglev-eager-value-check.js | 90 + ...iterator-optimization-maglev-lazy-check.js | 64 + ...ator-optimization-maglev-lazy-next-call.js | 52 + ...or-optimization-maglev-lazy-value-check.js | 64 + ...r-of-array-iterator-optimization-maglev.js | 43 +- ...of-array-iterator-optimization-turbofan.js | 43 +- .../es6/for-of-iterator-protocol-integrity.js | 108 + .../es6/sloppy-restrictive-block-function.js | 2 +- .../test/mjsunit/es6/weak-map-chain-linear.js | 34 + .../es6/weak-map-chain-nested-linear.js | 61 + deps/v8/test/mjsunit/es8/async-await-basic.js | 2 +- .../mjsunit/es8/async-await-closure-reuse.js | 229 + .../harmony/async-from-sync-iterator.js | 4 +- .../mjsunit/harmony/async-generators-basic.js | 2 +- .../await-using-assignment-in-for-loop.js | 15 + ...ait-using-valid-assignments-in-for-loop.js | 23 + .../test/mjsunit/harmony/iterator-concat.js | 317 + deps/v8/test/mjsunit/harmony/iterator-zip.js | 205 + deps/v8/test/mjsunit/harmony/map-groupby.js | 2 +- .../harmony/modules-import-defer-asm.mjs | 22 + ...odules-import-defer-define-class-field.mjs | 20 + ...defer-delete-property-missing-property.mjs | 15 + .../modules-import-defer-delete-property.mjs | 15 + .../harmony/modules-import-defer-for-in.mjs | 20 + ...n-property-descriptor-missing-property.mjs | 17 + ...port-defer-get-own-property-descriptor.mjs | 20 + ...port-defer-has-nonexistent-that-throws.mjs | 33 + ...s-on-prototype-nonexistent-that-throws.mjs | 35 + ...ort-defer-has-on-prototype-that-throws.mjs | 35 + ...rt-defer-has-property-missing-property.mjs | 15 + ...perty-ns-as-prototype-missing-property.mjs | 17 + .../modules-import-defer-has-property.mjs | 15 + .../modules-import-defer-has-that-throws.mjs | 33 + .../modules-import-defer-lookup-getter.mjs | 17 + .../modules-import-defer-lookup-setter.mjs | 17 + .../modules-import-defer-missing-property.mjs | 15 + .../modules-import-defer-no-trigger.mjs | 72 + ...t-defer-non-existant-field-that-throws.mjs | 33 + ...r-nonexistent-on-prototype-that-throws.mjs | 35 + ...defer-ns-as-prototype-missing-property.mjs | 16 + .../modules-import-defer-ns-as-prototype.mjs | 19 + ...es-import-defer-object-define-property.mjs | 15 + ...-defer-object-has-own-missing-property.mjs | 15 + .../modules-import-defer-object-has-own.mjs | 15 + .../modules-import-defer-object-keys.mjs | 16 + ...-import-defer-on-prototype-that-throws.mjs | 35 + ...modules-import-defer-own-property-keys.mjs | 16 + ...es-import-defer-property-is-enumerable.mjs | 17 + .../modules-import-defer-prototype-for-in.mjs | 21 + ...es-import-defer-prototype-has-property.mjs | 19 + ...s-import-defer-prototype-lookup-getter.mjs | 19 + ...s-import-defer-prototype-lookup-setter.mjs | 19 + ...efer-prototype-swap-for-in-that-throws.mjs | 30 + ...les-import-defer-prototype-swap-for-in.mjs | 23 + ...port-defer-super-property-set-exported.mjs | 25 + ...-defer-super-property-set-not-exported.mjs | 25 + .../modules-import-defer-that-throws.mjs | 33 + .../mjsunit/harmony/modules-import-defer.mjs | 15 + .../mjsunit/harmony/modules-namespace-asm.mjs | 23 + .../harmony/modules-skip-import-defer-1.mjs | 10 + .../modules-skip-import-defer-throws-1.mjs | 12 + .../harmony/regress/regress-454630441.js | 29 + .../harmony/regress/regress-463528051.js | 170 + .../harmony/regress/regress-468626968.js | 14 + deps/v8/test/mjsunit/immutable-arraybuffer.js | 566 ++ deps/v8/test/mjsunit/iterable-foreach.js | 451 ++ deps/v8/test/mjsunit/iterator-join.js | 408 ++ deps/v8/test/mjsunit/json-simd-strings.js | 136 + deps/v8/test/mjsunit/linecontinuation.js | 2 +- .../regress/regress-crbug-405910175-map.js | 3 +- .../regress/regress-crbug-405910175-set.js | 3 +- deps/v8/test/mjsunit/maglev-470137280.js | 14 + .../mjsunit/maglev/array-push-int32-phi.js | 33 + .../maglev/array-push-with-smi-object.js | 43 + .../mjsunit/maglev/boolean-constructor.js | 23 + .../maglev/checked_value_alt_overwrite.js | 36 + .../maglev/construct-spread-forward-vaargs.js | 77 + .../maglev/context-inverted-generator.js | 28 + .../maglev/context-inverted-generator2.js | 30 + .../mjsunit/maglev/dataview-almost-oob.js | 28 + ...-getbytelength-const-non-eager-inlining.js | 37 + .../maglev/dataview-getbytelength-const.js | 30 + .../dataview-getbytelength-not-dataview.js | 29 + .../dataview-getbytelength-undefined.js | 26 + .../mjsunit/maglev/dataview-getbytelength.js | 20 + .../mjsunit/maglev/maglev-assert-types.js | 20 + .../test/mjsunit/maglev/number-to-string.js | 25 + .../maglev/optimize-float64-ieee754.js | 155 + .../mjsunit/maglev/optimize-float64-unary.js | 60 + .../maglev/phi-untagging-backedge-self-1.js | 32 + .../maglev/phi-untagging-backedge-self-2.js | 36 + ...phi-untagging-conversions-no-truncation.js | 42 + .../maglev/phi-untagging-conversions.js | 38 - ...ging-float64-into-smi-check-speculative.js | 37 + .../phi-untagging-float64-into-smi-check.js | 37 + .../phi-untagging-float64-load-input.js | 21 + .../phi-untagging-holeyfloat64-load-input.js | 26 + .../maglev/phi-untagging-int32-load-input.js | 21 + deps/v8/test/mjsunit/maglev/reflect-apply.js | 72 + deps/v8/test/mjsunit/maglev/reflect-get.js | 42 + deps/v8/test/mjsunit/maglev/reflect-has.js | 54 + .../test/mjsunit/maglev/regress-455554110.js | 23 + .../test/mjsunit/maglev/regress-456014076.js | 26 + .../test/mjsunit/maglev/regress-456697305.js | 17 + .../test/mjsunit/maglev/regress-456778855.js | 15 + .../test/mjsunit/maglev/regress-457475186.js | 20 + .../test/mjsunit/maglev/regress-457475530.js | 20 + .../test/mjsunit/maglev/regress-457866756.js | 15 + .../test/mjsunit/maglev/regress-458608439.js | 18 + .../test/mjsunit/maglev/regress-460084175.js | 21 + .../test/mjsunit/maglev/regress-460220166.js | 34 + .../test/mjsunit/maglev/regress-460668396.js | 27 + .../test/mjsunit/maglev/regress-460678755.js | 26 + .../test/mjsunit/maglev/regress-461541271.js | 19 + .../test/mjsunit/maglev/regress-463237815.js | 21 + .../test/mjsunit/maglev/regress-463565998.js | 47 + .../test/mjsunit/maglev/regress-463722459.js | 22 + .../test/mjsunit/maglev/regress-464105362.js | 15 + .../test/mjsunit/maglev/regress-464323255.js | 22 + .../test/mjsunit/maglev/regress-464612781.js | 9 + .../test/mjsunit/maglev/regress-464965404.js | 31 + .../test/mjsunit/maglev/regress-465730465.js | 39 + .../test/mjsunit/maglev/regress-466510900.js | 14 + .../test/mjsunit/maglev/regress-466701290.js | 19 + .../test/mjsunit/maglev/regress-469481626.js | 16 + .../test/mjsunit/maglev/regress-470566252.js | 58 + .../test/mjsunit/maglev/regress-473913278.js | 29 + .../test/mjsunit/maglev/regress-474458890.js | 16 + .../test/mjsunit/maglev/regress-476329375.js | 34 + .../test/mjsunit/maglev/regress-479557032.js | 20 + .../test/mjsunit/maglev/regress-480100972.mjs | 19 + .../test/mjsunit/maglev/regress-480568109.js | 20 + .../mjsunit/maglev/regress-482261044-1.js | 24 + .../mjsunit/maglev/regress-482261044-2.js | 19 + .../mjsunit/maglev/regress-482261044-3.js | 26 + .../test/mjsunit/maglev/regress-482545639.js | 18 + .../test/mjsunit/maglev/regress-482810539.js | 25 + .../test/mjsunit/maglev/regress-483423907.js | 24 + .../test/mjsunit/maglev/regress-484393248.js | 33 + .../test/mjsunit/maglev/regress-484911060.js | 16 + .../test/mjsunit/maglev/regress-485843940.js | 17 + .../test/mjsunit/maglev/regress-486530209.js | 26 + .../mjsunit/maglev/regress-486657483-1.js | 28 + .../mjsunit/maglev/regress-486657483-2.js | 27 + .../mjsunit/maglev/regress-486657483-3.js | 27 + .../mjsunit/maglev/regress-486657483-4.js | 25 + .../mjsunit/maglev/regress-486657483-5.js | 36 + .../test/mjsunit/maglev/regress-489362238.js | 21 + .../test/mjsunit/maglev/regress-489369253.js | 25 + .../test/mjsunit/maglev/regress-490353576.js | 21 + .../mjsunit/maglev/regress-490558172-1.js | 32 + .../mjsunit/maglev/regress-490558172-2.js | 48 + .../test/mjsunit/maglev/regress-492245079.js | 30 + .../test/mjsunit/maglev/regress-494492520.js | 23 + .../test/mjsunit/maglev/regress-495041650.js | 26 + .../test/mjsunit/maglev/regress-495751197.js | 47 + .../test/mjsunit/maglev/regress-495888361.js | 26 + .../test/mjsunit/maglev/regress-495923720.js | 15 + .../test/mjsunit/maglev/regress-496074718.js | 27 + .../test/mjsunit/maglev/regress-496272034.js | 28 + .../test/mjsunit/maglev/regress-496627235.js | 24 + .../test/mjsunit/maglev/regress-497112471.js | 27 + .../maglev/regress/regress-489605205.js | 29 + .../maglev/store-constant-field-nan.js | 29 + .../mjsunit/maglev/string-indexof-includes.js | 54 + deps/v8/test/mjsunit/maglev/string-slice.js | 40 +- .../mjsunit/maglev/typed-array-length-abs.js | 4 + .../typed-array-length-as-number-large.js | 4 + .../maglev/typed-array-length-as-number.js | 4 + .../maglev/typed-array-length-bitwise.js | 4 + .../typed-array-length-branch-if-root.js | 4 + ...-array-length-branch-if-to-boolean-true.js | 4 + .../maglev/typed-array-length-detached-1.js | 2 +- .../typed-array-length-exception-phi.js | 4 + .../typed-array-length-index-into-array.js | 4 + ...ray-length-index-into-typed-array-large.js | 34 +- ...ped-array-length-index-into-typed-array.js | 12 +- .../typed-array-length-iteration-large.js | 4 + .../maglev/typed-array-length-iteration.js | 4 + .../maglev/typed-array-length-parseint.js | 4 + .../mjsunit/maglev/typed-array-length-phi.js | 4 + ...yped-array-length-store-as-uint8clamped.js | 4 + .../typed-array-length-store-into-global.js | 4 + ...array-length-store-script-context-large.js | 4 + ...typed-array-length-store-script-context.js | 4 + .../maglev/typed-array-length-to-boolean.js | 4 + .../typed-array-length-to-number-large.js | 4 + .../maglev/typed-array-length-to-number.js | 4 + .../maglev/typedarray-resizablearraybuffer.js | 1 - .../v8/test/mjsunit/maglev/unused-loop-phi.js | 25 + .../array-iterator-modification-1.js | 34 + .../array-iterator-modification-2.js | 39 + .../v8/test/mjsunit/math-sum-precise/basic.js | 247 + .../test/mjsunit/math-sum-precise/closing.js | 26 + .../v8/test/mjsunit/math-sum-precise/holey.js | 15 + .../test/mjsunit/math-sum-precise/holey2.js | 33 + .../math-sum-precise/regress-494013010.js | 14 + .../test/mjsunit/math-sum-precise/regress.js | 13 + .../mjsunit/math-sum-precise/set-regress.js | 15 + .../mjsunit/math-sum-precise/set-regress2.js | 11 + .../typed-array-iterator-modification-1.js | 31 + .../typed-array-iterator-modification-2.js | 35 + .../typed-array-iterator-modification-3.js | 30 + .../typed-array-iterator-modification-4.js | 33 + deps/v8/test/mjsunit/messages.js | 6 +- deps/v8/test/mjsunit/mjsunit.status | 469 +- deps/v8/test/mjsunit/modules-eval-await.mjs | 9 + .../modules-namespace-super-access-tdz.mjs | 17 + .../modules-namespace-super-property-set.mjs | 17 + ...-namespace-super-set-tdz-with-accessor.mjs | 23 + deps/v8/test/mjsunit/modules-namespace1.mjs | 7 + deps/v8/test/mjsunit/natives-builtins.js | 52 + ...ion.js => proto-seq-opt-arrow-function.js} | 34 +- ...roto-seq-opt-assign-key-multiple-times.js} | 20 +- .../opt-proto-seq/proto-seq-opt-basic.js | 57 + .../proto-seq-opt-before-after.js | 50 + ...th.js => proto-seq-opt-class-fast-path.js} | 22 +- .../opt-proto-seq/proto-seq-opt-computed.js | 43 + .../proto-seq-opt-constructor.js | 44 + .../proto-seq-opt-destructuring.js | 36 + ... proto-seq-opt-different-left-most-var.js} | 14 +- .../proto-seq-opt-different-objects.js | 47 + .../opt-proto-seq/proto-seq-opt-duplicate.js | 46 + ...-seq-opt-eval-return-last-set-property.js} | 10 +- ...to-seq-opt-feedback-vector-side-effect.js} | 17 +- .../proto-seq-opt-frozen-objects-strict.js | 47 + .../proto-seq-opt-frozen-objects.js | 44 + ...js => proto-seq-opt-function-fast-path.js} | 28 +- .../opt-proto-seq/proto-seq-opt-functions.js | 47 + ...oto-seq-opt-get-own-property-descriptor.js | 43 + ...to-seq-opt-get-own-property-descriptors.js | 43 + .../proto-seq-opt-global-proxy.js | 45 + ...js => proto-seq-opt-has-prototype-keys.js} | 29 +- ...etters.js => proto-seq-opt-has-setters.js} | 25 +- .../proto-seq-opt-ignore-chain-descriptors.js | 52 + .../opt-proto-seq/proto-seq-opt-iife.js | 46 + .../proto-seq-opt-interleaved.js | 46 + .../proto-seq-opt-lazy-override-builtin.js | 42 + .../opt-proto-seq/proto-seq-opt-limit.js | 46 + .../proto-seq-opt-locked-proto-strict.js | 56 + .../proto-seq-opt-locked-proto.js | 53 + ...o-seq-opt-non-extensible-objects-strict.js | 47 + .../proto-seq-opt-non-extensible-objects.js | 44 + .../proto-seq-opt-non-literal.js | 43 + .../proto-seq-opt-not-function.js | 44 + ... => proto-seq-opt-not-proto-assign-seq.js} | 27 +- ...ype.js => proto-seq-opt-null-prototype.js} | 24 +- .../proto-seq-opt-object-assign.js | 43 + .../proto-seq-opt-object-entries.js | 44 + .../proto-seq-opt-object-values.js | 42 + ... => proto-seq-opt-poison-default-proto.js} | 25 +- .../proto-seq-opt-preserve-descriptor.js | 51 + ...to-seq-opt-proto-of-prototype-assigned.js} | 16 +- .../opt-proto-seq/proto-seq-opt-proto-prop.js | 45 + ... => proto-seq-opt-prototype-proto-keys.js} | 35 +- ...s => proto-seq-opt-prototype-read-only.js} | 36 +- .../proto-seq-opt-readonly-chain.js | 65 + .../proto-seq-opt-reassign-local.js | 53 + ...opt-reflect-get-own-property-descriptor.js | 43 + .../proto-seq-opt-reflect-get.js | 42 + .../proto-seq-opt-setter-chain.js | 74 + .../opt-proto-seq/proto-seq-opt-shadow.js | 51 + .../proto-seq-opt-slow-modified.js | 51 + .../proto-seq-opt-slow-non-extensible.js | 43 + .../opt-proto-seq/proto-seq-opt-spreading.js | 45 + .../opt-proto-seq/proto-seq-opt-strict.js | 43 + .../proto-seq-opt-structured-clone.js | 46 + ...s => proto-seq-opt-variable-proxy-eval.js} | 13 +- ...oxy.js => proto-seq-opt-variable-proxy.js} | 12 +- deps/v8/test/mjsunit/optimized-typeof.js | 55 + .../private_fields/test_private_fields.js | 145 + ...k-cross-realm-callback-report-exception.js | 30 + deps/v8/test/mjsunit/queue-microtask.js | 42 + .../v8/test/mjsunit/regexp-backtrack-limit.js | 2 +- deps/v8/test/mjsunit/regexp-boyer-moore.js | 15 + deps/v8/test/mjsunit/regexp-capture-3.js | 26 +- deps/v8/test/mjsunit/regexp-capture-4.js | 17 + deps/v8/test/mjsunit/regexp-fallback.js | 2 +- .../regexp/skip-until-one-of-masked3.js | 61 + deps/v8/test/mjsunit/regress-450308355.js | 41 + deps/v8/test/mjsunit/regress-459629345.js | 26 + deps/v8/test/mjsunit/regress-463527959.js | 18 + deps/v8/test/mjsunit/regress-477993735.js | 15 + deps/v8/test/mjsunit/regress-478126027.js | 19 + deps/v8/test/mjsunit/regress-478205262.js | 17 + deps/v8/test/mjsunit/regress-480271345.js | 15 + deps/v8/test/mjsunit/regress-491935269.js | 24 + deps/v8/test/mjsunit/regress-493787228.js | 20 + deps/v8/test/mjsunit/regress-494876356.js | 20 + .../mjsunit/regress/asm/regress-490629397.js | 79 + .../mjsunit/regress/immutable-ab-regress.js | 85 + .../regress/redeclaration-error-types.js | 24 +- .../test/mjsunit/regress/regexp-489358153.js | 31 + .../test/mjsunit/regress/regress-1000635.js | 15 - .../test/mjsunit/regress/regress-1447383.js | 2 +- .../regress/regress-319722-ArrayBuffer.js | 2 +- .../regress/regress-319722-TypedArrays.js | 2 +- .../test/mjsunit/regress/regress-372298921.js | 2 +- .../test/mjsunit/regress/regress-441205658.js | 14 + .../test/mjsunit/regress/regress-447206453.js | 2 +- .../test/mjsunit/regress/regress-448997822.js | 24 + .../test/mjsunit/regress/regress-452082290.js | 15 + .../test/mjsunit/regress/regress-454568212.js | 6 + .../test/mjsunit/regress/regress-455191443.js | 41 + .../test/mjsunit/regress/regress-455515497.js | 47 + .../test/mjsunit/regress/regress-456131918.js | 15 + .../test/mjsunit/regress/regress-456307067.js | 22 + .../test/mjsunit/regress/regress-457452276.js | 7 + .../test/mjsunit/regress/regress-457475185.js | 7 + .../test/mjsunit/regress/regress-457866804.js | 20 + .../test/mjsunit/regress/regress-458609996.js | 19 + .../test/mjsunit/regress/regress-458677902.js | 14 + .../test/mjsunit/regress/regress-458790911.js | 27 + .../test/mjsunit/regress/regress-458849015.js | 39 + .../test/mjsunit/regress/regress-459129418.js | 25 + .../test/mjsunit/regress/regress-459130968.js | 30 + .../test/mjsunit/regress/regress-459310839.js | 22 + .../test/mjsunit/regress/regress-459335522.js | 43 + .../test/mjsunit/regress/regress-459526523.js | 24 + .../test/mjsunit/regress/regress-459526524.js | 41 + .../test/mjsunit/regress/regress-459629118.js | 42 + .../test/mjsunit/regress/regress-459857147.js | 13 + .../test/mjsunit/regress/regress-460180700.js | 14 + .../test/mjsunit/regress/regress-460285610.js | 19 + .../test/mjsunit/regress/regress-460300660.js | 20 + .../test/mjsunit/regress/regress-460328643.js | 10 + .../test/mjsunit/regress/regress-460946135.js | 9 + .../test/mjsunit/regress/regress-461041351.js | 15 + .../test/mjsunit/regress/regress-461203133.js | 10 + .../test/mjsunit/regress/regress-461464257.js | 10 + .../test/mjsunit/regress/regress-461531861.js | 12 + .../test/mjsunit/regress/regress-461969023.js | 10 + .../test/mjsunit/regress/regress-462477283.js | 21 + .../test/mjsunit/regress/regress-462758899.js | 30 + .../test/mjsunit/regress/regress-463124098.js | 12 + .../test/mjsunit/regress/regress-463405539.js | 14 + .../test/mjsunit/regress/regress-463593768.js | 13 + .../test/mjsunit/regress/regress-463634335.js | 19 + .../test/mjsunit/regress/regress-464210575.js | 16 + .../test/mjsunit/regress/regress-464678348.js | 25 + .../test/mjsunit/regress/regress-464961493.js | 10 + .../test/mjsunit/regress/regress-467247247.js | 17 + .../test/mjsunit/regress/regress-470137261.js | 30 + .../test/mjsunit/regress/regress-474179451.js | 25 + .../test/mjsunit/regress/regress-474401153.js | 28 + .../test/mjsunit/regress/regress-474417795.js | 10 + .../test/mjsunit/regress/regress-476509600.js | 9 + .../test/mjsunit/regress/regress-478681249.js | 23 + .../test/mjsunit/regress/regress-479872236.js | 19 + .../test/mjsunit/regress/regress-481519344.js | 21 + .../test/mjsunit/regress/regress-482199449.js | 9 + .../test/mjsunit/regress/regress-484904778.js | 15 + .../test/mjsunit/regress/regress-486655252.js | 17 + .../mjsunit/regress/regress-486945364-1.js | 32 + .../test/mjsunit/regress/regress-486945364.js | 39 + .../test/mjsunit/regress/regress-487468464.js | 15 + .../test/mjsunit/regress/regress-487857171.js | 17 + .../test/mjsunit/regress/regress-488042855.js | 19 + .../test/mjsunit/regress/regress-489356185.js | 26 + .../test/mjsunit/regress/regress-489941769.js | 16 + .../test/mjsunit/regress/regress-490446682.js | 11 + .../test/mjsunit/regress/regress-490485402.js | 32 + .../test/mjsunit/regress/regress-490515529.js | 23 + .../test/mjsunit/regress/regress-491053452.js | 18 + .../test/mjsunit/regress/regress-491461591.js | 16 + .../test/mjsunit/regress/regress-491881374.js | 70 + .../test/mjsunit/regress/regress-492014648.js | 29 + .../test/mjsunit/regress/regress-493176399.js | 23 + .../test/mjsunit/regress/regress-493269623.js | 12 + .../mjsunit/regress/regress-493591676.mjs | 5 + .../test/mjsunit/regress/regress-493787222.js | 17 + .../test/mjsunit/regress/regress-494583765.js | 7 + .../test/mjsunit/regress/regress-494690599.js | 15 + .../mjsunit/regress/regress-495503057.mjs | 5 + .../test/mjsunit/regress/regress-495503781.js | 19 + .../mjsunit/regress/regress-498089319-2.js | 28 + .../test/mjsunit/regress/regress-498089319.js | 38 + .../test/mjsunit/regress/regress-498464176.js | 17 + .../test/mjsunit/regress/regress-7558019.js | 16 + .../v8/test/mjsunit/regress/regress-786573.js | 2 +- .../regress/regress-crbug-335704358.js | 53 - .../regress/regress-crbug-488366773.js | 14 + .../regress/regress-crbug-488426618.js | 20 + .../regress/regress-crbug-489893167.js | 20 + .../regress/regress-crbug-490058830.js | 20 + .../mjsunit/regress/regress-crbug-596394.js | 2 +- .../mjsunit/regress/regress-crbug-909614.js | 8 +- .../regress/regress-temporal-zoneinfo.js | 11 + .../test/mjsunit/regress/regress-v8-12671.js | 14 +- .../regress/wasm/i32-lowering-inlining.js | 2 +- .../regress/wasm/inline-call-to-reexport.js | 3 +- .../mjsunit/regress/wasm/regress-1010272.js | 2 - .../mjsunit/regress/wasm/regress-1029642.js | 6 - .../mjsunit/regress/wasm/regress-1045225.js | 2 - .../mjsunit/regress/wasm/regress-1045737.js | 2 - .../mjsunit/regress/wasm/regress-1046472.js | 2 - .../mjsunit/regress/wasm/regress-1048241.js | 2 - .../mjsunit/regress/wasm/regress-1074586-b.js | 2 - .../mjsunit/regress/wasm/regress-1074586.js | 2 - .../mjsunit/regress/wasm/regress-1075953.js | 2 - .../mjsunit/regress/wasm/regress-1079449.js | 2 - .../mjsunit/regress/wasm/regress-10898.js | 2 - .../mjsunit/regress/wasm/regress-1125951.js | 2 +- .../mjsunit/regress/wasm/regress-1132461.js | 2 - .../mjsunit/regress/wasm/regress-1140549.js | 2 - .../mjsunit/regress/wasm/regress-1145135.js | 2 - .../mjsunit/regress/wasm/regress-1161654.js | 4 +- .../mjsunit/regress/wasm/regress-1161954.js | 2 - .../mjsunit/regress/wasm/regress-1165966.js | 2 - .../mjsunit/regress/wasm/regress-1168116.js | 2 - .../mjsunit/regress/wasm/regress-1171788.js | 2 - .../mjsunit/regress/wasm/regress-1179025.js | 2 - .../mjsunit/regress/wasm/regress-1179065.js | 2 +- .../mjsunit/regress/wasm/regress-1179182.js | 2 - .../mjsunit/regress/wasm/regress-11809.js | 3 +- .../mjsunit/regress/wasm/regress-1187831.js | 2 - .../mjsunit/regress/wasm/regress-1196837.js | 2 - .../mjsunit/regress/wasm/regress-1197393.js | 2 - .../mjsunit/regress/wasm/regress-1199662.js | 2 - .../mjsunit/regress/wasm/regress-1202736.js | 2 - .../mjsunit/regress/wasm/regress-1220855.js | 2 - .../mjsunit/regress/wasm/regress-12270.js | 2 - .../mjsunit/regress/wasm/regress-1227351.js | 2 - .../mjsunit/regress/wasm/regress-1228720.js | 2 - .../mjsunit/regress/wasm/regress-1236958.js | 2 +- .../mjsunit/regress/wasm/regress-1237024.js | 2 +- .../mjsunit/regress/wasm/regress-1239954.js | 2 +- .../mjsunit/regress/wasm/regress-1248024.js | 2 +- .../mjsunit/regress/wasm/regress-1251465.js | 2 - .../mjsunit/regress/wasm/regress-1255354.js | 3 +- .../mjsunit/regress/wasm/regress-12624.js | 2 - .../mjsunit/regress/wasm/regress-1264462.js | 2 - .../mjsunit/regress/wasm/regress-12874.js | 2 +- .../mjsunit/regress/wasm/regress-1294384.js | 2 - .../mjsunit/regress/wasm/regress-12945.js | 8 +- .../mjsunit/regress/wasm/regress-1296876.js | 2 - .../mjsunit/regress/wasm/regress-1299183.js | 2 - .../mjsunit/regress/wasm/regress-13061.js | 2 - .../mjsunit/regress/wasm/regress-1308333.js | 2 - .../mjsunit/regress/wasm/regress-1339153.js | 2 - .../mjsunit/regress/wasm/regress-13700.js | 2 - .../mjsunit/regress/wasm/regress-1374535.js | 2 +- .../mjsunit/regress/wasm/regress-1380646.js | 2 - .../mjsunit/regress/wasm/regress-13939.js | 2 - .../mjsunit/regress/wasm/regress-13946.js | 2 +- .../mjsunit/regress/wasm/regress-13956.js | 2 +- .../mjsunit/regress/wasm/regress-1408337.js | 2 - .../mjsunit/regress/wasm/regress-14113.js | 2 - .../mjsunit/regress/wasm/regress-14116.js | 2 - .../mjsunit/regress/wasm/regress-14118.js | 2 - .../mjsunit/regress/wasm/regress-14167.js | 10 +- .../mjsunit/regress/wasm/regress-14171.js | 2 - .../mjsunit/regress/wasm/regress-14270.js | 2 +- .../mjsunit/regress/wasm/regress-14356.js | 2 - .../mjsunit/regress/wasm/regress-1447367.js | 2 +- .../mjsunit/regress/wasm/regress-1458941.js | 4 +- .../mjsunit/regress/wasm/regress-14600.js | 11 +- .../mjsunit/regress/wasm/regress-14689.js | 2 - .../mjsunit/regress/wasm/regress-14700.js | 2 +- .../mjsunit/regress/wasm/regress-1478848.js | 4 +- .../mjsunit/regress/wasm/regress-1478913.js | 2 - .../mjsunit/regress/wasm/regress-1479926.js | 14 +- .../mjsunit/regress/wasm/regress-1480117.js | 2 - .../mjsunit/regress/wasm/regress-1484393.js | 2 - .../mjsunit/regress/wasm/regress-1486237.js | 4 +- .../mjsunit/regress/wasm/regress-1487077.js | 2 - .../mjsunit/regress/wasm/regress-1490847-2.js | 6 +- .../mjsunit/regress/wasm/regress-1490847.js | 2 +- .../mjsunit/regress/wasm/regress-1491415.js | 7 +- .../mjsunit/regress/wasm/regress-1492772.js | 2 - .../mjsunit/regress/wasm/regress-1497018.js | 2 - .../mjsunit/regress/wasm/regress-1502837.js | 2 - .../mjsunit/regress/wasm/regress-1507743.js | 4 +- .../mjsunit/regress/wasm/regress-1507779.js | 2 +- .../mjsunit/regress/wasm/regress-1508999.js | 2 - .../mjsunit/regress/wasm/regress-1514072.js | 2 +- .../mjsunit/regress/wasm/regress-1517219.js | 2 - .../mjsunit/regress/wasm/regress-1517243.js | 4 +- .../mjsunit/regress/wasm/regress-1519091.js | 2 - .../mjsunit/regress/wasm/regress-1520362.js | 2 +- .../mjsunit/regress/wasm/regress-1521371.js | 4 +- .../mjsunit/regress/wasm/regress-1523313.js | 2 - .../mjsunit/regress/wasm/regress-1523316.js | 4 +- .../mjsunit/regress/wasm/regress-1523407.js | 4 +- .../mjsunit/regress/wasm/regress-1523414.js | 2 +- .../mjsunit/regress/wasm/regress-324475066.js | 2 +- .../mjsunit/regress/wasm/regress-324690505.js | 4 +- .../mjsunit/regress/wasm/regress-324747822.js | 2 +- .../mjsunit/regress/wasm/regress-325756545.js | 8 +- .../mjsunit/regress/wasm/regress-326156493.js | 8 +- .../mjsunit/regress/wasm/regress-326260438.js | 4 +- .../mjsunit/regress/wasm/regress-326273468.js | 2 - .../mjsunit/regress/wasm/regress-326894018.js | 96 +- .../mjsunit/regress/wasm/regress-326904344.js | 6 +- .../mjsunit/regress/wasm/regress-327517308.js | 2 - .../mjsunit/regress/wasm/regress-327643791.js | 6 +- .../mjsunit/regress/wasm/regress-328499555.js | 9 +- .../mjsunit/regress/wasm/regress-329464129.js | 2 - .../mjsunit/regress/wasm/regress-330580823.js | 5 +- .../mjsunit/regress/wasm/regress-330767273.js | 23 +- .../mjsunit/regress/wasm/regress-333457544.js | 2 - .../mjsunit/regress/wasm/regress-336007398.js | 2 +- .../mjsunit/regress/wasm/regress-336214779.js | 5 +- .../mjsunit/regress/wasm/regress-336358915.js | 5 - .../mjsunit/regress/wasm/regress-336852356.js | 2 +- .../mjsunit/regress/wasm/regress-342602616.js | 12 +- .../mjsunit/regress/wasm/regress-343035068.js | 2 +- .../mjsunit/regress/wasm/regress-343917751.js | 2 +- .../mjsunit/regress/wasm/regress-344014332.js | 2 +- .../mjsunit/regress/wasm/regress-346197738.js | 2 +- .../mjsunit/regress/wasm/regress-346505953.js | 2 +- .../mjsunit/regress/wasm/regress-347914831.js | 3 +- .../mjsunit/regress/wasm/regress-349402547.js | 2 - .../mjsunit/regress/wasm/regress-349640002.js | 3 +- .../mjsunit/regress/wasm/regress-350779988.js | 4 +- .../regress/wasm/regress-352720899-2.js | 3 +- .../mjsunit/regress/wasm/regress-353582136.js | 2 +- .../mjsunit/regress/wasm/regress-353913485.js | 4 +- .../mjsunit/regress/wasm/regress-360044696.js | 6 +- .../mjsunit/regress/wasm/regress-360052650.js | 4 +- .../mjsunit/regress/wasm/regress-360700873.js | 2 +- .../mjsunit/regress/wasm/regress-361123483.js | 2 - .../mjsunit/regress/wasm/regress-361611472.js | 2 +- .../mjsunit/regress/wasm/regress-361717714.js | 2 - .../mjsunit/regress/wasm/regress-361862737.js | 2 +- .../mjsunit/regress/wasm/regress-363072477.js | 4 +- .../mjsunit/regress/wasm/regress-364312793.js | 5 +- .../mjsunit/regress/wasm/regress-364667545.js | 2 +- .../mjsunit/regress/wasm/regress-365376497.js | 2 - .../mjsunit/regress/wasm/regress-365802567.js | 15 +- .../mjsunit/regress/wasm/regress-368086282.js | 2 +- .../mjsunit/regress/wasm/regress-369533086.js | 2 - .../mjsunit/regress/wasm/regress-369652650.js | 3 +- .../mjsunit/regress/wasm/regress-372067240.js | 6 +- .../mjsunit/regress/wasm/regress-372261626.js | 2 +- .../mjsunit/regress/wasm/regress-373702823.js | 2 +- .../mjsunit/regress/wasm/regress-374820218.js | 22 +- .../mjsunit/regress/wasm/regress-375270509.js | 2 +- .../mjsunit/regress/wasm/regress-377620832.js | 2 +- .../mjsunit/regress/wasm/regress-379414135.js | 2 +- .../mjsunit/regress/wasm/regress-380397544.js | 4 +- .../mjsunit/regress/wasm/regress-381696874.js | 6 +- .../mjsunit/regress/wasm/regress-381917890.js | 2 +- .../mjsunit/regress/wasm/regress-382291459.js | 10 +- .../mjsunit/regress/wasm/regress-383356864.js | 4 +- .../mjsunit/regress/wasm/regress-384549252.js | 4 +- .../mjsunit/regress/wasm/regress-387055479.js | 2 +- .../mjsunit/regress/wasm/regress-390467420.js | 2 +- .../mjsunit/regress/wasm/regress-392928805.js | 2 +- .../mjsunit/regress/wasm/regress-397043084.js | 7 +- .../mjsunit/regress/wasm/regress-399497254.js | 2 +- .../mjsunit/regress/wasm/regress-400852655.js | 5 +- .../mjsunit/regress/wasm/regress-40258436.js | 5 +- .../mjsunit/regress/wasm/regress-406043349.js | 2 - .../mjsunit/regress/wasm/regress-407298298.js | 2 - .../mjsunit/regress/wasm/regress-407797300.js | 2 +- .../mjsunit/regress/wasm/regress-408254017.js | 1 - .../mjsunit/regress/wasm/regress-413963387.js | 2 +- .../mjsunit/regress/wasm/regress-433984397.js | 6 +- .../mjsunit/regress/wasm/regress-434008619.js | 9 +- .../mjsunit/regress/wasm/regress-435301441.js | 4 +- .../mjsunit/regress/wasm/regress-435315689.js | 4 +- .../mjsunit/regress/wasm/regress-436362279.js | 8 +- .../mjsunit/regress/wasm/regress-436937141.js | 2 +- .../mjsunit/regress/wasm/regress-438770394.js | 2 +- .../mjsunit/regress/wasm/regress-445870128.js | 2 +- .../mjsunit/regress/wasm/regress-446122633.js | 124 + .../mjsunit/regress/wasm/regress-446124893.js | 29 + .../mjsunit/regress/wasm/regress-447613211.js | 4 +- .../mjsunit/regress/wasm/regress-448404198.js | 2 +- .../mjsunit/regress/wasm/regress-449028728.js | 34 + .../mjsunit/regress/wasm/regress-450868409.js | 25 + .../mjsunit/regress/wasm/regress-451144692.js | 14 + .../mjsunit/regress/wasm/regress-452079540.js | 2 +- .../mjsunit/regress/wasm/regress-452541294.js | 4 +- .../mjsunit/regress/wasm/regress-454276076.js | 24 + .../mjsunit/regress/wasm/regress-454363539.js | 2 +- .../mjsunit/regress/wasm/regress-455711115.js | 29 + .../mjsunit/regress/wasm/regress-455832038.js | 30 + .../mjsunit/regress/wasm/regress-456319253.js | 45 + .../mjsunit/regress/wasm/regress-457106696.js | 19 + .../mjsunit/regress/wasm/regress-461547336.js | 55 + .../mjsunit/regress/wasm/regress-462045796.js | 20 + .../mjsunit/regress/wasm/regress-463089250.js | 15 + .../mjsunit/regress/wasm/regress-463546420.js | 22 + .../mjsunit/regress/wasm/regress-464606523.js | 17 + .../mjsunit/regress/wasm/regress-465815689.js | 32 + .../mjsunit/regress/wasm/regress-470127856.js | 116 + .../mjsunit/regress/wasm/regress-471380636.js | 86 + .../mjsunit/regress/wasm/regress-473272199.js | 58 + .../mjsunit/regress/wasm/regress-474491347.js | 44 + .../mjsunit/regress/wasm/regress-475896261.js | 28 + .../mjsunit/regress/wasm/regress-476177765.js | 38 + .../mjsunit/regress/wasm/regress-476461881.js | 21 + .../mjsunit/regress/wasm/regress-477654119.js | 67 + .../mjsunit/regress/wasm/regress-482759504.js | 22 + .../mjsunit/regress/wasm/regress-483269968.js | 42 + .../mjsunit/regress/wasm/regress-483643012.js | 13 + .../mjsunit/regress/wasm/regress-484405356.js | 22 + .../mjsunit/regress/wasm/regress-484499097.js | 15 + .../mjsunit/regress/wasm/regress-485152421.js | 21 + .../mjsunit/regress/wasm/regress-487444465.js | 17 + .../mjsunit/regress/wasm/regress-487750545.js | 16 + .../mjsunit/regress/wasm/regress-488089242.js | 45 + .../mjsunit/regress/wasm/regress-488790214.js | 59 + .../mjsunit/regress/wasm/regress-488943662.js | 26 + .../mjsunit/regress/wasm/regress-489029655.js | 11 + .../mjsunit/regress/wasm/regress-489109716.js | 67 + .../mjsunit/regress/wasm/regress-489349562.js | 60 + .../mjsunit/regress/wasm/regress-490877756.js | 35 + .../mjsunit/regress/wasm/regress-490877757.js | 35 + .../mjsunit/regress/wasm/regress-490877758.js | 28 + .../mjsunit/regress/wasm/regress-490970052.js | 9 + .../mjsunit/regress/wasm/regress-491696923.js | 90 + .../mjsunit/regress/wasm/regress-493088266.js | 24 + .../mjsunit/regress/wasm/regress-493099941.js | 78 + .../mjsunit/regress/wasm/regress-493171989.js | 34 + .../mjsunit/regress/wasm/regress-493307331.js | 8 + .../mjsunit/regress/wasm/regress-493314948.js | 50 + .../mjsunit/regress/wasm/regress-493319628.js | 36 + .../mjsunit/regress/wasm/regress-493430818.js | 40 + .../mjsunit/regress/wasm/regress-493521637.js | 18 + .../mjsunit/regress/wasm/regress-493521807.js | 75 + .../mjsunit/regress/wasm/regress-493529579.js | 32 + .../mjsunit/regress/wasm/regress-493646648.js | 18 + .../mjsunit/regress/wasm/regress-493905761.js | 52 + .../mjsunit/regress/wasm/regress-495503265.js | 19 + .../mjsunit/regress/wasm/regress-496628168.js | 14 + .../mjsunit/regress/wasm/regress-497330272.js | 25 + .../mjsunit/regress/wasm/regress-497404188.js | 92 + .../mjsunit/regress/wasm/regress-837417.js | 7 +- .../mjsunit/regress/wasm/regress-863810.js | 2 +- .../test/mjsunit/regress/wasm/regress-9017.js | 2 - .../test/mjsunit/regress/wasm/regress-9759.js | 2 +- .../regress/wasm/regress-crbug-1339321.js | 2 +- .../regress/wasm/regress-crbug-1463232.js | 14 +- .../regress/wasm/regress-crbug-1464604.js | 2 - .../regress/wasm/regress-crbug-1465386.js | 2 - .../regress/wasm/regress-crbug-1466312.js | 8 +- .../regress/wasm/regress-crbug-1491815.js | 2 - .../regress/wasm/regress-crbug-1520130.js | 2 - .../regress/wasm/regress-inlining-throw.js | 6 +- .../regress/wasm/regress-simd-391916477.js | 2 - .../regress/wasm/regress-simd-396460489.js | 2 +- .../regress/wasm/regress-simd-458024245.js | 54 + .../regress/wasm/regress-simd-467479137.js | 27 + .../regress-struct-set-into-unreachable.js | 10 +- .../mjsunit/regress/wasm/regress-v8-14710.js | 2 +- .../wasm/wasm-typer-incompatible-ref-cast.js | 6 +- ...ytecode-verifier-rejects-empty-bytecode.js | 15 + ...ecode-verifier-rejects-invalid-bytecode.js | 17 + .../sandbox/bytecode-verifier-testing-api.js | 87 + .../basic-hardware-watchpoints.js | 18 + .../hardware-watchpoints/regress-486705321.js | 9 + .../sandbox/liftoff-wasmarray-i64-indexing.js | 6 +- .../test/mjsunit/sandbox/regress-443182220.js | 40 - .../test/mjsunit/sandbox/regress-447307165.js | 39 - .../test/mjsunit/sandbox/regress-458679939.js | 22 + .../test/mjsunit/sandbox/regress-461097476.js | 27 + .../test/mjsunit/sandbox/regress-488362583.js | 60 + .../test/mjsunit/sandbox/regress-488651088.js | 28 + .../test/mjsunit/sandbox/regress-488927521.js | 75 + .../test/mjsunit/sandbox/regress-490769268.js | 40 + .../test/mjsunit/sandbox/regress-496618662.js | 33 + .../test/mjsunit/sandbox/regress-496807861.js | 24 + .../sandbox/regress/regress-379768241.js | 4 +- .../sandbox/regress/regress-392180065.js | 2 +- .../regress/regress-435630464-ccall.js | 31 - .../sandbox/regress/regress-454734141.js | 12 + .../sandbox/regress/regress-462217236.js | 96 + .../sandbox/regress/regress-469759459.js | 18 + .../sandbox/regress/regress-472139305.js | 40 + .../sandbox/regress/regress-473478130.js | 16 + deps/v8/test/mjsunit/sandbox/wasm-jspi-uaf.js | 35 + ...sync-synchronization-workers-terminated.js | 110 - .../condition-async-wait-no-await.js | 27 - .../condition-async-wait-realm-disposed.js | 99 - .../condition-async-wait-timeout.js | 30 - .../shared-memory/condition-async-wait.js | 47 - .../mutex-async-lock-promise-reject.js | 34 - .../mutex-async-lock-promise-resolve.js | 38 - .../mutex-async-lock-realm-disposed.js | 89 - .../mutex-async-lock-workers-timeout.js | 68 - .../shared-memory/mutex-async-lock-workers.js | 64 - .../mjsunit/shared-memory/mutex-async-lock.js | 32 - .../mutex-async-locked-worker-terminated.js | 52 - .../mutex-async-unlocked-worker-terminated.js | 62 - .../shared-memory/regress-488754149.js | 30 + .../shared-memory/regress-crbug-339043696.js | 30 - .../shared-memory/regress-crbug-349639796.js | 17 - .../shared-memory/regress-crbug-350641990.js | 21 - .../shared-memory/regress-crbug-366323424.js | 11 - .../shared-memory/regress-crbug-366643711.js | 39 - .../shared-memory/regress-crbug-371659887.js | 40 - .../regress/regress-468231509.js | 37 + .../regress/regress-469804007.js | 15 + .../v8/test/mjsunit/string-external-cached.js | 4 +- .../mjsunit/temporal/calendar-constructor.js | 15 - .../mjsunit/temporal/calendar-date-add.js | 95 - .../temporal/calendar-date-from-fields.js | 197 - .../mjsunit/temporal/calendar-date-until.js | 224 - .../mjsunit/temporal/calendar-day-of-week.js | 80 - .../mjsunit/temporal/calendar-day-of-year.js | 43 - deps/v8/test/mjsunit/temporal/calendar-day.js | 17 - .../temporal/calendar-days-in-month.js | 77 - .../mjsunit/temporal/calendar-days-in-week.js | 18 - .../mjsunit/temporal/calendar-days-in-year.js | 57 - .../test/mjsunit/temporal/calendar-fields.js | 58 - .../v8/test/mjsunit/temporal/calendar-from.js | 21 - .../mjsunit/temporal/calendar-in-leap-year.js | 57 - .../mjsunit/temporal/calendar-merge-fields.js | 58 - .../mjsunit/temporal/calendar-month-code.js | 19 - .../calendar-month-day-from-fields.js | 187 - .../test/mjsunit/temporal/calendar-month.js | 18 - .../temporal/calendar-months-in-year.js | 22 - .../mjsunit/temporal/calendar-week-of-year.js | 68 - .../calendar-year-month-from-fields.js | 130 - .../v8/test/mjsunit/temporal/calendar-year.js | 18 - .../temporal/date-totemporalinstant.js | 9 - deps/v8/test/mjsunit/temporal/duration-abs.js | 22 - deps/v8/test/mjsunit/temporal/duration-add.js | 50 - .../mjsunit/temporal/duration-constructor.js | 81 - .../v8/test/mjsunit/temporal/duration-from.js | 205 - .../test/mjsunit/temporal/duration-negated.js | 28 - .../duration-to-json-boundary-cases.js | 126 - .../test/mjsunit/temporal/duration-to-json.js | 184 - .../test/mjsunit/temporal/duration-valueOf.js | 7 - .../v8/test/mjsunit/temporal/duration-with.js | 82 - .../temporal/function-exist-no-intl.js | 329 - .../test/mjsunit/temporal/function-exist.js | 339 - deps/v8/test/mjsunit/temporal/instant-add.js | 48 - .../test/mjsunit/temporal/instant-compare.js | 21 - .../mjsunit/temporal/instant-constructor.js | 43 - .../test/mjsunit/temporal/instant-equals.js | 17 - .../instant-from-epoch-microseconds.js | 28 - .../instant-from-epoch-milliseconds.js | 32 - .../instant-from-epoch-nanoseconds.js | 27 - .../temporal/instant-from-epoch-seconds.js | 30 - .../test/mjsunit/temporal/instant-subtract.js | 54 - .../test/mjsunit/temporal/instant-to-json.js | 45 - .../test/mjsunit/temporal/instant-toJSON.js | 52 - .../test/mjsunit/temporal/instant-valueOf.js | 7 - .../test/mjsunit/temporal/plain-date-add.js | 25 - .../mjsunit/temporal/plain-date-compare.js | 30 - .../temporal/plain-date-constructor.js | 82 - .../mjsunit/temporal/plain-date-equals.js | 15 - .../test/mjsunit/temporal/plain-date-from.js | 51 - .../temporal/plain-date-get-calendar.js | 8 - .../mjsunit/temporal/plain-date-get-day.js | 9 - .../temporal/plain-date-get-dayOfWeek.js | 9 - .../temporal/plain-date-get-dayOfYear.js | 9 - .../temporal/plain-date-get-daysInMonth.js | 9 - .../temporal/plain-date-get-daysInWeek.js | 9 - .../temporal/plain-date-get-daysInYear.js | 9 - .../mjsunit/temporal/plain-date-get-era.js | 10 - .../temporal/plain-date-get-eraYear.js | 9 - .../temporal/plain-date-get-inLeapYear.js | 10 - .../temporal/plain-date-get-iso-fields.js | 21 - .../mjsunit/temporal/plain-date-get-month.js | 9 - .../temporal/plain-date-get-monthCode.js | 9 - .../temporal/plain-date-get-monthsInYear.js | 9 - .../temporal/plain-date-get-weekOfYear.js | 9 - .../mjsunit/temporal/plain-date-get-year.js | 9 - .../mjsunit/temporal/plain-date-time-add.js | 68 - .../temporal/plain-date-time-compare.js | 34 - .../temporal/plain-date-time-constructor.js | 154 - .../temporal/plain-date-time-equals.js | 18 - .../mjsunit/temporal/plain-date-time-from.js | 101 - .../temporal/plain-date-time-get-calendar.js | 9 - .../temporal/plain-date-time-get-day.js | 9 - .../temporal/plain-date-time-get-dayOfWeek.js | 9 - .../temporal/plain-date-time-get-dayOfYear.js | 9 - .../plain-date-time-get-daysInMonth.js | 9 - .../plain-date-time-get-daysInWeek.js | 9 - .../plain-date-time-get-daysInYear.js | 9 - .../temporal/plain-date-time-get-era.js | 10 - .../temporal/plain-date-time-get-eraYear.js | 9 - .../temporal/plain-date-time-get-hour.js | 9 - .../plain-date-time-get-inLeapYear.js | 10 - .../plain-date-time-get-iso-fields.js | 50 - .../plain-date-time-get-microsecond.js | 9 - .../plain-date-time-get-millisecond.js | 9 - .../temporal/plain-date-time-get-minute.js | 9 - .../temporal/plain-date-time-get-month.js | 9 - .../temporal/plain-date-time-get-monthCode.js | 9 - .../plain-date-time-get-monthsInYear.js | 9 - .../plain-date-time-get-nanosecond.js | 9 - .../temporal/plain-date-time-get-second.js | 9 - .../plain-date-time-get-weekOfYear.js | 9 - .../temporal/plain-date-time-get-year.js | 9 - .../temporal/plain-date-time-subtract.js | 68 - .../temporal/plain-date-time-to-json.js | 94 - .../temporal/plain-date-time-to-plain-date.js | 12 - .../plain-date-time-to-plain-month-day.js | 12 - .../temporal/plain-date-time-to-plain-time.js | 12 - .../plain-date-time-to-plain-year-month.js | 12 - .../temporal/plain-date-time-valueOf.js | 7 - .../temporal/plain-date-time-with-calendar.js | 32 - .../plain-date-time-with-plain-date.js | 40 - .../plain-date-time-with-plain-time.js | 44 - .../mjsunit/temporal/plain-date-time-with.js | 54 - .../mjsunit/temporal/plain-date-to-json.js | 18 - .../temporal/plain-date-to-plain-date-time.js | 44 - .../temporal/plain-date-to-plain-month-day.js | 12 - .../plain-date-to-plain-year-month.js | 12 - .../mjsunit/temporal/plain-date-valueOf.js | 7 - .../temporal/plain-date-with-calendar.js | 32 - .../test/mjsunit/temporal/plain-date-with.js | 59 - .../test/mjsunit/temporal/temporal-helpers.js | 107 - .../mjsunit/temporal/time-zone-constructor.js | 12 - deps/v8/test/mjsunit/testcfg.py | 27 +- .../mjsunit/tools/foozzie_arch_specific.js | 3 + ...CalledIfHole-folding-in-outer-try-catch.js | 84 + ...perNotCalledIfHole-folding-in-try-catch.js | 85 + .../Uint8Clamped-typed-array.js | 0 .../add-double-property.js | 0 .../api-call-no-prof.js | 0 .../api-call-prof.js | 0 .../array-buffer-detached.js | 5 +- ...uffer-length-detached-protector-invalid.js | 36 + .../array-destruct.js | 0 .../array-double-load.js | 0 .../array-foreach.js | 0 .../array-holey-double-load.js | 0 .../array-load-hole.js | 0 .../array-oob-load.js | 0 ...ototype-map-array-constructor-protector.js | 0 ...array-prototype-map-elements-kinds-dict.js | 0 .../array-prototype-map-elements-kinds.js | 0 .../array-push-grow.js | 0 .../turbolev/array-push-multi-double.js | 28 + .../mjsunit/turbolev/array-push-multi-poly.js | 39 + .../mjsunit/turbolev/array-push-multi-smi.js | 28 + .../array-push-pop.js | 0 .../array-smi-load.js | 0 .../array-transitions.js | 0 .../turbolev/async-function-inline-1.js | 28 + .../turbolev/async-function-inline-2.js | 33 + .../turbolev/async-function-inline-3.js | 37 + .../bigint-checknumber-no-deopt-loop.js | 17 + .../bitwise-smi.js | 0 .../branch-on-math.js | 0 .../builtin-continuation-deopt.js | 0 .../call-spread-and-args.js | 0 .../call-spread.js | 0 .../catch-and-return.js | 0 .../catch-multiple.js | 0 .../maglev-frontend => turbolev}/catch.js | 0 .../maglev-frontend => turbolev}/char-at.js | 0 .../char-code-at-uint32max-deopt.js | 0 .../check-float64-is-nan.js | 0 .../mjsunit/turbolev/check-intptr-is-smi.js | 19 + .../check-value-equals-f64.js | 0 .../const-tracking-let.js | 0 .../construct-array-feedback.js | 0 .../construct-with-spread.js | 0 .../constructor-extend-null-throw.js | 0 .../constructor-super-called-twice.js | 0 .../constructor-super-not-called.js | 0 .../constructors.js | 0 .../convert-receiver.js | 0 .../create-array-lit.js | 0 .../create-closure.js | 0 .../create-object-lit.js | 0 .../create-regexp-lit.js | 0 .../create-shallow-array-literal.js | 0 .../create-shallow-literal.js | 0 .../dataview-getbytelength-not-dataview.js | 29 + .../dataview-getbytelength-undefined.js | 26 + .../turbolev/dataview-getbytelength.js | 20 + .../dataview-load-not-stale-float64.js | 40 + .../turbolev/dataview-load-not-stale-int32.js | 40 + .../maglev-frontend => turbolev}/dataview.js | 0 .../delete-property-sloppy.js | 0 .../delete-property-strict.js | 0 .../dematerialized-arguments-length.js | 0 .../dematerialized-arguments.js | 0 .../dematerialized-double-array.js | 0 .../dematerialized-double-array2.js | 0 .../dematerialized-duplicated-recursive.js | 0 .../dematerialized-duplicated.js | 0 .../dematerialized-heap-number.js | 0 ...terialized-identical-heap-number-fields.js | 0 .../dematerialized-multi-escape.js | 0 .../dematerialized-nested-objects.js | 0 .../dematerialized-regexp.js | 0 .../dematerialized-rest-length.js | 0 .../dematerialized-rest.js | 0 .../dematerialized-simple-object.js | 0 .../deopt-raw-float-int32.js | 0 .../maglev-frontend => turbolev}/eval.js | 0 .../exception-phis-retagging.js | 0 .../extend-property-backing-store-1.js | 0 .../extend-property-backing-store-2.js | 0 .../maglev-frontend => turbolev}/fact.js | 0 .../float-arith.js | 0 .../float64-compare.js | 0 .../float64-phi-osr.js | 0 .../float64-to-bool-branch.js | 0 .../float64-to-bool.js | 0 .../for-in-arr.js | 0 .../for-in-obj.js | 0 .../for-in-this.js | 0 .../function-apply-arguments.js | 0 .../function-apply.js | 0 .../function-call-generic.js | 0 .../generator-async-await-loop.js | 0 .../generator-async.js | 0 .../generator-if.js | 0 .../generator-infinite-loop.js | 0 .../generator-loop-if.js | 0 .../mjsunit/turbolev/generator-loop-inline.js | 25 + .../generator-loop-multi-if.js | 0 .../generator-loop-no-forward-edge.js | 0 .../generator-loop-untagged-phis.js | 0 .../generator-loop.js | 0 .../generator-nested-loops.js | 0 .../generator-return-finally-loop.js | 0 .../generator-return-finally.js | 0 .../generator-return.js | 0 .../generator-straight-line.js | 0 .../generator-throw-loop-2-yields.js | 0 .../generator-throw-loop.js | 0 .../generator-throw-nested-loop.js | 0 .../generator-throw.js | 0 .../generator-yield-star-loop-1.js | 0 .../generator-yield-star-loop-2.js | 0 .../generator-yield-star.js | 0 .../generic-binop-exception.js | 0 .../generic-binops-unops.js | 0 .../get-template-object.js | 0 .../has-in-prototype-chain-wasm.js | 0 .../has-in-prototype-chain.js | 0 .../holey-array-load.js | 0 .../holey-float64-deopt.js | 0 .../holey-float64-phi-deopt.js | 0 .../holey-float64-phi-to-smi.js | 0 .../ieee754-unary.js | 0 .../inlined-function-loop.js | 0 .../turbolev/inlined-generator-basic.js | 18 + .../turbolev/inlined-generator-loop.js | 20 + .../turbolev/inlined-generator-next.js | 24 + .../inner-function.js | 0 .../instanceof.js | 0 .../int32-compare.js | 0 .../javascript-builtin-continuation.js | 0 .../js-call-lazy-deopt.js | 0 .../js-call-on-receiver.js | 0 .../js-fun-call.js | 0 .../lazy-deopt-multi-return.js | 0 .../literal-nan-hole-deopt.js | 0 .../load-arr-with-float64-index.js | 0 .../load-const-string-key.js | 0 .../turbolev/load-constant-holey-array.js | 17 + .../load-elimination-backing-store-alias.js | 38 + .../load-field.js | 0 .../load-global-inside-typeof.js | 0 .../load-global.js | 0 .../load-holey-double-arr-for-branch.js | 0 .../load-holey-double-arr-for-return.js | 0 .../load-named-from-super.js | 0 .../load-named-generic.js | 0 .../load-named-on-num.js | 0 .../loop-multiple-forward-edges-no-phi.js | 0 .../loop-multiple-forward-edges.js | 0 .../maglev-frontend => turbolev}/loop.js | 0 .../mjsunit/turbolev/maglev-assert-types.js | 20 + .../make-array-init-size.js | 0 .../make-array-no-init-size.js | 0 .../make-fast-arr.js | 0 .../make_objects.js | 0 .../map-migration.js | 0 .../math-atan2.js | 0 .../maglev-frontend => turbolev}/math-pow.js | 0 .../math-round.js | 0 .../maglev-frontend => turbolev}/math-sqrt.js | 0 .../megamorphic-load.js | 0 .../mutable-heap-number-field.js | 0 .../nested-loop-osr-throw.js | 0 .../maglev-frontend => turbolev}/new-array.js | 0 .../new-derived.js | 0 .../new-obj-deopt.js | 0 .../maglev-frontend => turbolev}/new-obj.js | 0 .../new_obj_arr_proto.js | 0 .../new_obj_int_property.js | 0 .../no-backedge-loop.js | 0 .../not-initialized-let-in-switch.js | 3 + .../number-float-truncate.js | 0 .../test/mjsunit/turbolev/number-to-hf64.js | 27 + .../number-to-string.js | 0 .../maglev-frontend => turbolev}/osr.js | 0 .../over-under-application-inline.js | 0 .../over-under-application-not-inline.js | 0 .../phi-untagging-conversions-truncation.js | 31 + .../poly-store-transition.js | 0 .../maglev-frontend => turbolev}/raw-abs.js | 0 .../regress-351177452.js | 0 .../regress-351219206.js | 0 .../regress-351283984.js | 0 .../regress-351418008.js | 0 .../mjsunit/turbolev/regress-351418019.js | 94 + .../regress-351576252.js | 0 .../regress-354145409-1.js | 0 .../regress-354145409-2.js | 0 .../regress-355016861.js | 0 .../regress-356194021.js | 0 .../regress-356436621.js | 0 .../regress-356649152.js | 0 .../regress-356720579.js | 0 .../regress-356901359.js | 0 .../regress-356913279.js | 0 .../regress-356913284-1.js | 0 .../regress-356913284-2.js | 0 .../regress-358461173-1.js | 0 .../regress-358461173-2.js | 0 .../regress-358957666.js | 0 .../regress-359266991.js | 0 .../regress-360207713.js | 0 .../regress-361124378.js | 0 .../regress-368725681.js | 0 .../regress-372754523.js | 0 .../regress-373025979.js | 0 .../regress-379207983.js | 0 .../regress-379776583.js | 0 .../regress-385657142.js | 0 .../regress-406054652.js | 0 .../mjsunit/turbolev/regress-453772795.js | 28 + .../mjsunit/turbolev/regress-454314508.js | 43 + .../mjsunit/turbolev/regress-456370968.js | 19 + .../mjsunit/turbolev/regress-457490096.js | 29 + .../mjsunit/turbolev/regress-462853804.js | 23 + .../mjsunit/turbolev/regress-464196074.js | 20 + .../mjsunit/turbolev/regress-464504276.js | 13 + .../mjsunit/turbolev/regress-465696601.js | 19 + .../mjsunit/turbolev/regress-466333912.js | 22 + .../mjsunit/turbolev/regress-468909596.js | 30 + .../mjsunit/turbolev/regress-469831362.js | 19 + .../mjsunit/turbolev/regress-470668818.js | 17 + .../mjsunit/turbolev/regress-475276561.js | 15 + .../mjsunit/turbolev/regress-475583927.js | 15 + .../mjsunit/turbolev/regress-476507590.js | 33 + .../mjsunit/turbolev/regress-477658238.js | 15 + .../mjsunit/turbolev/regress-478009695.js | 18 + .../mjsunit/turbolev/regress-478035107.js | 26 + .../mjsunit/turbolev/regress-478126029.js | 16 + .../mjsunit/turbolev/regress-478252842.js | 23 + .../mjsunit/turbolev/regress-479549166.js | 22 + .../mjsunit/turbolev/regress-479881588.js | 15 + .../mjsunit/turbolev/regress-482084211.js | 20 + .../mjsunit/turbolev/regress-484527367.js | 28 + .../mjsunit/turbolev/regress-485478594.js | 20 + .../mjsunit/turbolev/regress-485535276.js | 26 + .../mjsunit/turbolev/regress-487646536.js | 26 + .../mjsunit/turbolev/regress-488090094.js | 23 + .../mjsunit/turbolev/regress-488790215.js | 27 + .../mjsunit/turbolev/regress-489193276.js | 18 + .../mjsunit/turbolev/regress-489689984.js | 21 + .../mjsunit/turbolev/regress-490450922-1.js | 20 + .../mjsunit/turbolev/regress-490450922-2.js | 31 + .../mjsunit/turbolev/regress-490450922-3.js | 35 + .../mjsunit/turbolev/regress-491466705.js | 93 + .../mjsunit/turbolev/regress-492046462.js | 17 + .../mjsunit/turbolev/regress-493319584.js | 32 + .../mjsunit/turbolev/regress-494058284.js | 89 + .../rest-param-length.js | 0 .../script-context-smi-generator.js | 0 .../set-get-keyed-generic.js | 0 .../set-named-generic.js | 0 .../set-prototype-has.js | 0 .../shift_left.js | 0 .../test/mjsunit/turbolev/single-input-phi.js | 29 + .../maglev-frontend => turbolev}/smi-arith.js | 0 .../stack-overflow.js | 0 .../mjsunit/turbolev/static-assert-fail.js | 21 + .../mjsunit/turbolev/static-assert-simple.js | 19 + .../store-field.js | 0 .../store-float-to-smi-field.js | 0 .../store-global.js | 0 .../store-jsarray.js | 0 .../store-uint32-to-smi-field.js | 0 .../string-cmp.js | 0 .../string-concat-throw.js | 0 .../string-concat.js | 0 .../string-from-charcode.js | 0 .../maglev-frontend => turbolev}/string-lt.js | 0 .../string-or-oddball-compare.js | 0 deps/v8/test/mjsunit/turbolev/string-slice.js | 160 + .../string-to-boolean.js | 0 .../super-try-catch-derived-constructor.js | 17 + .../maglev-frontend => turbolev}/switch.js | 0 .../maglev-frontend => turbolev}/symbol-eq.js | 0 .../tagged-equal.js | 0 .../test-undetectable.js | 0 .../maglev-frontend => turbolev}/throw.js | 0 .../to-boolean.js | 0 .../maglev-frontend => turbolev}/to-name.js | 0 .../to-number-int32-phi.js | 0 .../maglev-frontend => turbolev}/to-number.js | 0 .../maglev-frontend => turbolev}/to-string.js | 0 .../typed-array-length-all-kinds.js | 0 .../typed-array-length-as-number-large.js | 4 + .../typed-array-length-as-number.js | 4 + ...-array-length-branch-if-to-boolean-true.js | 4 + .../typed-array-length-deopt-large.js | 4 + .../typed-array-length-deopt.js | 0 .../typed-array-length-exception-phi.js | 4 + ...ped-array-length-index-into-array-large.js | 4 + .../typed-array-length-index-into-array.js | 4 + ...ray-length-index-into-typed-array-large.js | 38 + ...ped-array-length-index-into-typed-array.js | 14 +- .../typed-array-length-iteration-large.js | 4 + .../typed-array-length-iteration.js | 4 + .../typed-array-length-phi.js | 0 .../typed-array-length-rab-gsab.js | 0 ...ed-array-length-store-into-global-large.js | 4 + .../typed-array-length-store-into-global.js | 4 + ...array-length-store-script-context-large.js | 4 + ...typed-array-length-store-script-context.js | 4 + .../typed-array-length-to-boolean.js | 4 + .../typed-array-length-to-number-large.js | 4 + .../typed-array-length-to-number.js | 4 + .../typed-arrays.js | 0 .../typeof-self.js | 0 .../uint32-conv.js | 0 .../uint8-clamped-arr-deopt.js | 0 .../unary_minus_smi_minus_0.js | 0 .../unconditional-deopt.js | 0 .../under-applied-builtin-call.js | 0 .../turbolev/unreachable-catch-handler.js | 54 + .../unreachable-catch.js | 0 .../write-const-glob.js | 0 .../maglev-frontend/regress-351418019.js | 148 - ...ray-length-index-into-typed-array-large.js | 32 - .../mjsunit/turboshaft/regress-456779480.js | 18 + .../mjsunit/turboshaft/regress-475299908.js | 15 + .../typedarray-with-resizable-buffer.js | 119 + .../mjsunit/wasm/array-bulk-operations.js | 20 +- .../test/mjsunit/wasm/array-copy-benchmark.js | 8 +- .../v8/test/mjsunit/wasm/array-copy-errors.js | 2 +- deps/v8/test/mjsunit/wasm/array-fill-gc.js | 2 +- .../mjsunit/wasm/array-init-from-segment.js | 16 +- deps/v8/test/mjsunit/wasm/bigint-opt.js | 2 +- .../mjsunit/wasm/call-indirect-null-check.js | 25 + deps/v8/test/mjsunit/wasm/call-ref.js | 6 +- deps/v8/test/mjsunit/wasm/call_indirect.js | 2 +- deps/v8/test/mjsunit/wasm/compact-imports.js | 168 + .../wasm/compiled-module-serialization.js | 49 + deps/v8/test/mjsunit/wasm/cont-bind.js | 305 + .../mjsunit/wasm/custom-descriptors-casts.js | 16 +- .../wasm/custom-descriptors-imports.js | 48 + .../wasm/custom-descriptors-inlining.js | 17 +- .../wasm/custom-descriptors-interop.js | 117 +- .../mjsunit/wasm/custom-descriptors-oom.js | 85 + .../wasm/custom-descriptors-proxies.js | 2 +- .../test/mjsunit/wasm/custom-descriptors.js | 140 +- .../test/mjsunit/wasm/debug-trace-minimal.js | 39 + .../wasm/deopt/deopt-many-params-tagged.js | 4 +- .../mjsunit/wasm/deopt/deopt-many-results.js | 2 +- .../deopt/deopt-untagged-parameters-s128.js | 2 +- .../wasm/deopt/deopt-untagged-parameters.js | 3 +- deps/v8/test/mjsunit/wasm/exact-types.js | 15 +- deps/v8/test/mjsunit/wasm/exceptions-api.js | 10 + deps/v8/test/mjsunit/wasm/exceptions-gc.js | 4 +- deps/v8/test/mjsunit/wasm/exnref-api.js | 4 +- deps/v8/test/mjsunit/wasm/exnref-global.js | 2 - deps/v8/test/mjsunit/wasm/exnref-rethrow.js | 4 +- deps/v8/test/mjsunit/wasm/exnref.js | 2 +- deps/v8/test/mjsunit/wasm/gc-casts-exnref.js | 2 +- .../v8/test/mjsunit/wasm/gc-casts-from-any.js | 7 +- deps/v8/test/mjsunit/wasm/gc-casts-invalid.js | 15 +- .../v8/test/mjsunit/wasm/gc-casts-subtypes.js | 13 +- .../mjsunit/wasm/gc-js-interop-helpers.js | 2 +- .../mjsunit/wasm/gc-js-interop-objects.js | 4 +- deps/v8/test/mjsunit/wasm/gc-js-interop.js | 9 +- deps/v8/test/mjsunit/wasm/gc-nominal.js | 9 +- deps/v8/test/mjsunit/wasm/gc-null-traps.js | 4 +- .../mjsunit/wasm/gc-optimization-array-get.js | 5 +- deps/v8/test/mjsunit/wasm/gc-optimizations.js | 58 +- deps/v8/test/mjsunit/wasm/gc-ref-eq.js | 2 +- .../test/mjsunit/wasm/gc-typecheck-reducer.js | 2 - .../wasm/grow-huge-memory-resizable-buffer.js | 3 +- .../grow-memory-detaching-resizable-buffer.js | 2 - .../grow-memory-in-branch-resizable-buffer.js | 2 +- .../grow-memory-in-call-resizable-buffer.js | 2 +- .../grow-memory-in-loop-resizable-buffer.js | 2 +- .../wasm/grow-memory-resizable-buffer.js | 2 +- deps/v8/test/mjsunit/wasm/grow-memory.js | 21 + .../grow-shared-memory-resizable-buffer.js | 59 +- .../test/mjsunit/wasm/grow-shared-memory.js | 48 + deps/v8/test/mjsunit/wasm/growable-stacks.js | 2 +- deps/v8/test/mjsunit/wasm/half-shuffles.js | 34 +- .../mjsunit/wasm/imported-strings-invalid.js | 26 +- .../mjsunit/wasm/imported-strings-utf8.js | 6 +- deps/v8/test/mjsunit/wasm/imported-strings.js | 2 +- .../wasm/indirect-call-non-zero-table.js | 4 +- deps/v8/test/mjsunit/wasm/indirect-calls.js | 4 +- deps/v8/test/mjsunit/wasm/indirect-tables.js | 11 +- .../v8/test/mjsunit/wasm/interleaved-loads.js | 1 - .../mjsunit/wasm/js-wrapper-typechecks.js | 2 - deps/v8/test/mjsunit/wasm/jspi-export.js | 1 - deps/v8/test/mjsunit/wasm/jspi-no-stress.js | 5 +- deps/v8/test/mjsunit/wasm/jspi-notraps.js | 2 - deps/v8/test/mjsunit/wasm/liftoff-debug.js | 2 +- deps/v8/test/mjsunit/wasm/load-immutable.js | 4 +- deps/v8/test/mjsunit/wasm/load-shift32.js | 77 + .../wasm/log-wasm-to-js-wrapper-callref.js | 29 +- .../wasm/log-wasm-to-js-wrapper-indirect.js | 29 +- deps/v8/test/mjsunit/wasm/loop-rotation.js | 2 +- deps/v8/test/mjsunit/wasm/loop-unrolling.js | 1 - deps/v8/test/mjsunit/wasm/many-modules.js | 2 + .../test/mjsunit/wasm/memory-copy-inline.js | 2 - ...ble-buffer-array-concat-dictionary-mode.js | 1 - .../memory-resizable-buffer-array-concat.js | 1 - .../memory-resizable-buffer-array-filter.js | 1 - ...esizable-buffer-array-flat-flatmap-from.js | 1 - ...izable-buffer-array-flat-grows-detaches.js | 1 - ...ble-buffer-array-flatmap-grows-detaches.js | 1 - ...y-resizable-buffer-array-foreach-reduce.js | 1 - ...izable-buffer-array-from-grows-detaches.js | 1 - ...memory-resizable-buffer-array-pop-shift.js | 1 - ...izable-buffer-array-push-unshift-splice.js | 1 - .../memory-resizable-buffer-array-slice.js | 1 - .../wasm/memory-resizable-buffer-errors.js | 2 - .../memory-toresizable-max-byte-length.js | 2 - .../wasm/memory-toresizable-tofixedlength.js | 1 - deps/v8/test/mjsunit/wasm/memory64.js | 29 + deps/v8/test/mjsunit/wasm/mixed-eh-invalid.js | 2 - .../mjsunit/wasm/prototype-setup-builder.js | 6 +- deps/v8/test/mjsunit/wasm/quarter-shuffles.js | 268 + .../v8/test/mjsunit/wasm/recognize-imports.js | 2 +- .../mjsunit/wasm/redundant-shuffle-lanes.js | 451 ++ .../mjsunit/wasm/reference-globals-import.js | 28 +- .../v8/test/mjsunit/wasm/reference-globals.js | 12 +- .../wasm/reference-table-js-interop.js | 6 +- deps/v8/test/mjsunit/wasm/reference-tables.js | 22 +- .../v8/test/mjsunit/wasm/regress-367818758.js | 2 +- .../v8/test/mjsunit/wasm/regress-450652935.js | 3 +- .../v8/test/mjsunit/wasm/regress-455605199.js | 22 + .../v8/test/mjsunit/wasm/regress-462100921.js | 38 + .../v8/test/mjsunit/wasm/regress-467205576.js | 30 + .../v8/test/mjsunit/wasm/regress-467863659.js | 28 + .../v8/test/mjsunit/wasm/regress-471363817.js | 73 + .../v8/test/mjsunit/wasm/regress-474141354.js | 49 + .../v8/test/mjsunit/wasm/regress-488803413.js | 76 + .../v8/test/mjsunit/wasm/regress-496645739.js | 58 + .../v8/test/mjsunit/wasm/regress-497667917.js | 44 + deps/v8/test/mjsunit/wasm/resume-throw.js | 243 + .../acq-rel-load-and-store.js | 152 + .../acq-rel-rmw-operations.js | 246 + .../array-atomic-rmw-load-elimination.js | 2 +- .../wasm/shared-everything/array-new-elem.js | 44 + .../shared-everything/atomic-instructions.js | 27 +- .../mjsunit/wasm/shared-everything/basic.js | 36 +- .../gc-casts-shared-to-unshared.js | 6 +- .../gc-casts-subtypes-shared.js | 16 +- .../wasm/shared-everything/post-message.js | 30 +- .../shared-extended-instructions.js | 6 +- .../shared-type-with-unshared-elem.js | 6 +- .../wasm/shared-everything/spin-lock.js | 8 +- .../shared-everything/string-builtins-utf8.js | 389 ++ .../wasm/shared-everything/string-builtins.js | 564 ++ .../mjsunit/wasm/shared-everything/strings.js | 92 + .../wasm/shared-everything/wait-queue.js | 245 + .../shared-everything/wrapper-type-checks.js | 9 +- ...ed-memory-resizable-buffer-array-concat.js | 1 - ...esizable-buffer-array-flat-flatmap-from.js | 1 - ...emory-resizable-buffer-array-flat-grows.js | 1 - ...ry-resizable-buffer-array-flatmap-grows.js | 1 - ...emory-resizable-buffer-array-from-grows.js | 1 - ...memory-resizable-buffer-array-pop-shift.js | 1 - ...izable-buffer-array-push-unshift-splice.js | 1 - ...red-memory-resizable-buffer-array-slice.js | 1 - .../shared-memory-resizable-buffer-errors.js | 2 - deps/v8/test/mjsunit/wasm/shuffles.js | 2 - deps/v8/test/mjsunit/wasm/simd-dot-i8.js | 128 + .../test/mjsunit/wasm/simd-extract-replace.js | 169 + .../test/mjsunit/wasm/simd-load-replaces.js | 92 + deps/v8/test/mjsunit/wasm/simd-reduce.js | 41 + .../mjsunit/wasm/simd-replace-lane-zero.js | 141 + .../v8/test/mjsunit/wasm/simd-rot64-no-xor.js | 96 + deps/v8/test/mjsunit/wasm/simd-s128-orn.js | 42 + deps/v8/test/mjsunit/wasm/simd-usaddl.js | 214 + deps/v8/test/mjsunit/wasm/simd-usaddw.js | 227 + deps/v8/test/mjsunit/wasm/simd-ussubl.js | 220 + deps/v8/test/mjsunit/wasm/simd-ussubw.js | 202 + deps/v8/test/mjsunit/wasm/simd-xor-rot64.js | 98 + .../wasm/stack-switching-no-cont-leak.js | 83 + .../mjsunit/wasm/stack-switching-params.js | 295 + .../wasm/stack-switching-switch-loop.js | 83 + .../mjsunit/wasm/stack-switching-switch.js | 208 + deps/v8/test/mjsunit/wasm/stack-switching.js | 95 +- .../mjsunit/wasm/stringref-array-nonetype.js | 2 +- .../mjsunit/wasm/stringref-instance-type.js | 2 +- .../test/mjsunit/wasm/stringref-memory64.js | 2 +- .../test/mjsunit/wasm/stringrefs-exec-gc.js | 12 +- deps/v8/test/mjsunit/wasm/stringrefs-exec.js | 2 +- .../test/mjsunit/wasm/stringrefs-invalid.js | 2 +- deps/v8/test/mjsunit/wasm/stringrefs-js.js | 2 +- .../mjsunit/wasm/stringrefs-regressions.js | 9 +- deps/v8/test/mjsunit/wasm/stringrefs-valid.js | 16 +- .../mjsunit/wasm/stringview-valuestack.js | 2 +- .../v8/test/mjsunit/wasm/subtyping-invalid.js | 122 +- deps/v8/test/mjsunit/wasm/table-fill.js | 2 +- .../test/mjsunit/wasm/table-grow-from-wasm.js | 4 +- .../v8/test/mjsunit/wasm/table-numeric-ops.js | 38 +- .../test/mjsunit/wasm/table64-callindirect.js | 4 +- .../wasm/turboshaft/array-new-unreachable.js | 6 +- deps/v8/test/mjsunit/wasm/turboshaft/basic.js | 3 +- .../wasm/turboshaft/br-table-analysis.js | 3 +- .../wasm/turboshaft/instruction-selection.js | 6 +- .../mjsunit/wasm/turboshaft/int64-lowering.js | 3 +- .../turboshaft/load-elimination-revisits.js | 4 +- .../wasm/turboshaft/reduction-shuffle.js | 3 +- .../wasm/turboshaft/regress-crbug-1513580.js | 2 - .../turboshaft/regress-crbug-420998402.js | 2 - .../mjsunit/wasm/type-based-optimizations.js | 28 +- .../mjsunit/wasm/type-reflection-exnref.js | 2 +- .../wasm/type-reflection-with-externref.js | 2 +- deps/v8/test/mjsunit/wasm/type-reflection.js | 2 +- .../test/mjsunit/wasm/wasm-code-coverage.js | 4 +- .../wasm/wasm-gc-externalize-internalize.js | 2 +- .../wasm/wasm-gc-inlining-load-elimination.js | 2 +- .../mjsunit/wasm/wasm-gc-inlining-nested.js | 2 +- deps/v8/test/mjsunit/wasm/wasm-gc-inlining.js | 10 +- .../test/mjsunit/wasm/wasm-gc-js-roundtrip.js | 2 +- .../wasm/wasm-inlining-catch-unreachable.js | 5 +- .../mjsunit/wasm/wasm-interpreter-memory64.js | 2 +- deps/v8/test/mjsunit/wasm/wasm-interpreter.js | 204 +- .../test/mjsunit/wasm/wasm-module-builder.js | 509 +- .../mjsunit/wasm/wasmfx-load-elimination.js | 57 + deps/v8/test/mjsunit/wasm/wide-arithmetic.js | 150 + .../wasm/wrapper-inlining-lazy-deopt.js | 2 +- deps/v8/test/mkgrokdump/mkgrokdump.cc | 6 +- .../built-ins/RegExp/escape/surrogate-pair.js | 9 - .../local-tests/test/staging/features.txt | 37 +- deps/v8/test/test262/test262.status | 564 +- deps/v8/test/test262/testcfg.py | 9 +- deps/v8/test/unittests/BUILD.gn | 127 +- .../test/unittests/api/api-wasm-unittest.cc | 170 +- .../unittests/api/deserialize-unittest.cc | 42 +- .../api/dictionary-template-unittest.cc | 8 +- .../unittests/api/interceptor-unittest.cc | 48 +- .../v8/test/unittests/api/isolate-unittest.cc | 96 + .../api/resource-constraints-unittest.cc | 9 +- .../test/unittests/api/v8-object-unittest.cc | 2 +- .../assembler/assembler-arm-unittest.cc} | 414 +- .../assembler/assembler-arm64-unittest.cc} | 1544 ++--- .../assembler}/assembler-helper-arm.cc | 2 +- .../assembler}/assembler-helper-arm.h | 0 .../assembler/assembler-ia32-unittest.cc} | 176 +- .../assembler/assembler-loong64-unittest.cc} | 338 +- .../assembler/assembler-mips64-unittest.cc} | 3360 ++++----- .../assembler/assembler-ppc-unittest.cc} | 79 +- .../assembler/assembler-riscv32-unittest.cc} | 761 ++- .../assembler/assembler-riscv64-unittest.cc} | 949 +-- .../assembler/assembler-s390-unittest.cc} | 134 +- .../assembler/assembler-x64-unittest.cc | 409 ++ .../assembler/disasm-arm64-unittest.cc | 53 +- .../assembler/disasm-loong64-unittest.cc | 1445 ++++ .../assembler/disasm-riscv-unittest.cc | 8 +- .../assembler/disasm-x64-unittest.cc | 197 +- .../assembler/macro-assembler-arm-unittest.cc | 285 + .../macro-assembler-loong64-unittest.cc | 2807 +++++++- .../macro-assembler-mips64-unittest.cc | 1644 ++++- .../macro-assembler-riscv-unittest.cc | 66 - .../macro-assembler-riscv32-unittest.cc} | 224 +- .../macro-assembler-riscv64-unittest.cc} | 248 +- .../assembler/simple-riscv32-unittest.cc} | 33 +- .../assembler/simple-riscv64-unittest.cc} | 39 +- .../sync-primitives-arm-unittest.cc} | 24 +- .../assembler}/test-helper-riscv32.cc | 6 +- .../assembler}/test-helper-riscv32.h | 14 +- .../assembler}/test-helper-riscv64.cc | 6 +- .../assembler}/test-helper-riscv64.h | 20 +- .../assembler}/test-utils-arm64.cc | 64 +- .../assembler}/test-utils-arm64.h | 4 +- deps/v8/test/unittests/base/cpu-unittest.cc | 5 +- .../test/unittests/base/logging-unittest.cc | 6 +- .../base/platform/platform-unittest.cc | 231 +- .../unittests/base/platform/time-unittest.cc | 2 +- .../base/virtual-address-space-unittest.cc | 68 +- .../builtins/builtins-math-unittest.cc | 352 + .../unittests/codegen/code-pages-unittest.cc | 6 +- .../codegen/code-stub-assembler-unittest.cc | 26 +- .../codegen/safepoint-table-unittest.cc | 403 ++ ...aft-instruction-selector-arm64-unittest.cc | 1454 +++- .../backend/instruction-selector-unittest.cc | 2 +- .../backend/instruction-selector-unittest.h | 10 +- ...urboshaft-instruction-selector-unittest.cc | 2 +- ...turboshaft-instruction-selector-unittest.h | 69 +- .../compiler/bytecode-analysis-unittest.cc | 2 +- .../unittests/compiler/compiler-unittest.cc | 2 +- .../unittests/compiler/function-tester.cc | 11 + .../test/unittests/compiler/function-tester.h | 1 + .../compiler/js-create-lowering-unittest.cc | 20 +- .../js-intrinsic-lowering-unittest.cc | 18 - .../compiler/js-typed-lowering-unittest.cc | 20 +- .../compiler/linkage-tail-call-unittest.cc | 18 +- ...t-instruction-selector-loong64-unittest.cc | 197 +- ...ft-instruction-selector-mips64-unittest.cc | 127 +- .../regalloc/register-allocator-unittest.cc | 2 +- .../test/unittests/compiler/revec-unittest.cc | 80 +- ...t-instruction-selector-riscv64-unittest.cc | 101 +- .../run-bytecode-graph-builder-unittest.cc | 315 +- .../turboshaft/call-runtime-unittest.cc | 103 + .../turboshaft/control-flow-unittest.cc | 2 +- .../load-store-address-hoisting-unittest.cc | 18 +- .../loop-unrolling-analyzer-unittest.cc | 8 +- .../compiler/turboshaft/reducer-test.h | 73 +- .../turboshaft/typeswitch-unittest.cc | 3 + .../wasm-shuffle-reducer-unittest.cc | 610 +- .../compiler/turboshaft/wasm-simd-unittest.cc | 276 + .../test/unittests/compiler/typer-unittest.cc | 37 +- .../wasm-address-reassociation-unittest.cc | 72 +- ...shaft-instruction-selector-x64-unittest.cc | 108 +- .../debug/debug-property-iterator-unittest.cc | 2 +- .../unittests/dumpling/dumpling-unittest.cc | 898 +++ .../execution/thread-termination-unittest.cc | 20 +- .../flags/flag-definitions-unittest.cc | 10 + .../v8/test/unittests/gen_fuzztest_configs.py | 16 +- .../unittests/gen_fuzztest_configs_test.py | 17 +- .../unittests/heap/base/bytes-unittest.cc | 5 +- .../unittests/heap/code-range-unittest.cc | 4 +- .../conservative-stack-visitor-unittest.cc | 24 +- .../cpp-heap-stack-start-marker-unittest.cc | 68 + .../unified-heap-snapshot-unittest.cc | 203 +- .../heap/cppgc-js/unified-heap-unittest.cc | 15 +- .../heap/cppgc/allocation-unittest.cc | 10 +- .../heap/cppgc/free-list-unittest.cc | 9 +- .../heap/cppgc/heap-object-header-unittest.cc | 4 +- .../heap-statistics-collector-unittest.cc | 4 +- .../heap/cppgc/metric-recorder-unittest.cc | 85 +- .../heap/cppgc/page-memory-unittest.cc | 33 +- .../heap/cppgc/source-location-unittest.cc | 2 + .../heap/cppgc/stack-start-marker-unittest.cc | 48 + .../unittests/heap/cppgc/stack-unittest.cc | 4 +- deps/v8/test/unittests/heap/cppgc/tests.h | 2 +- .../test/unittests/heap/gc-tracer-unittest.cc | 27 + .../heap/global-safepoint-unittest.cc | 1 - .../unittests/heap/heap-allocator-unittest.cc | 11 +- .../heap/heap-controller-unittest.cc | 56 +- deps/v8/test/unittests/heap/heap-unittest.cc | 723 +- deps/v8/test/unittests/heap/heap-utils.cc | 40 +- deps/v8/test/unittests/heap/heap-utils.h | 11 +- .../heap/inner-pointer-resolution-unittest.cc | 33 +- .../unittests/heap/local-factory-unittest.cc | 3 +- .../unittests/heap/memory-reducer-unittest.cc | 52 +- .../unittests/heap/minimal-stack-unittest.cc | 100 + .../unittests/heap/page-casting-unittest.cc | 136 + .../unittests/heap/page-promotion-unittest.cc | 10 +- deps/v8/test/unittests/heap/pool-unittest.cc | 9 +- .../unittests/heap/shared-heap-unittest.cc | 59 +- .../test/unittests/heap/slot-set-unittest.cc | 4 +- .../v8/test/unittests/heap/spaces-unittest.cc | 26 +- .../bytecode-array-builder-unittest.cc | 107 +- .../bytecode-array-iterator-unittest.cc | 18 +- ...bytecode-array-random-iterator-unittest.cc | 46 +- .../bytecode-array-writer-unittest.cc | 11 +- .../interpreter/bytecode-decoder-unittest.cc | 24 +- .../bytecode-expectations-printer.cc | 71 +- .../ArrayLiterals.golden | 58 +- .../AssignmentsInBinaryExpression.golden | 50 +- .../AsyncGenerators.golden | 206 +- .../bytecode_expectations/AsyncModules.golden | 110 +- .../BasicBlockToBoolean.golden | 18 +- .../bytecode_expectations/BasicLoops.golden | 202 +- .../BreakableBlocks.golden | 54 +- .../CallAndSpread.golden | 46 +- .../bytecode_expectations/CallGlobal.golden | 8 +- .../CallLookupSlot.golden | 24 +- .../bytecode_expectations/CallNew.golden | 22 +- .../bytecode_expectations/CallRuntime.golden | 6 +- .../ClassAndSuperClass.golden | 26 +- .../ClassDeclarations.golden | 86 +- .../CompareBoolean.golden | 8 +- .../bytecode_expectations/CompareNil.golden | 4 +- .../CompareTypeOf.golden | 206 +- .../CompoundExpressions.golden | 32 +- .../bytecode_expectations/Conditional.golden | 4 +- .../ConstVariable.golden | 6 +- .../ConstVariableContextSlot.golden | 34 +- .../ContextParameters.golden | 28 +- .../ContextVariables.golden | 560 +- .../CountOperators.golden | 86 +- .../CreateArguments.golden | 16 +- .../CreateRestParameter.golden | 8 +- .../DeclareGlobals.golden | 26 +- .../bytecode_expectations/Delete.golden | 20 +- .../DeleteLookupSlotInEval.golden | 8 +- .../DestructuringAssignment.golden | 112 +- .../ElideRedundantHoleChecks.golden | 482 +- ...dantLoadOperationOfImmutableContext.golden | 6 +- .../bytecode_expectations/Eval.golden | 16 +- .../bytecode_expectations/ForAwaitOf.golden | 224 +- .../bytecode_expectations/ForIn.golden | 62 +- .../bytecode_expectations/ForOf.golden | 108 +- .../bytecode_expectations/ForOfLoop.golden | 264 +- .../ForOfOptimization.golden | 74 +- .../FunctionLiterals.golden | 10 +- .../GenerateTestUndetectable.golden | 16 +- .../bytecode_expectations/Generators.golden | 134 +- .../GlobalCompoundExpressions.golden | 12 +- .../GlobalCountOperators.golden | 28 +- .../bytecode_expectations/GlobalDelete.golden | 14 +- .../HeapNumberConstants.golden | 10 +- .../bytecode_expectations/IIFE.golden | 94 +- .../bytecode_expectations/IfConditions.golden | 46 +- .../bytecode_expectations/LetVariable.golden | 2 +- .../LetVariableContextSlot.golden | 34 +- .../bytecode_expectations/LoadGlobal.golden | 264 +- .../LogicalExpressions.golden | 16 +- .../bytecode_expectations/LookupSlot.golden | 92 +- .../LookupSlotInEval.golden | 10 +- .../bytecode_expectations/Modules.golden | 186 +- .../bytecode_expectations/NewAndSpread.golden | 58 +- .../ObjectLiterals.golden | 98 +- .../OuterContextVariables.golden | 10 +- .../PrimitiveExpressions.golden | 44 +- .../PrivateAccessorAccess.golden | 98 +- .../PrivateAccessorDeclaration.golden | 178 +- .../PrivateClassFieldAccess.golden | 24 +- .../PrivateClassFields.golden | 134 +- .../PrivateFieldSpecializedBytecode.golden | 78 + .../PrivateMethodAccess.golden | 116 +- .../PrivateMethodDeclaration.golden | 86 +- .../bytecode_expectations/PropertyCall.golden | 288 +- .../PropertyLoadStore.golden | 48 +- .../PropertyLoads.golden | 528 +- .../PropertyStores.golden | 1064 +-- .../PublicClassFields.golden | 114 +- .../RegExpLiterals.golden | 12 +- .../RemoveRedundantLdar.golden | 16 +- .../SetPrototypePropertiesOptimization.golden | 76 +- .../StandardForLoop.golden | 212 +- .../StaticClassFields.golden | 202 +- .../StaticPrivateMethodAccess.golden | 144 +- .../StaticPrivateMethodDeclaration.golden | 78 +- .../bytecode_expectations/StoreGlobal.golden | 524 +- .../bytecode_expectations/StringConcat.golden | 56 +- .../StringConstants.golden | 10 +- .../SuperCallAndSpread.golden | 28 +- .../bytecode_expectations/Switch.golden | 72 +- .../TemplateLiterals.golden | 56 +- .../bytecode_expectations/Throw.golden | 4 +- .../TopLevelObjectLiterals.golden | 12 +- .../bytecode_expectations/TryCatch.golden | 6 +- .../bytecode_expectations/TryFinally.golden | 6 +- .../bytecode_expectations/Typeof.golden | 6 +- .../UnaryOperators.golden | 26 +- .../VariableWithHint.golden | 68 +- .../WideRegisters.golden | 32 +- .../WithStatement.golden | 6 +- .../constant-array-builder-unittest.cc | 54 +- .../generate-bytecode-expectations.cc | 2 +- .../interpreter-assembler-unittest.cc | 27 +- .../interpreter/interpreter-tester.cc | 38 + .../interpreter/interpreter-tester.h | 11 + .../interpreter/interpreter-unittest.cc | 152 +- .../v8/test/unittests/maglev/hamt-unittest.cc | 270 + .../maglev/maglev-graph-builder-unittest.cc | 68 + .../unittests/maglev/node-type-unittest.cc | 12 +- .../unittests/numbers/conversions-unittest.cc | 18 +- .../unittests/objects/array-list-unittest.cc | 8 +- .../unittests/objects/dictionary-unittest.cc | 4 +- .../objects/elements-kind-unittest.cc | 30 +- .../objects/global-object-unittest.cc | 8 +- .../unittests/objects/hashcode-unittest.cc | 18 +- .../unittests/objects/managed-unittest.cc | 58 +- .../objects/module-request-unittest.cc | 33 + .../unittests/objects/modules-unittest.cc | 169 +- .../test/unittests/objects/object-unittest.cc | 68 +- .../test/unittests/objects/roots-unittest.cc | 4 +- .../objects/value-serializer-unittest.cc | 25 +- .../objects/wasm-backing-store-unittest.cc | 10 +- .../objects/weakarraylist-unittest.cc | 22 +- .../unittests/objects/weakmaps-unittest.cc | 9 +- .../unittests/objects/weaksets-unittest.cc | 4 +- .../test/unittests/parser/parsing-unittest.cc | 102 +- .../unittests/parser/preparser-unittest.cc | 4 +- .../parser/scanner-streams-unittest.cc | 4 +- .../profiler/heap-snapshot-unittest.cc | 76 +- .../unittests/profiler/heap-snapshot-utils.cc | 50 + .../unittests/profiler/heap-snapshot-utils.h | 20 + .../v8/test/unittests/regexp/regexp-fuzzer.cc | 12 +- .../test/unittests/regexp/regexp-unittest.cc | 892 +-- deps/v8/test/unittests/run-all-unittests.cc | 3 +- .../runtime/runtime-debug-unittest.cc | 4 +- .../sandbox/bytecode-verifier-unittest.cc | 578 ++ .../sandbox/libcxx-hardening-unittest.cc | 48 + .../sandbox-hardware-support-unittest.cc | 157 +- .../unittests/sandbox/sandbox-unittest.cc | 36 + .../sandbox/sandbox-violation-unittest.cc | 45 + deps/v8/test/unittests/test-utils.cc | 44 + deps/v8/test/unittests/test-utils.h | 43 + deps/v8/test/unittests/unittests.status | 26 + .../unittests/utils/allocation-unittest.cc | 22 +- .../unittests/utils/bit-vector-unittest.cc | 40 + .../unittests/utils/identity-map-unittest.cc | 136 +- .../v8/test/unittests/utils/utils-unittest.cc | 11 +- .../wasm/compilation-hints-unittest.cc | 244 + .../wasm/function-body-decoder-unittest.cc | 672 +- .../unittests/wasm/leb-helper-unittest.cc | 3 - .../wasm/liftoff-register-unittests.cc | 5 +- .../unittests/wasm/module-decoder-unittest.cc | 156 +- .../wasm/module-generation-fuzztest.cc | 50 +- .../wasm/signature-hashing-unittest.cc | 5 + ...imd-cross-compiler-determinism-fuzztest.cc | 584 +- .../wasm/streaming-decoder-unittest.cc | 16 +- .../unittests/wasm/struct-types-unittest.cc | 23 +- .../test/unittests/wasm/subtyping-unittest.cc | 156 +- .../wasm/trap-handler-native-unittest.cc | 32 +- .../wasm/trap-handler-simulator-unittest.cc | 81 +- .../wasm/type-canonicalization-fuzztest.cc | 13 +- .../test/unittests/wasm/wasm-compile-module.h | 4 +- .../unittests/wasm/wasm-compiler-unittest.cc | 8 +- ...mbler-unittest-custom-descriptors.wasm.inc | 4 +- ...embler-unittest-custom-descriptors.wat.inc | 4 +- .../unittests/wasm/wasm-tracing-unittest.cc | 18 +- .../zone/zone-chunk-list-unittest.cc | 5 +- deps/v8/test/wasm-js/report.js | 67 +- deps/v8/test/wasm-js/testcfg.py | 14 +- deps/v8/test/wasm-js/tests.tar.gz.sha1 | 2 +- deps/v8/test/wasm-js/wasm-js.status | 45 +- deps/v8/test/wasm-spec-tests/testcfg.py | 95 +- .../v8/test/wasm-spec-tests/tests.tar.gz.sha1 | 2 +- .../wasm-spec-tests/wasm-spec-tests.status | 36 +- .../fast/js/nested-object-gc-expected.txt | 32 + .../test/webkit/fast/js/nested-object-gc.js | 38 + deps/v8/third_party/abseil-cpp/BUILD.gn | 31 + .../abseil-cpp/CMake/AbseilDll.cmake | 168 +- .../abseil-cpp/CMake/AbseilHelpers.cmake | 7 +- deps/v8/third_party/abseil-cpp/CMakeLists.txt | 2 +- deps/v8/third_party/abseil-cpp/FAQ.md | 209 +- deps/v8/third_party/abseil-cpp/MODULE.bazel | 4 +- .../v8/third_party/abseil-cpp/README.chromium | 2 +- .../third_party/abseil-cpp/absl/BUILD.bazel | 6 + .../abseil-cpp/absl/base/BUILD.bazel | 66 +- .../third_party/abseil-cpp/absl/base/BUILD.gn | 42 +- .../abseil-cpp/absl/base/CMakeLists.txt | 34 +- .../abseil-cpp/absl/base/attributes.h | 90 +- .../abseil-cpp/absl/base/call_once.h | 1 + .../third_party/abseil-cpp/absl/base/casts.cc | 61 + .../third_party/abseil-cpp/absl/base/casts.h | 116 + .../abseil-cpp/absl/base/casts_test.cc | 127 +- .../third_party/abseil-cpp/absl/base/config.h | 67 +- .../abseil-cpp/absl/base/fast_type_id.h | 32 +- .../abseil-cpp/absl/base/fast_type_id_test.cc | 3 + .../absl/base/internal/hardening.cc | 46 + .../abseil-cpp/absl/base/internal/hardening.h | 63 + .../absl/base/internal/hardening_test.cc | 35 + .../absl/base/internal/iterator_traits.h | 4 + .../abseil-cpp/absl/base/internal/spinlock.cc | 20 +- .../abseil-cpp/absl/base/internal/spinlock.h | 27 +- .../absl/base/internal/strerror_test.cc | 3 +- .../absl/base/internal/unscaledcycleclock.cc | 2 +- .../third_party/abseil-cpp/absl/base/macros.h | 57 +- .../abseil-cpp/absl/base/optimization.h | 2 +- .../abseil-cpp/absl/base/optimization_test.cc | 7 +- .../abseil-cpp/absl/base/options.h | 36 +- .../base/{internal => }/throw_delegate.cc | 16 +- .../absl/base/{internal => }/throw_delegate.h | 18 +- .../absl/base/throw_delegate_test.cc | 47 +- .../abseil-cpp/absl/cleanup/cleanup.h | 4 + .../absl/cleanup/internal/cleanup.h | 2 +- .../abseil-cpp/absl/container/BUILD.bazel | 218 +- .../abseil-cpp/absl/container/BUILD.gn | 119 +- .../abseil-cpp/absl/container/CMakeLists.txt | 144 +- .../abseil-cpp/absl/container/btree_map.h | 62 +- .../abseil-cpp/absl/container/btree_set.h | 58 +- .../abseil-cpp/absl/container/btree_test.cc | 114 +- .../abseil-cpp/absl/container/chunked_queue.h | 755 +++ .../absl/container/chunked_queue_benchmark.cc | 386 ++ .../absl/container/chunked_queue_test.cc | 768 +++ .../abseil-cpp/absl/container/fixed_array.h | 16 +- .../abseil-cpp/absl/container/flat_hash_map.h | 23 +- .../absl/container/flat_hash_map_test.cc | 38 +- .../abseil-cpp/absl/container/flat_hash_set.h | 23 +- .../absl/container/flat_hash_set_test.cc | 34 +- .../absl/container/inlined_vector.h | 7 +- .../absl/container/internal/btree_container.h | 23 +- .../absl/container/internal/chunked_queue.h | 173 + .../absl/container/internal/common.h | 56 +- .../internal/compressed_tuple_test.cc | 20 +- .../container/internal/container_memory.h | 8 +- .../internal/container_memory_test.cc | 11 + .../internal/hash_generator_testing.cc | 2 - .../internal/hash_generator_testing.h | 3 +- .../container/internal/hash_policy_testing.h | 14 - .../internal/hashtable_control_bytes.h | 46 +- .../container/internal/hashtablez_sampler.cc | 6 +- .../container/internal/hashtablez_sampler.h | 12 +- .../internal/hashtablez_sampler_test.cc | 24 +- .../internal/heterogeneous_lookup_testing.h | 80 + .../absl/container/internal/inlined_vector.h | 13 +- .../absl/container/internal/raw_hash_map.h | 35 +- .../absl/container/internal/raw_hash_set.cc | 65 +- .../absl/container/internal/raw_hash_set.h | 357 +- .../internal/raw_hash_set_allocator_test.cc | 4 + .../internal/raw_hash_set_benchmark.cc | 11 +- .../internal/raw_hash_set_probe_benchmark.cc | 18 +- .../container/internal/raw_hash_set_test.cc | 383 +- .../internal/unordered_map_constructor_test.h | 165 +- .../internal/unordered_map_lookup_test.h | 25 +- .../internal/unordered_map_members_test.h | 6 +- .../internal/unordered_map_modifiers_test.h | 106 +- .../internal/unordered_set_constructor_test.h | 165 +- .../internal/unordered_set_lookup_test.h | 15 +- .../internal/unordered_set_members_test.h | 6 +- .../internal/unordered_set_modifiers_test.h | 56 +- .../absl/container/linked_hash_map.h | 666 ++ .../container/linked_hash_map_benchmark.cc | 140 + .../absl/container/linked_hash_map_test.cc | 987 +++ .../absl/container/linked_hash_set.h | 527 ++ .../container/linked_hash_set_benchmark.cc | 84 + .../absl/container/linked_hash_set_test.cc | 947 +++ .../abseil-cpp/absl/container/node_hash_map.h | 24 +- .../absl/container/node_hash_map_test.cc | 34 + .../abseil-cpp/absl/container/node_hash_set.h | 22 +- .../absl/container/node_hash_set_test.cc | 35 +- .../absl/copts/GENERATED_AbseilCopts.cmake | 79 + .../abseil-cpp/absl/copts/GENERATED_copts.bzl | 79 + .../abseil-cpp/absl/copts/copts.py | 21 +- .../abseil-cpp/absl/crc/BUILD.bazel | 1 - .../third_party/abseil-cpp/absl/crc/BUILD.gn | 1 - .../abseil-cpp/absl/crc/CMakeLists.txt | 5 +- .../absl/crc/internal/cpu_detect.cc | 12 +- .../abseil-cpp/absl/crc/internal/crc.cc | 10 +- .../absl/crc/internal/crc_internal.h | 16 - .../abseil-cpp/absl/debugging/BUILD.bazel | 12 +- .../abseil-cpp/absl/debugging/BUILD.gn | 2 + .../abseil-cpp/absl/debugging/CMakeLists.txt | 3 + .../absl/debugging/failure_signal_handler.cc | 4 +- .../absl/debugging/internal/demangle.cc | 4 +- .../absl/debugging/internal/examine_stack.cc | 16 +- .../absl/debugging/internal/examine_stack.h | 8 +- .../internal/stacktrace_powerpc-inl.inc | 5 +- .../debugging/internal/stacktrace_x86-inl.inc | 11 +- .../absl/debugging/internal/symbolize.h | 56 +- .../abseil-cpp/absl/debugging/stacktrace.cc | 144 +- .../abseil-cpp/absl/debugging/stacktrace.h | 54 +- .../absl/debugging/stacktrace_benchmark.cc | 25 +- .../absl/debugging/stacktrace_test.cc | 176 +- .../abseil-cpp/absl/debugging/symbolize.cc | 22 +- .../absl/debugging/symbolize_elf.inc | 98 +- .../absl/debugging/symbolize_test.cc | 43 + .../debugging/symbolize_unimplemented.inc | 8 +- .../abseil-cpp/absl/flags/BUILD.bazel | 9 +- .../abseil-cpp/absl/flags/BUILD.gn | 2 +- .../abseil-cpp/absl/flags/CMakeLists.txt | 2 +- .../abseil-cpp/absl/flags/commandlineflag.h | 14 +- .../third_party/abseil-cpp/absl/flags/flag.h | 3 +- .../abseil-cpp/absl/flags/flag_benchmark.cc | 10 +- .../abseil-cpp/absl/flags/flag_test.cc | 60 +- .../abseil-cpp/absl/flags/internal/flag.h | 6 +- .../abseil-cpp/absl/flags/marshalling.cc | 17 +- .../abseil-cpp/absl/flags/marshalling.h | 30 +- .../abseil-cpp/absl/flags/marshalling_test.cc | 23 +- .../abseil-cpp/absl/flags/parse.cc | 6 +- .../abseil-cpp/absl/flags/parse_test.cc | 2 +- .../abseil-cpp/absl/functional/BUILD.bazel | 1 - .../abseil-cpp/absl/functional/BUILD.gn | 1 - .../abseil-cpp/absl/functional/CMakeLists.txt | 1 - .../abseil-cpp/absl/functional/bind_front.h | 6 + .../absl/functional/internal/any_invocable.h | 15 +- .../absl/functional/overload_test.cc | 26 +- .../abseil-cpp/absl/hash/BUILD.bazel | 3 +- .../third_party/abseil-cpp/absl/hash/BUILD.gn | 3 +- .../abseil-cpp/absl/hash/CMakeLists.txt | 3 +- .../abseil-cpp/absl/hash/hash_benchmark.cc | 11 + .../abseil-cpp/absl/hash/hash_test.cc | 22 +- .../abseil-cpp/absl/hash/hash_testing.h | 11 +- .../abseil-cpp/absl/hash/internal/city.cc | 90 +- .../abseil-cpp/absl/hash/internal/hash.cc | 354 +- .../abseil-cpp/absl/hash/internal/hash.h | 190 +- .../absl/hash/internal/low_level_hash_test.cc | 82 +- .../absl/hash/internal/spy_hash_state.h | 10 +- .../abseil-cpp/absl/log/BUILD.bazel | 2 - .../third_party/abseil-cpp/absl/log/BUILD.gn | 2 - .../abseil-cpp/absl/log/CMakeLists.txt | 36 +- .../abseil-cpp/absl/log/check_test_impl.inc | 60 +- .../abseil-cpp/absl/log/internal/BUILD.bazel | 40 +- .../abseil-cpp/absl/log/internal/BUILD.gn | 22 +- .../abseil-cpp/absl/log/internal/check_op.h | 35 +- .../abseil-cpp/absl/log/internal/container.h | 312 + .../absl/log/internal/container_test.cc | 254 + .../absl/log/internal/log_message.cc | 3 +- .../absl/log/internal/structured_proto.cc | 10 +- .../absl/log/internal/structured_proto.h | 11 +- .../absl/log/internal/vlog_config.cc | 38 +- .../abseil-cpp/absl/log/log_format_test.cc | 5 +- .../abseil-cpp/absl/log/log_streamer.h | 3 +- .../abseil-cpp/absl/log/vlog_is_on_test.cc | 11 +- .../abseil-cpp/absl/memory/memory.h | 47 + .../abseil-cpp/absl/memory/memory_test.cc | 38 + .../abseil-cpp/absl/meta/BUILD.bazel | 53 + .../third_party/abseil-cpp/absl/meta/BUILD.gn | 23 + .../abseil-cpp/absl/meta/CMakeLists.txt | 46 + .../absl/meta/internal/constexpr_testing.h | 73 + .../meta/internal/constexpr_testing_test.cc | 40 + .../abseil-cpp/absl/meta/internal/requires.h | 67 + .../absl/meta/internal/requires_test.cc | 66 + .../abseil-cpp/absl/meta/type_traits.h | 15 - .../abseil-cpp/absl/profiling/BUILD.bazel | 5 +- .../abseil-cpp/absl/profiling/BUILD.gn | 1 + .../abseil-cpp/absl/profiling/CMakeLists.txt | 1 + .../abseil-cpp/absl/profiling/hashtable.cc | 3 - .../profiling/internal/profile_builder.cc | 66 +- .../absl/profiling/internal/profile_builder.h | 27 +- .../abseil-cpp/absl/random/CMakeLists.txt | 1 - .../absl/random/internal/BUILD.bazel | 2 +- .../abseil-cpp/absl/random/internal/BUILD.gn | 1 - .../absl/random/internal/mock_helpers.h | 13 +- .../absl/random/internal/randen_detect.cc | 12 +- .../absl/random/internal/salted_seed_seq.h | 1 + .../absl/random/internal/seed_material.cc | 8 +- .../absl/random/internal/seed_material.h | 3 +- .../abseil-cpp/absl/status/BUILD.bazel | 18 + .../abseil-cpp/absl/status/BUILD.gn | 1 + .../abseil-cpp/absl/status/CMakeLists.txt | 17 + .../absl/status/internal/status_internal.cc | 22 +- .../absl/status/internal/status_internal.h | 4 +- .../absl/status/internal/status_matchers.h | 34 +- .../abseil-cpp/absl/status/status.cc | 5 +- .../abseil-cpp/absl/status/status.h | 12 +- .../abseil-cpp/absl/status/status_matchers.h | 51 +- .../absl/status/status_matchers_test.cc | 34 +- .../absl/status/status_payload_printer.h | 5 +- .../abseil-cpp/absl/status/status_test.cc | 1 + .../abseil-cpp/absl/status/statusor.h | 1 + .../abseil-cpp/absl/status/statusor_test.cc | 44 +- .../abseil-cpp/absl/strings/BUILD.bazel | 98 +- .../abseil-cpp/absl/strings/BUILD.gn | 70 +- .../abseil-cpp/absl/strings/CMakeLists.txt | 74 +- .../abseil-cpp/absl/strings/ascii.h | 3 +- .../absl/strings/atod_manual_test.cc | 10 +- .../abseil-cpp/absl/strings/cord.cc | 21 +- .../abseil-cpp/absl/strings/cord.h | 13 +- .../abseil-cpp/absl/strings/cord_test.cc | 46 +- .../abseil-cpp/absl/strings/escaping.cc | 258 +- .../abseil-cpp/absl/strings/escaping.h | 10 +- .../absl/strings/escaping_benchmark.cc | 4 +- .../abseil-cpp/absl/strings/escaping_test.cc | 40 +- .../absl/strings/has_absl_stringify_test.cc | 4 +- .../absl/strings/has_ostream_operator_test.cc | 4 +- .../strings/internal/append_and_overwrite.h | 90 + .../internal/append_and_overwrite_test.cc | 95 + .../strings/internal/cord_rep_btree_test.cc | 16 +- .../internal/damerau_levenshtein_distance.cc | 6 + .../internal/damerau_levenshtein_distance.h | 1 + .../absl/strings/internal/escaping.h | 16 +- .../absl/strings/internal/generic_printer.cc | 107 + .../absl/strings/internal/generic_printer.h | 115 + .../internal/generic_printer_internal.h | 423 ++ .../strings/internal/generic_printer_test.cc | 685 ++ .../strings/internal/resize_uninitialized.h | 62 +- .../internal/resize_uninitialized_test.cc | 57 +- .../internal/str_format/convert_test.cc | 38 +- .../internal/str_format/float_conversion.cc | 504 +- .../absl/strings/internal/str_join_internal.h | 1 - .../abseil-cpp/absl/strings/numbers.cc | 71 +- .../abseil-cpp/absl/strings/numbers.h | 37 +- .../abseil-cpp/absl/strings/numbers_test.cc | 70 + .../absl/strings/resize_and_overwrite.h | 44 +- .../absl/strings/resize_and_overwrite_test.cc | 3 +- .../abseil-cpp/absl/strings/str_cat.cc | 100 +- .../abseil-cpp/absl/strings/str_cat.h | 1 - .../absl/strings/str_cat_benchmark.cc | 3 +- .../abseil-cpp/absl/strings/str_split.h | 2 +- .../abseil-cpp/absl/strings/string_view.cc | 257 - .../abseil-cpp/absl/strings/string_view.h | 760 +-- .../absl/strings/string_view_benchmark.cc | 380 -- .../absl/strings/string_view_test.cc | 1313 ---- .../abseil-cpp/absl/strings/substitute.cc | 48 +- .../absl/synchronization/BUILD.bazel | 7 +- .../synchronization/internal/kernel_timeout.h | 4 +- .../internal/kernel_timeout_test.cc | 20 +- .../abseil-cpp/absl/synchronization/mutex.cc | 3 +- .../abseil-cpp/absl/synchronization/mutex.h | 55 +- .../absl/synchronization/mutex_test.cc | 14 + .../absl/synchronization/notification.h | 2 +- .../abseil-cpp/absl/time/BUILD.bazel | 80 + .../third_party/abseil-cpp/absl/time/BUILD.gn | 52 + .../abseil-cpp/absl/time/CMakeLists.txt | 75 + .../third_party/abseil-cpp/absl/time/clock.cc | 20 +- .../third_party/abseil-cpp/absl/time/clock.h | 3 + .../abseil-cpp/absl/time/clock_interface.cc | 71 + .../abseil-cpp/absl/time/clock_interface.h | 93 + .../absl/time/clock_interface_test.cc | 128 + .../abseil-cpp/absl/time/format_test.cc | 5 + .../absl/time/internal/cctz/BUILD.bazel | 8 +- .../absl/time/internal/cctz/BUILD.gn | 6 + .../internal/cctz/src/time_zone_format.cc | 185 +- .../cctz/src/time_zone_format_test.cc | 85 +- .../internal/cctz/src/time_zone_lookup.cc | 109 +- .../internal/cctz/src/time_zone_name_win.cc | 185 + .../internal/cctz/src/time_zone_name_win.h | 37 + .../absl/time/internal/cctz/src/tzfile.h | 25 +- .../absl/time/internal/cctz/testdata/version | 2 +- .../cctz/testdata/zoneinfo/America/Ensenada | Bin 1079 -> 1367 bytes .../testdata/zoneinfo/America/Santa_Isabel | Bin 1079 -> 1367 bytes .../cctz/testdata/zoneinfo/America/Tijuana | Bin 1079 -> 1367 bytes .../cctz/testdata/zoneinfo/Asia/Tbilisi | Bin 629 -> 620 bytes .../cctz/testdata/zoneinfo/Europe/Chisinau | Bin 755 -> 1207 bytes .../cctz/testdata/zoneinfo/Europe/Tiraspol | Bin 755 -> 1207 bytes .../cctz/testdata/zoneinfo/Mexico/BajaNorte | Bin 1079 -> 1367 bytes .../cctz/testdata/zoneinfo/iso3166.tab | 18 +- .../cctz/testdata/zoneinfo/zone1970.tab | 24 +- .../cctz/testdata/zoneinfo/zonenow.tab | 97 +- .../abseil-cpp/absl/time/simulated_clock.cc | 225 + .../abseil-cpp/absl/time/simulated_clock.h | 108 + .../absl/time/simulated_clock_test.cc | 614 ++ .../abseil-cpp/absl/types/BUILD.bazel | 52 + .../abseil-cpp/absl/types/BUILD.gn | 35 + .../abseil-cpp/absl/types/CMakeLists.txt | 54 + .../abseil-cpp/absl/types/internal/span.h | 1 - .../abseil-cpp/absl/types/optional_ref.h | 294 + .../absl/types/optional_ref_test.cc | 370 + .../abseil-cpp/absl/types/source_location.h | 172 + .../absl/types/source_location_test.cc | 139 + .../third_party/abseil-cpp/absl/types/span.h | 33 +- .../abseil-cpp/absl_hardening_test.cc | 13 +- .../0004-string-view-transitive-includes | 14 + .../patches/0005-mutex-deprecations.patch | 130 + ...6-undef-absl-hash-internal-has-crc32.patch | 16 + .../0007-deprecated-base64-escape.patch | 26 + .../abseil-cpp/symbols_arm64_dbg.def | 1018 ++- .../abseil-cpp/symbols_arm64_dbg_cxx23.def | 1016 ++- .../abseil-cpp/symbols_arm64_rel.def | 107 +- .../abseil-cpp/symbols_arm64_rel_cxx23.def | 107 +- .../abseil-cpp/symbols_x64_dbg.def | 1073 ++- .../abseil-cpp/symbols_x64_dbg_cxx23.def | 1071 ++- .../abseil-cpp/symbols_x64_rel.def | 111 +- .../abseil-cpp/symbols_x64_rel_asan.def | 130 +- .../abseil-cpp/symbols_x64_rel_asan_cxx23.def | 130 +- .../abseil-cpp/symbols_x64_rel_cxx23.def | 111 +- .../abseil-cpp/symbols_x86_dbg.def | 1071 ++- .../abseil-cpp/symbols_x86_dbg_cxx23.def | 1069 ++- .../abseil-cpp/symbols_x86_rel.def | 110 +- .../abseil-cpp/symbols_x86_rel_cxx23.def | 110 +- deps/v8/third_party/colorama/README.v8 | 2 +- deps/v8/third_party/dragonbox/README.v8 | 2 +- .../src/include/dragonbox/dragonbox.h | 817 ++- .../include/dragonbox/dragonbox_to_chars.h | 391 +- deps/v8/third_party/fast_float/README.v8 | 2 +- deps/v8/third_party/fp16/README.v8 | 7 +- .../v8/third_party/googletest/README.chromium | 2 +- deps/v8/third_party/highway/README.chromium | 2 +- .../highway/src/hwy/ops/set_macros-inl.h | 9 +- .../third_party/inspector_protocol/README.v8 | 1 + .../crdtp/json_platform_v8.cc | 5 +- deps/v8/third_party/jsoncpp/README.chromium | 3 +- deps/v8/third_party/llvm-libc/README.v8 | 2 +- .../third_party/rapidhash-v8/README.chromium | 2 +- deps/v8/third_party/simdutf/BUILD.gn | 6 + deps/v8/third_party/simdutf/README.chromium | 3 +- deps/v8/third_party/simdutf/simdutf.cpp | 3829 ++++++++++- deps/v8/third_party/simdutf/simdutf.h | 400 +- deps/v8/third_party/v8/builtins/array-sort.tq | 2 +- deps/v8/third_party/zlib/BUILD.gn | 16 +- deps/v8/third_party/zlib/CMakeLists.txt | 394 +- deps/v8/third_party/zlib/LICENSE | 33 +- deps/v8/third_party/zlib/README | 115 + deps/v8/third_party/zlib/README.chromium | 8 +- deps/v8/third_party/zlib/chromeconf.h | 13 +- deps/v8/third_party/zlib/compress.c | 51 +- .../third_party/zlib/contrib/minizip/Makefile | 10 +- .../zlib/contrib/minizip/README.chromium | 7 +- .../third_party/zlib/contrib/minizip/crypt.h | 11 +- .../third_party/zlib/contrib/minizip/ioapi.c | 10 +- .../third_party/zlib/contrib/minizip/ioapi.h | 16 +- .../zlib/contrib/minizip/iowin32.c | 7 +- .../zlib/contrib/minizip/iowin32.h | 7 +- .../zlib/contrib/minizip/miniunz.c | 32 +- .../zlib/contrib/minizip/minizip.c | 13 +- .../zlib/contrib/minizip/mztools.c | 10 +- .../zlib/contrib/minizip/skipset.h | 157 +- .../third_party/zlib/contrib/minizip/unzip.c | 53 +- .../third_party/zlib/contrib/minizip/unzip.h | 9 +- .../v8/third_party/zlib/contrib/minizip/zip.c | 283 +- .../v8/third_party/zlib/contrib/minizip/zip.h | 11 +- .../contrib/optimizations/inffast_chunk.c | 10 +- deps/v8/third_party/zlib/crc32.c | 166 +- deps/v8/third_party/zlib/deflate.c | 186 +- deps/v8/third_party/zlib/deflate.h | 8 +- deps/v8/third_party/zlib/doc/algorithm.txt | 209 + deps/v8/third_party/zlib/doc/crc-doc.1.0.pdf | Bin 0 -> 776142 bytes deps/v8/third_party/zlib/doc/rfc1950.txt | 619 ++ deps/v8/third_party/zlib/doc/rfc1951.txt | 955 +++ deps/v8/third_party/zlib/doc/rfc1952.txt | 675 ++ deps/v8/third_party/zlib/doc/txtvsbin.txt | 107 + deps/v8/third_party/zlib/examples/zpipe.c | 5 +- deps/v8/third_party/zlib/google/DEPS | 1 + deps/v8/third_party/zlib/google/zip_reader.cc | 108 +- deps/v8/third_party/zlib/google/zip_reader.h | 34 +- .../zlib/google/zip_reader_unittest.cc | 92 +- .../third_party/zlib/google/zip_unittest.cc | 5 +- deps/v8/third_party/zlib/google/zip_writer.cc | 18 +- deps/v8/third_party/zlib/gzguts.h | 69 +- deps/v8/third_party/zlib/gzlib.c | 103 +- deps/v8/third_party/zlib/gzread.c | 298 +- deps/v8/third_party/zlib/gzwrite.c | 267 +- deps/v8/third_party/zlib/infback.c | 89 +- deps/v8/third_party/zlib/inffast.c | 13 +- deps/v8/third_party/zlib/inffixed.h | 182 +- deps/v8/third_party/zlib/inflate.c | 189 +- deps/v8/third_party/zlib/inflate.h | 2 +- deps/v8/third_party/zlib/inftrees.c | 143 +- deps/v8/third_party/zlib/inftrees.h | 4 +- .../third_party/zlib/patches/0000-build.patch | 8 +- .../zlib/patches/0004-fix-uwp.patch | 8 +- .../0008-minizip-zip-unzip-tools.patch | 22 +- .../zlib/patches/0010-cmake-enable-simd.patch | 96 - .../third_party/zlib/patches/0010-cmake.patch | 256 + .../zlib/patches/0011-avx512.patch | 28 - .../patches/0018-support-prefixed-zip64.patch | 6 +- .../zlib/patches/0019-fix-zip64-in-zip.patch | 37 + deps/v8/third_party/zlib/test/minigzip.c | 89 +- deps/v8/third_party/zlib/trees.c | 28 +- deps/v8/third_party/zlib/uncompr.c | 62 +- deps/v8/third_party/zlib/win32/zlib1.rc | 37 + deps/v8/third_party/zlib/zconf.h | 44 +- deps/v8/third_party/zlib/zconf.h.cmakein | 545 -- deps/v8/third_party/zlib/zconf.h.in | 46 +- deps/v8/third_party/zlib/zlib.3 | 22 +- deps/v8/third_party/zlib/zlib.h | 311 +- deps/v8/third_party/zlib/zlib.pc.cmakein | 9 +- deps/v8/third_party/zlib/zlibConfig.cmake.in | 18 + deps/v8/third_party/zlib/zutil.c | 85 +- deps/v8/third_party/zlib/zutil.h | 99 +- deps/v8/tools/.vpython3 | 5 + deps/v8/tools/bazel/bazel.sha1 | 2 +- .../tools/builtins-pgo/download_profiles.py | 19 +- .../builtins-pgo/download_profiles_test.py | 121 +- deps/v8/tools/builtins-pgo/get_hints.py | 25 +- deps/v8/tools/cluster_files.py | 252 + .../tools/clusterfuzz/foozzie/v8_commands.py | 6 +- .../clusterfuzz/foozzie/v8_fuzz_flags.json | 8 +- .../clusterfuzz/foozzie/v8_mock_archs.js | 14 +- deps/v8/tools/clusterfuzz/js_fuzzer/corpus.js | 12 +- .../js_fuzzer/differential_script_mutator.js | 9 +- .../tools/clusterfuzz/js_fuzzer/exceptions.js | 4 + .../js_fuzzer/mutators/crossover_mutator.js | 31 +- .../mutators/memory_corruption_mutator.js | 48 + .../clusterfuzz/js_fuzzer/package-lock.json | 1773 ++++- .../tools/clusterfuzz/js_fuzzer/package.json | 2 + .../resources/sandbox_fuzz_library.js | 311 + deps/v8/tools/clusterfuzz/js_fuzzer/run.js | 5 + deps/v8/tools/clusterfuzz/js_fuzzer/runner.js | 7 +- .../clusterfuzz/js_fuzzer/script_mutator.js | 22 + .../clusterfuzz/js_fuzzer/source_helpers.js | 91 +- .../clusterfuzz/js_fuzzer/test/helpers.js | 2 +- .../js_fuzzer/test/test_differential_fuzz.js | 5 + .../clusterfuzz/js_fuzzer/test/test_load.js | 31 + .../js_fuzzer/test/test_memory_corruptions.js | 39 + .../js_fuzzer/test/test_regressions.js | 14 + .../clusterfuzz/js_fuzzer/test/test_runner.js | 16 +- .../expected_code_0.js | 4 +- .../expected_code_1.js | 4 +- .../expected_flags_2.js | 6 +- .../test_data/memory_corruption/input.js | 28 + .../memory_corruption/output_expected.js | 40 + .../regress/await/db/AwaitExpression/a1.json | 7 + .../test_data/regress/await/db/index.json | 3 + .../test_data/regress/await/expected.js | 31 + .../test_data/regress/await/input.js | 29 + .../js_fuzzer/test_data/transpile/proto1.js | 99 + .../test_data/transpile/proto1_expected.js | 67 + .../transpile/v8/test/mjsunit/mjsunit.js | 5 + .../transpile/v8/test/mjsunit/test1.js | 39 + .../v8/test/mjsunit/test1_expected.js | 106 + .../trials/clusterfuzz_trials_config.json | 15 +- deps/v8/tools/cpu.sh | 13 +- deps/v8/tools/debug_helper/debug-helper.h | 7 + .../debug_helper/get-object-properties.cc | 19 +- deps/v8/tools/dev/gen-static-roots.py | 91 + deps/v8/tools/dev/gm.py | 39 +- deps/v8/tools/dev/update-vscode.sh | 22 +- deps/v8/tools/gcmole/gcmole-tools.tar.gz.sha1 | 2 +- deps/v8/tools/gdbinit | 137 +- deps/v8/tools/gen-postmortem-metadata.py | 1 - deps/v8/tools/heap-layout/index.html | 6 +- .../v8/tools/js/log-file-reader-template.html | 4 +- deps/v8/tools/lldb_commands.py | 6 + deps/v8/tools/mac-nm | 4 +- deps/v8/tools/package-lock.json | 486 +- deps/v8/tools/perf-bisect.pl | 97 +- .../tools/process-wasm-compilation-times.py | 22 +- deps/v8/tools/profiling/linux-perf-chrome.py | 6 +- deps/v8/tools/profiling/linux-perf-d8.py | 10 +- deps/v8/tools/regexp-sequences.py | 97 +- deps/v8/tools/release/roll_merge_gerrit.py | 19 +- deps/v8/tools/run_perf.py | 2 +- .../v8/tools/sanitizers/tsan_suppressions.txt | 6 +- .../view/script-panel-template.html | 12 +- .../system-analyzer/view/script-panel.mjs | 565 +- deps/v8/tools/testrunner/base_runner.py | 16 +- deps/v8/tools/testrunner/build_config.py | 2 + deps/v8/tools/testrunner/local/android.py | 3 +- deps/v8/tools/testrunner/local/command.py | 21 +- deps/v8/tools/testrunner/local/statusfile.py | 1 + deps/v8/tools/testrunner/local/testsuite.py | 2 +- deps/v8/tools/testrunner/local/utils.py | 12 + deps/v8/tools/testrunner/local/variants.py | 204 +- deps/v8/tools/testrunner/objects/testcase.py | 13 +- deps/v8/tools/testrunner/outproc/base.py | 2 +- deps/v8/tools/testrunner/outproc/message.py | 6 +- .../tools/testrunner/standard_runner_test.py | 14 +- .../testrunner/testdata/v8_build_config.json | 4 +- deps/v8/tools/testrunner/testproc/fuzzer.py | 23 +- .../tools/testrunner/testproc/fuzzer_test.py | 16 + .../tools/testrunner/testproc/indicators.py | 2 +- .../testrunner/testproc/indicators_test.py | 87 + deps/v8/tools/torque/format-torque.py | 13 +- deps/v8/tools/turbolizer/package-lock.json | 368 +- deps/v8/tools/turboshaft-stacktrace-filter.py | 69 + deps/v8/tools/turboshaft_type_formatter.py | 84 + .../v8windbg/src/v8-debug-helper-interop.cc | 52 +- deps/v8/tools/v8windbg/test/script.js | 1 - deps/v8/tools/v8windbg/test/v8windbg-test.cc | 7 + .../wasm/mjsunit-module-disassembler-impl.h | 151 +- deps/v8/tools/wasm/module-inspector.cc | 26 +- deps/v8/tools/whitespace.txt | 2 +- 4236 files changed, 255222 insertions(+), 131051 deletions(-) create mode 100644 deps/v8/agents/OWNERS create mode 100644 deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md create mode 100644 deps/v8/agents/skills/torque/SKILL.md create mode 100644 deps/v8/bazel/toolchain/BUILD.bazel create mode 100644 deps/v8/bazel/toolchain/libcxx_repository.bzl create mode 100644 deps/v8/bazel/toolchain/llvm_repository.bzl create mode 100644 deps/v8/docs/security/triaging.md create mode 100644 deps/v8/gni/cluster_build.gni create mode 100644 deps/v8/src/base/algorithm.h delete mode 100644 deps/v8/src/base/cpu.cc create mode 100644 deps/v8/src/base/cpu/cpu-arm.cc create mode 100644 deps/v8/src/base/cpu/cpu-helper.h create mode 100644 deps/v8/src/base/cpu/cpu-loong64.cc create mode 100644 deps/v8/src/base/cpu/cpu-mips64.cc create mode 100644 deps/v8/src/base/cpu/cpu-ppc.cc create mode 100644 deps/v8/src/base/cpu/cpu-riscv.cc create mode 100644 deps/v8/src/base/cpu/cpu-s390.cc create mode 100644 deps/v8/src/base/cpu/cpu-x86.cc create mode 100644 deps/v8/src/base/cpu/cpu.cc rename deps/v8/src/base/{ => cpu}/cpu.h (62%) rename deps/v8/src/{wasm => base}/float16.h (77%) create mode 100644 deps/v8/src/base/memcopy.h create mode 100644 deps/v8/src/bigint/bigint-inl.h delete mode 100644 deps/v8/src/bigint/bitwise.cc delete mode 100644 deps/v8/src/bigint/digit-arithmetic.h create mode 100644 deps/v8/src/bigint/div-helpers-inl.h delete mode 100644 deps/v8/src/bigint/div-helpers.cc delete mode 100644 deps/v8/src/bigint/div-helpers.h delete mode 100644 deps/v8/src/bigint/mul-schoolbook.cc create mode 100644 deps/v8/src/bigint/vector-arithmetic-inl.h delete mode 100644 deps/v8/src/bigint/vector-arithmetic.cc delete mode 100644 deps/v8/src/bigint/vector-arithmetic.h create mode 100644 deps/v8/src/builtins/builtins-iterator-inl.h create mode 100644 deps/v8/src/builtins/builtins-iterator.h create mode 100644 deps/v8/src/builtins/builtins-math-xsum.cc create mode 100644 deps/v8/src/builtins/builtins-math-xsum.h create mode 100644 deps/v8/src/builtins/builtins-math.cc create mode 100644 deps/v8/src/builtins/builtins-string-tsa-inl.h create mode 100644 deps/v8/src/builtins/superspread.h create mode 100644 deps/v8/src/compiler/backend/block-position.cc create mode 100644 deps/v8/src/compiler/backend/block-position.h create mode 100644 deps/v8/src/compiler/basic-block-call-graph-profiler.cc rename deps/v8/src/compiler/{basic-block-instrumentor.h => basic-block-call-graph-profiler.h} (53%) delete mode 100644 deps/v8/src/compiler/basic-block-instrumentor.cc delete mode 100644 deps/v8/src/compiler/pair-load-store-reducer.cc delete mode 100644 deps/v8/src/compiler/pair-load-store-reducer.h rename deps/v8/src/compiler/turboshaft/{store-store-elimination-phase.cc => load-elimination-phase.cc} (66%) rename deps/v8/src/compiler/turboshaft/{optimize-phase.h => load-elimination-phase.h} (59%) create mode 100644 deps/v8/src/compiler/turboshaft/load-store-verification-reducer.h create mode 100644 deps/v8/src/compiler/turboshaft/maglev-assert-types-reducer.h rename deps/v8/src/compiler/turboshaft/{optimize-phase.cc => memory-optimization-phase.cc} (92%) rename deps/v8/src/compiler/turboshaft/{store-store-elimination-phase.h => memory-optimization-phase.h} (56%) create mode 100644 deps/v8/src/d8/hardware-watchpoints.cc create mode 100644 deps/v8/src/d8/hardware-watchpoints.h create mode 100644 deps/v8/src/dumpling/OWNERS create mode 100644 deps/v8/src/dumpling/dumpling-manager.cc create mode 100644 deps/v8/src/dumpling/dumpling-manager.h create mode 100644 deps/v8/src/dumpling/object-dumping.cc create mode 100644 deps/v8/src/dumpling/object-dumping.h create mode 100644 deps/v8/src/execution/isolate-data-fields.h create mode 100644 deps/v8/src/execution/riscv/shadow-stack-riscv.cc create mode 100644 deps/v8/src/execution/riscv/shadow-stack-riscv.h create mode 100644 deps/v8/src/heap/base-page-inl.h rename deps/v8/src/heap/{memory-chunk-metadata.cc => base-page.cc} (75%) rename deps/v8/src/heap/{memory-chunk-metadata.h => base-page.h} (77%) create mode 100644 deps/v8/src/heap/large-page-inl.h delete mode 100644 deps/v8/src/heap/large-page-metadata-inl.h delete mode 100644 deps/v8/src/heap/large-page-metadata.h rename deps/v8/src/heap/{large-page-metadata.cc => large-page.cc} (67%) create mode 100644 deps/v8/src/heap/large-page.h delete mode 100644 deps/v8/src/heap/memory-chunk-metadata-inl.h create mode 100644 deps/v8/src/heap/mutable-page-inl.h delete mode 100644 deps/v8/src/heap/mutable-page-metadata-inl.h rename deps/v8/src/heap/{mutable-page-metadata.cc => mutable-page.cc} (80%) rename deps/v8/src/heap/{mutable-page-metadata.h => mutable-page.h} (75%) create mode 100644 deps/v8/src/heap/normal-page-inl.h rename deps/v8/src/heap/{page-metadata.cc => normal-page.cc} (69%) rename deps/v8/src/heap/{page-metadata.h => normal-page.h} (57%) delete mode 100644 deps/v8/src/heap/page-metadata-inl.h create mode 100644 deps/v8/src/maglev/hamt.h create mode 100644 deps/v8/src/maglev/loong64/maglev-assembler-loong64-inl.h create mode 100644 deps/v8/src/maglev/loong64/maglev-assembler-loong64.cc create mode 100644 deps/v8/src/maglev/loong64/maglev-ir-loong64.cc create mode 100644 deps/v8/src/maglev/maglev-map-inference.h create mode 100644 deps/v8/src/maglev/maglev-node-type.cc create mode 100644 deps/v8/src/maglev/maglev-node-type.h create mode 100644 deps/v8/src/maglev/maglev-range-verification.cc create mode 100644 deps/v8/src/maglev/maglev-range-verification.h create mode 100644 deps/v8/src/maglev/maglev-range.h create mode 100644 deps/v8/src/maglev/maglev-tracer.h create mode 100644 deps/v8/src/objects/js-data-object-builder-inl.h create mode 100644 deps/v8/src/objects/js-data-object-builder.cc create mode 100644 deps/v8/src/objects/js-data-object-builder.h create mode 100644 deps/v8/src/objects/trusted-pointer-inl.h create mode 100644 deps/v8/src/objects/trusted-pointer.h delete mode 100644 deps/v8/src/profiler/heap-snapshot-generator-inl.h create mode 100644 deps/v8/src/regexp/regexp-ast-printer.cc create mode 100644 deps/v8/src/regexp/regexp-ast-printer.h create mode 100644 deps/v8/src/regexp/regexp-bytecode-analysis.cc create mode 100644 deps/v8/src/regexp/regexp-bytecode-analysis.h create mode 100644 deps/v8/src/regexp/regexp-graph-printer.cc create mode 100644 deps/v8/src/regexp/regexp-graph-printer.h create mode 100644 deps/v8/src/regexp/regexp-node-printer.cc create mode 100644 deps/v8/src/regexp/regexp-node-printer.h create mode 100644 deps/v8/src/regexp/regexp-printer.cc create mode 100644 deps/v8/src/regexp/regexp-printer.h create mode 100644 deps/v8/src/sandbox/bytecode-verifier.cc create mode 100644 deps/v8/src/sandbox/bytecode-verifier.h create mode 100644 deps/v8/src/sandbox/external-strings-cage.cc create mode 100644 deps/v8/src/sandbox/external-strings-cage.h create mode 100644 deps/v8/src/sandbox/sandboxable-thread.cc create mode 100644 deps/v8/src/sandbox/sandboxable-thread.h create mode 100644 deps/v8/src/strings/owning-external-string-resource.h delete mode 100644 deps/v8/src/tools/dumpling/dumpling_v8.patch create mode 100644 deps/v8/src/torque/ast-visitor.h create mode 100644 deps/v8/src/torque/tsa-generator.cc create mode 100644 deps/v8/src/torque/tsa-generator.h create mode 100644 deps/v8/src/tracing/perfetto-sdk.h delete mode 100644 deps/v8/src/utils/memcopy.cc create mode 100644 deps/v8/src/wasm/compilation-hints-generation.cc create mode 100644 deps/v8/src/wasm/compilation-hints-generation.h create mode 100644 deps/v8/src/wasm/effect-handler.h create mode 100644 deps/v8/src/wasm/interpreter/riscv/interpreter-builtins-riscv.cc create mode 100644 deps/v8/src/wasm/wasm-engine-globals.h create mode 100644 deps/v8/src/wasm/wasm-stack-wrapper-cache.cc create mode 100644 deps/v8/src/wasm/wasm-stack-wrapper-cache.h create mode 100644 deps/v8/src/wasm/wasm-wrapper-cache-inl.h create mode 100644 deps/v8/src/wasm/wasm-wrapper-cache.cc create mode 100644 deps/v8/src/wasm/wasm-wrapper-cache.h rename deps/v8/test/cctest/heap/{test-array-buffer-tracker.cc => test-array-buffer-sweeper.cc} (91%) delete mode 100644 deps/v8/test/cctest/test-macro-assembler-arm.cc delete mode 100644 deps/v8/test/cctest/test-macro-assembler-loong64.cc delete mode 100644 deps/v8/test/cctest/test-macro-assembler-mips64.cc create mode 100644 deps/v8/test/common/noop-bytecode-verifier.h create mode 100644 deps/v8/test/debugger/regress/regress-483851884.js create mode 100644 deps/v8/test/debugger/regress/regress-485683107.js create mode 100644 deps/v8/test/debugger/regress/regress-486383560.js create mode 100644 deps/v8/test/debugger/regress/regress-488130830.js create mode 100644 deps/v8/test/filecheck/crash/proto-assign-seq-opt-count-0.js create mode 100644 deps/v8/test/filecheck/js-wasm-wrapper-inlining-eager-deopt.js create mode 100644 deps/v8/test/filecheck/proto-assign-seq-opt-count.js create mode 100644 deps/v8/test/filecheck/wasm-in-js-inlining-turboshaft.js create mode 100644 deps/v8/test/filecheck/wasm-turbolev-inlined-wrapper.js rename deps/v8/test/filecheck/{crash/wasm-failed-type-assertion.js => wasm/crash/failed-type-assertion.js} (100%) create mode 100644 deps/v8/test/filecheck/wasm/crash/regress-481074858.js rename deps/v8/test/filecheck/{wasm-pause.js => wasm/pause.js} (100%) create mode 100644 deps/v8/test/fuzzer/wasm/code/regress-470274340 create mode 100644 deps/v8/test/fuzzer/wasm/module/regress-419922463.wasm create mode 100644 deps/v8/test/fuzzer/wasm/module/regress-478553475.wasm create mode 100644 deps/v8/test/inspector/debugger/paused-function-location-expected.txt create mode 100644 deps/v8/test/inspector/debugger/paused-function-location.js create mode 100644 deps/v8/test/inspector/debugger/set-breakpoint-by-url-in-broken-script-expected.txt create mode 100644 deps/v8/test/inspector/debugger/set-breakpoint-by-url-in-broken-script.js create mode 100644 deps/v8/test/inspector/devtools-session.cc create mode 100644 deps/v8/test/inspector/devtools-session.h create mode 100644 deps/v8/test/inspector/regress/regress-crbug-466244926-expected.txt create mode 100644 deps/v8/test/inspector/regress/regress-crbug-466244926.js create mode 100644 deps/v8/test/inspector/regress/regress-crbug-486927780-expected.txt create mode 100644 deps/v8/test/inspector/regress/regress-crbug-486927780.js create mode 100644 deps/v8/test/inspector/regress/regress-crbug-488754138-expected.txt create mode 100644 deps/v8/test/inspector/regress/regress-crbug-488754138.js create mode 100644 deps/v8/test/inspector/runtime/regress-485672657-expected.txt create mode 100644 deps/v8/test/inspector/runtime/regress-485672657.js create mode 100644 deps/v8/test/inspector/runtime/regress-488790217-expected.txt create mode 100644 deps/v8/test/inspector/runtime/regress-488790217.js delete mode 100644 deps/v8/test/intl/number-format/comma-compat-off.js delete mode 100644 deps/v8/test/intl/number-format/comma-compat-on.js delete mode 100644 deps/v8/test/intl/number-format/italian-compat-off.js delete mode 100644 deps/v8/test/intl/number-format/italian-compat-on.js create mode 100644 deps/v8/test/intl/regress-450077863.js create mode 100644 deps/v8/test/intl/regress-463070442.js delete mode 100644 deps/v8/test/intl/temporal/calendar/fields.js create mode 100644 deps/v8/test/message/debug-trace-minimal.js create mode 100644 deps/v8/test/message/debug-trace-minimal.out create mode 100644 deps/v8/test/message/fail/iterator-zip-return-error.js create mode 100644 deps/v8/test/message/fail/iterator-zip-return-error.out create mode 100644 deps/v8/test/message/js-wasm-wrapper-inlining-turbolev-32.js rename deps/v8/test/message/{js-wasm-wrapper-inlining-turbolev.out => js-wasm-wrapper-inlining-turbolev-32.out} (53%) delete mode 100644 deps/v8/test/message/js-wasm-wrapper-inlining-turbolev.js create mode 100644 deps/v8/test/message/wasm-compilation-hints-inlining-no-liftoff.js create mode 100644 deps/v8/test/message/wasm-compilation-hints-inlining-no-liftoff.out create mode 100644 deps/v8/test/message/wasm-compilation-hints-inlining.js create mode 100644 deps/v8/test/message/wasm-compilation-hints-inlining.out create mode 100644 deps/v8/test/message/wasm-debug-trace-minimal.js create mode 100644 deps/v8/test/message/wasm-debug-trace-minimal.out create mode 100644 deps/v8/test/message/wasm-generate-compilation-hints.js create mode 100644 deps/v8/test/message/wasm-generate-compilation-hints.out delete mode 100644 deps/v8/test/message/wasm-in-js-inlining-turboshaft.js delete mode 100644 deps/v8/test/message/wasm-in-js-inlining-turboshaft.out create mode 100644 deps/v8/test/mjsunit/arbitrary-length-varargs.js create mode 100644 deps/v8/test/mjsunit/array-buffer-view-tracking-regress.js create mode 100644 deps/v8/test/mjsunit/array-buffer-view-tracking.js create mode 100644 deps/v8/test/mjsunit/array-constructor-subclass.js create mode 100644 deps/v8/test/mjsunit/array-flat-elements-kind.js create mode 100644 deps/v8/test/mjsunit/compiler/fast-api-calls-exception.js create mode 100644 deps/v8/test/mjsunit/compiler/no-fma.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-461531853.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-463606272.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-475479135-1.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-475479135-2.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-477645118.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-488078904.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-488925413.js create mode 100644 deps/v8/test/mjsunit/compiler/regress-array-const-tracking.js create mode 100644 deps/v8/test/mjsunit/compiler/typed-array-js-call-reducer.js create mode 100644 deps/v8/test/mjsunit/d8-builtins-not-constructors.js create mode 100644 deps/v8/test/mjsunit/d8/d8-realm-onerror.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror-arguments.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror-exception.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror-settimeout.js create mode 100644 deps/v8/test/mjsunit/d8/d8-worker-onerror.js create mode 100644 deps/v8/test/mjsunit/debug-trace-minimal-in-gc.js rename deps/v8/test/mjsunit/{regress/wasm/regress-396461004.js => debug-trace-minimal.js} (50%) create mode 100644 deps/v8/test/mjsunit/decorators/regress-456538025.js create mode 100644 deps/v8/test/mjsunit/decorators/regress-461485805.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-check-missing-done.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-next-call.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-eager-value-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-lazy-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-lazy-next-call.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-array-iterator-optimization-maglev-lazy-value-check.js create mode 100644 deps/v8/test/mjsunit/es6/for-of-iterator-protocol-integrity.js create mode 100644 deps/v8/test/mjsunit/es6/weak-map-chain-linear.js create mode 100644 deps/v8/test/mjsunit/es6/weak-map-chain-nested-linear.js create mode 100644 deps/v8/test/mjsunit/es8/async-await-closure-reuse.js create mode 100644 deps/v8/test/mjsunit/harmony/await-using-assignment-in-for-loop.js create mode 100644 deps/v8/test/mjsunit/harmony/await-using-valid-assignments-in-for-loop.js create mode 100644 deps/v8/test/mjsunit/harmony/iterator-concat.js create mode 100644 deps/v8/test/mjsunit/harmony/iterator-zip.js create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-asm.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-define-class-field.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-delete-property-missing-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-delete-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-for-in.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-get-own-property-descriptor-missing-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-get-own-property-descriptor.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-has-nonexistent-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-has-on-prototype-nonexistent-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-has-on-prototype-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-has-property-missing-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-has-property-ns-as-prototype-missing-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-has-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-has-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-lookup-getter.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-lookup-setter.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-missing-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-no-trigger.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-non-existant-field-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-nonexistent-on-prototype-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-ns-as-prototype-missing-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-ns-as-prototype.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-object-define-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-object-has-own-missing-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-object-has-own.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-object-keys.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-on-prototype-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-own-property-keys.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-property-is-enumerable.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-for-in.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-has-property.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-lookup-getter.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-lookup-setter.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-swap-for-in-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-prototype-swap-for-in.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-super-property-set-exported.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-super-property-set-not-exported.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer-that-throws.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-import-defer.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-namespace-asm.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-skip-import-defer-1.mjs create mode 100644 deps/v8/test/mjsunit/harmony/modules-skip-import-defer-throws-1.mjs create mode 100644 deps/v8/test/mjsunit/harmony/regress/regress-454630441.js create mode 100644 deps/v8/test/mjsunit/harmony/regress/regress-463528051.js create mode 100644 deps/v8/test/mjsunit/harmony/regress/regress-468626968.js create mode 100644 deps/v8/test/mjsunit/immutable-arraybuffer.js create mode 100644 deps/v8/test/mjsunit/iterable-foreach.js create mode 100644 deps/v8/test/mjsunit/iterator-join.js create mode 100644 deps/v8/test/mjsunit/json-simd-strings.js create mode 100644 deps/v8/test/mjsunit/maglev-470137280.js create mode 100644 deps/v8/test/mjsunit/maglev/array-push-int32-phi.js create mode 100644 deps/v8/test/mjsunit/maglev/array-push-with-smi-object.js create mode 100644 deps/v8/test/mjsunit/maglev/boolean-constructor.js create mode 100644 deps/v8/test/mjsunit/maglev/checked_value_alt_overwrite.js create mode 100644 deps/v8/test/mjsunit/maglev/construct-spread-forward-vaargs.js create mode 100644 deps/v8/test/mjsunit/maglev/context-inverted-generator.js create mode 100644 deps/v8/test/mjsunit/maglev/context-inverted-generator2.js create mode 100644 deps/v8/test/mjsunit/maglev/dataview-almost-oob.js create mode 100644 deps/v8/test/mjsunit/maglev/dataview-getbytelength-const-non-eager-inlining.js create mode 100644 deps/v8/test/mjsunit/maglev/dataview-getbytelength-const.js create mode 100644 deps/v8/test/mjsunit/maglev/dataview-getbytelength-not-dataview.js create mode 100644 deps/v8/test/mjsunit/maglev/dataview-getbytelength-undefined.js create mode 100644 deps/v8/test/mjsunit/maglev/dataview-getbytelength.js create mode 100644 deps/v8/test/mjsunit/maglev/maglev-assert-types.js create mode 100644 deps/v8/test/mjsunit/maglev/number-to-string.js create mode 100644 deps/v8/test/mjsunit/maglev/optimize-float64-ieee754.js create mode 100644 deps/v8/test/mjsunit/maglev/optimize-float64-unary.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-backedge-self-1.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-backedge-self-2.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-conversions-no-truncation.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-float64-into-smi-check-speculative.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-float64-into-smi-check.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-float64-load-input.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-holeyfloat64-load-input.js create mode 100644 deps/v8/test/mjsunit/maglev/phi-untagging-int32-load-input.js create mode 100644 deps/v8/test/mjsunit/maglev/reflect-apply.js create mode 100644 deps/v8/test/mjsunit/maglev/reflect-get.js create mode 100644 deps/v8/test/mjsunit/maglev/reflect-has.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-455554110.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-456014076.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-456697305.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-456778855.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-457475186.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-457475530.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-457866756.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-458608439.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-460084175.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-460220166.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-460668396.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-460678755.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-461541271.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-463237815.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-463565998.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-463722459.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-464105362.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-464323255.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-464612781.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-464965404.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-465730465.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-466510900.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-466701290.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-469481626.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-470566252.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-473913278.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-474458890.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-476329375.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-479557032.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-480100972.mjs create mode 100644 deps/v8/test/mjsunit/maglev/regress-480568109.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-482261044-1.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-482261044-2.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-482261044-3.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-482545639.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-482810539.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-483423907.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-484393248.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-484911060.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-485843940.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-486530209.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-486657483-1.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-486657483-2.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-486657483-3.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-486657483-4.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-486657483-5.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-489362238.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-489369253.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-490353576.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-490558172-1.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-490558172-2.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-492245079.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-494492520.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495041650.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495751197.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495888361.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-495923720.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-496074718.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-496272034.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-496627235.js create mode 100644 deps/v8/test/mjsunit/maglev/regress-497112471.js create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-489605205.js create mode 100644 deps/v8/test/mjsunit/maglev/store-constant-field-nan.js create mode 100644 deps/v8/test/mjsunit/maglev/string-indexof-includes.js create mode 100644 deps/v8/test/mjsunit/maglev/unused-loop-phi.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/array-iterator-modification-1.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/array-iterator-modification-2.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/basic.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/closing.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/holey.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/holey2.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/regress-494013010.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/regress.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/set-regress.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/set-regress2.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/typed-array-iterator-modification-1.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/typed-array-iterator-modification-2.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/typed-array-iterator-modification-3.js create mode 100644 deps/v8/test/mjsunit/math-sum-precise/typed-array-iterator-modification-4.js create mode 100644 deps/v8/test/mjsunit/modules-eval-await.mjs create mode 100644 deps/v8/test/mjsunit/modules-namespace-super-access-tdz.mjs create mode 100644 deps/v8/test/mjsunit/modules-namespace-super-property-set.mjs create mode 100644 deps/v8/test/mjsunit/modules-namespace-super-set-tdz-with-accessor.mjs create mode 100644 deps/v8/test/mjsunit/natives-builtins.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_arrow_function.js => proto-seq-opt-arrow-function.js} (66%) rename deps/v8/test/mjsunit/opt-proto-seq/{test_assign_key_multiple_times.js => proto-seq-opt-assign-key-multiple-times.js} (81%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-basic.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-before-after.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_class_fast_path.js => proto-seq-opt-class-fast-path.js} (80%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-computed.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-constructor.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-destructuring.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_different_left_most_var.js => proto-seq-opt-different-left-most-var.js} (91%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-different-objects.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-duplicate.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_eval_return_last_set_property.js => proto-seq-opt-eval-return-last-set-property.js} (93%) rename deps/v8/test/mjsunit/opt-proto-seq/{test_feedback_vector_side_effect.js => proto-seq-opt-feedback-vector-side-effect.js} (90%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-frozen-objects-strict.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-frozen-objects.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_function_fast_path.js => proto-seq-opt-function-fast-path.js} (72%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-functions.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-get-own-property-descriptor.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-get-own-property-descriptors.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-global-proxy.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_has_prototype_keys.js => proto-seq-opt-has-prototype-keys.js} (73%) rename deps/v8/test/mjsunit/opt-proto-seq/{test_has_setters.js => proto-seq-opt-has-setters.js} (75%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-ignore-chain-descriptors.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-iife.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-interleaved.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-lazy-override-builtin.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-limit.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-locked-proto-strict.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-locked-proto.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-non-extensible-objects-strict.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-non-extensible-objects.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-non-literal.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-not-function.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_not_proto_assign_seq.js => proto-seq-opt-not-proto-assign-seq.js} (73%) rename deps/v8/test/mjsunit/opt-proto-seq/{test_null_prototype.js => proto-seq-opt-null-prototype.js} (68%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-object-assign.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-object-entries.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-object-values.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_poison_default_proto.js => proto-seq-opt-poison-default-proto.js} (75%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-preserve-descriptor.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_proto_of_prototype_assigned.js => proto-seq-opt-proto-of-prototype-assigned.js} (85%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-proto-prop.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_prototype_proto_keys.js => proto-seq-opt-prototype-proto-keys.js} (70%) rename deps/v8/test/mjsunit/opt-proto-seq/{test_prototype_read_only.js => proto-seq-opt-prototype-read-only.js} (71%) create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-readonly-chain.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-reassign-local.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-reflect-get-own-property-descriptor.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-reflect-get.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-setter-chain.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-shadow.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-slow-modified.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-slow-non-extensible.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-spreading.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-strict.js create mode 100644 deps/v8/test/mjsunit/opt-proto-seq/proto-seq-opt-structured-clone.js rename deps/v8/test/mjsunit/opt-proto-seq/{test_variable_proxy_eval.js => proto-seq-opt-variable-proxy-eval.js} (92%) rename deps/v8/test/mjsunit/opt-proto-seq/{test_variable_proxy.js => proto-seq-opt-variable-proxy.js} (92%) create mode 100644 deps/v8/test/mjsunit/private_fields/test_private_fields.js create mode 100644 deps/v8/test/mjsunit/queue-microtask-cross-realm-callback-report-exception.js create mode 100644 deps/v8/test/mjsunit/queue-microtask.js create mode 100644 deps/v8/test/mjsunit/regexp-boyer-moore.js create mode 100644 deps/v8/test/mjsunit/regexp-capture-4.js create mode 100644 deps/v8/test/mjsunit/regexp/skip-until-one-of-masked3.js create mode 100644 deps/v8/test/mjsunit/regress-450308355.js create mode 100644 deps/v8/test/mjsunit/regress-459629345.js create mode 100644 deps/v8/test/mjsunit/regress-463527959.js create mode 100644 deps/v8/test/mjsunit/regress-477993735.js create mode 100644 deps/v8/test/mjsunit/regress-478126027.js create mode 100644 deps/v8/test/mjsunit/regress-478205262.js create mode 100644 deps/v8/test/mjsunit/regress-480271345.js create mode 100644 deps/v8/test/mjsunit/regress-491935269.js create mode 100644 deps/v8/test/mjsunit/regress-493787228.js create mode 100644 deps/v8/test/mjsunit/regress-494876356.js create mode 100644 deps/v8/test/mjsunit/regress/asm/regress-490629397.js create mode 100644 deps/v8/test/mjsunit/regress/immutable-ab-regress.js create mode 100644 deps/v8/test/mjsunit/regress/regexp-489358153.js delete mode 100644 deps/v8/test/mjsunit/regress/regress-1000635.js create mode 100644 deps/v8/test/mjsunit/regress/regress-441205658.js create mode 100644 deps/v8/test/mjsunit/regress/regress-448997822.js create mode 100644 deps/v8/test/mjsunit/regress/regress-452082290.js create mode 100644 deps/v8/test/mjsunit/regress/regress-454568212.js create mode 100644 deps/v8/test/mjsunit/regress/regress-455191443.js create mode 100644 deps/v8/test/mjsunit/regress/regress-455515497.js create mode 100644 deps/v8/test/mjsunit/regress/regress-456131918.js create mode 100644 deps/v8/test/mjsunit/regress/regress-456307067.js create mode 100644 deps/v8/test/mjsunit/regress/regress-457452276.js create mode 100644 deps/v8/test/mjsunit/regress/regress-457475185.js create mode 100644 deps/v8/test/mjsunit/regress/regress-457866804.js create mode 100644 deps/v8/test/mjsunit/regress/regress-458609996.js create mode 100644 deps/v8/test/mjsunit/regress/regress-458677902.js create mode 100644 deps/v8/test/mjsunit/regress/regress-458790911.js create mode 100644 deps/v8/test/mjsunit/regress/regress-458849015.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459129418.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459130968.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459310839.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459335522.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459526523.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459526524.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459629118.js create mode 100644 deps/v8/test/mjsunit/regress/regress-459857147.js create mode 100644 deps/v8/test/mjsunit/regress/regress-460180700.js create mode 100644 deps/v8/test/mjsunit/regress/regress-460285610.js create mode 100644 deps/v8/test/mjsunit/regress/regress-460300660.js create mode 100644 deps/v8/test/mjsunit/regress/regress-460328643.js create mode 100644 deps/v8/test/mjsunit/regress/regress-460946135.js create mode 100644 deps/v8/test/mjsunit/regress/regress-461041351.js create mode 100644 deps/v8/test/mjsunit/regress/regress-461203133.js create mode 100644 deps/v8/test/mjsunit/regress/regress-461464257.js create mode 100644 deps/v8/test/mjsunit/regress/regress-461531861.js create mode 100644 deps/v8/test/mjsunit/regress/regress-461969023.js create mode 100644 deps/v8/test/mjsunit/regress/regress-462477283.js create mode 100644 deps/v8/test/mjsunit/regress/regress-462758899.js create mode 100644 deps/v8/test/mjsunit/regress/regress-463124098.js create mode 100644 deps/v8/test/mjsunit/regress/regress-463405539.js create mode 100644 deps/v8/test/mjsunit/regress/regress-463593768.js create mode 100644 deps/v8/test/mjsunit/regress/regress-463634335.js create mode 100644 deps/v8/test/mjsunit/regress/regress-464210575.js create mode 100644 deps/v8/test/mjsunit/regress/regress-464678348.js create mode 100644 deps/v8/test/mjsunit/regress/regress-464961493.js create mode 100644 deps/v8/test/mjsunit/regress/regress-467247247.js create mode 100644 deps/v8/test/mjsunit/regress/regress-470137261.js create mode 100644 deps/v8/test/mjsunit/regress/regress-474179451.js create mode 100644 deps/v8/test/mjsunit/regress/regress-474401153.js create mode 100644 deps/v8/test/mjsunit/regress/regress-474417795.js create mode 100644 deps/v8/test/mjsunit/regress/regress-476509600.js create mode 100644 deps/v8/test/mjsunit/regress/regress-478681249.js create mode 100644 deps/v8/test/mjsunit/regress/regress-479872236.js create mode 100644 deps/v8/test/mjsunit/regress/regress-481519344.js create mode 100644 deps/v8/test/mjsunit/regress/regress-482199449.js create mode 100644 deps/v8/test/mjsunit/regress/regress-484904778.js create mode 100644 deps/v8/test/mjsunit/regress/regress-486655252.js create mode 100644 deps/v8/test/mjsunit/regress/regress-486945364-1.js create mode 100644 deps/v8/test/mjsunit/regress/regress-486945364.js create mode 100644 deps/v8/test/mjsunit/regress/regress-487468464.js create mode 100644 deps/v8/test/mjsunit/regress/regress-487857171.js create mode 100644 deps/v8/test/mjsunit/regress/regress-488042855.js create mode 100644 deps/v8/test/mjsunit/regress/regress-489356185.js create mode 100644 deps/v8/test/mjsunit/regress/regress-489941769.js create mode 100644 deps/v8/test/mjsunit/regress/regress-490446682.js create mode 100644 deps/v8/test/mjsunit/regress/regress-490485402.js create mode 100644 deps/v8/test/mjsunit/regress/regress-490515529.js create mode 100644 deps/v8/test/mjsunit/regress/regress-491053452.js create mode 100644 deps/v8/test/mjsunit/regress/regress-491461591.js create mode 100644 deps/v8/test/mjsunit/regress/regress-491881374.js create mode 100644 deps/v8/test/mjsunit/regress/regress-492014648.js create mode 100644 deps/v8/test/mjsunit/regress/regress-493176399.js create mode 100644 deps/v8/test/mjsunit/regress/regress-493269623.js create mode 100644 deps/v8/test/mjsunit/regress/regress-493591676.mjs create mode 100644 deps/v8/test/mjsunit/regress/regress-493787222.js create mode 100644 deps/v8/test/mjsunit/regress/regress-494583765.js create mode 100644 deps/v8/test/mjsunit/regress/regress-494690599.js create mode 100644 deps/v8/test/mjsunit/regress/regress-495503057.mjs create mode 100644 deps/v8/test/mjsunit/regress/regress-495503781.js create mode 100644 deps/v8/test/mjsunit/regress/regress-498089319-2.js create mode 100644 deps/v8/test/mjsunit/regress/regress-498089319.js create mode 100644 deps/v8/test/mjsunit/regress/regress-498464176.js create mode 100644 deps/v8/test/mjsunit/regress/regress-7558019.js delete mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-335704358.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-488366773.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-488426618.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-489893167.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-490058830.js create mode 100644 deps/v8/test/mjsunit/regress/regress-temporal-zoneinfo.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-446122633.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-446124893.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-449028728.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-450868409.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-451144692.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-454276076.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-455711115.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-455832038.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-456319253.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-457106696.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-461547336.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-462045796.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-463089250.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-463546420.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-464606523.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-465815689.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-470127856.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-471380636.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-473272199.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-474491347.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-475896261.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-476177765.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-476461881.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-477654119.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-482759504.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-483269968.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-483643012.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-484405356.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-484499097.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-485152421.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-487444465.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-487750545.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-488089242.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-488790214.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-488943662.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-489029655.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-489109716.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-489349562.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490877756.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490877757.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490877758.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-490970052.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-491696923.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493088266.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493099941.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493171989.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493307331.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493314948.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493319628.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493430818.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493521637.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493521807.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493529579.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493646648.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-493905761.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-495503265.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-496628168.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-497330272.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-497404188.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-simd-458024245.js create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-simd-467479137.js create mode 100644 deps/v8/test/mjsunit/sandbox/bytecode-verifier-rejects-empty-bytecode.js create mode 100644 deps/v8/test/mjsunit/sandbox/bytecode-verifier-rejects-invalid-bytecode.js create mode 100644 deps/v8/test/mjsunit/sandbox/bytecode-verifier-testing-api.js create mode 100644 deps/v8/test/mjsunit/sandbox/hardware-watchpoints/basic-hardware-watchpoints.js create mode 100644 deps/v8/test/mjsunit/sandbox/hardware-watchpoints/regress-486705321.js delete mode 100644 deps/v8/test/mjsunit/sandbox/regress-443182220.js delete mode 100644 deps/v8/test/mjsunit/sandbox/regress-447307165.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-458679939.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-461097476.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-488362583.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-488651088.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-488927521.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-490769268.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-496618662.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress-496807861.js delete mode 100644 deps/v8/test/mjsunit/sandbox/regress/regress-435630464-ccall.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress/regress-454734141.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress/regress-462217236.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress/regress-469759459.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress/regress-472139305.js create mode 100644 deps/v8/test/mjsunit/sandbox/regress/regress-473478130.js create mode 100644 deps/v8/test/mjsunit/sandbox/wasm-jspi-uaf.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/async-synchronization-workers-terminated.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/condition-async-wait-no-await.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/condition-async-wait-realm-disposed.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/condition-async-wait-timeout.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/condition-async-wait.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-lock-promise-reject.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-lock-promise-resolve.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-lock-realm-disposed.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-lock-workers-timeout.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-lock-workers.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-lock.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-locked-worker-terminated.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/mutex-async-unlocked-worker-terminated.js create mode 100644 deps/v8/test/mjsunit/shared-memory/regress-488754149.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/regress-crbug-339043696.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/regress-crbug-349639796.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/regress-crbug-350641990.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/regress-crbug-366323424.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/regress-crbug-366643711.js delete mode 100644 deps/v8/test/mjsunit/shared-memory/regress-crbug-371659887.js create mode 100644 deps/v8/test/mjsunit/shared-memory/regress/regress-468231509.js create mode 100644 deps/v8/test/mjsunit/shared-memory/regress/regress-469804007.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-constructor.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-date-add.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-date-from-fields.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-date-until.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-day-of-week.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-day-of-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-day.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-days-in-month.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-days-in-week.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-days-in-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-fields.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-from.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-in-leap-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-merge-fields.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-month-code.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-month-day-from-fields.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-month.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-months-in-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-week-of-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-year-month-from-fields.js delete mode 100644 deps/v8/test/mjsunit/temporal/calendar-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/date-totemporalinstant.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-abs.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-add.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-constructor.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-from.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-negated.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-to-json-boundary-cases.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-to-json.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-valueOf.js delete mode 100644 deps/v8/test/mjsunit/temporal/duration-with.js delete mode 100644 deps/v8/test/mjsunit/temporal/function-exist-no-intl.js delete mode 100644 deps/v8/test/mjsunit/temporal/function-exist.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-add.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-compare.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-constructor.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-equals.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-from-epoch-microseconds.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-from-epoch-milliseconds.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-from-epoch-nanoseconds.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-from-epoch-seconds.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-subtract.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-to-json.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-toJSON.js delete mode 100644 deps/v8/test/mjsunit/temporal/instant-valueOf.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-add.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-compare.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-constructor.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-equals.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-from.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-calendar.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-day.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-dayOfWeek.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-dayOfYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-daysInMonth.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-daysInWeek.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-daysInYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-era.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-eraYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-inLeapYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-iso-fields.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-month.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-monthCode.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-monthsInYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-weekOfYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-get-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-add.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-compare.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-constructor.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-equals.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-from.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-calendar.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-day.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-dayOfWeek.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-dayOfYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-daysInMonth.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-daysInWeek.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-daysInYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-era.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-eraYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-hour.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-inLeapYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-iso-fields.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-microsecond.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-millisecond.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-minute.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-month.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-monthCode.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-monthsInYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-nanosecond.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-second.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-weekOfYear.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-get-year.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-subtract.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-to-json.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-to-plain-date.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-to-plain-month-day.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-to-plain-time.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-to-plain-year-month.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-valueOf.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-with-calendar.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-with-plain-date.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-with-plain-time.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-time-with.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-to-json.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-to-plain-date-time.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-to-plain-month-day.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-to-plain-year-month.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-valueOf.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-with-calendar.js delete mode 100644 deps/v8/test/mjsunit/temporal/plain-date-with.js delete mode 100644 deps/v8/test/mjsunit/temporal/temporal-helpers.js delete mode 100644 deps/v8/test/mjsunit/temporal/time-zone-constructor.js create mode 100644 deps/v8/test/mjsunit/turbolev/ThrowSuperNotCalledIfHole-folding-in-outer-try-catch.js create mode 100644 deps/v8/test/mjsunit/turbolev/ThrowSuperNotCalledIfHole-folding-in-try-catch.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/Uint8Clamped-typed-array.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/add-double-property.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/api-call-no-prof.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/api-call-prof.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-buffer-detached.js (85%) create mode 100644 deps/v8/test/mjsunit/turbolev/array-buffer-length-detached-protector-invalid.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-destruct.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-double-load.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-foreach.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-holey-double-load.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-load-hole.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-oob-load.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-prototype-map-array-constructor-protector.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-prototype-map-elements-kinds-dict.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-prototype-map-elements-kinds.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-push-grow.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/array-push-multi-double.js create mode 100644 deps/v8/test/mjsunit/turbolev/array-push-multi-poly.js create mode 100644 deps/v8/test/mjsunit/turbolev/array-push-multi-smi.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-push-pop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-smi-load.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/array-transitions.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/async-function-inline-1.js create mode 100644 deps/v8/test/mjsunit/turbolev/async-function-inline-2.js create mode 100644 deps/v8/test/mjsunit/turbolev/async-function-inline-3.js create mode 100644 deps/v8/test/mjsunit/turbolev/bigint-checknumber-no-deopt-loop.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/bitwise-smi.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/branch-on-math.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/builtin-continuation-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/call-spread-and-args.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/call-spread.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/catch-and-return.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/catch-multiple.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/catch.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/char-at.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/char-code-at-uint32max-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/check-float64-is-nan.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/check-intptr-is-smi.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/check-value-equals-f64.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/const-tracking-let.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/construct-array-feedback.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/construct-with-spread.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/constructor-extend-null-throw.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/constructor-super-called-twice.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/constructor-super-not-called.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/constructors.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/convert-receiver.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/create-array-lit.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/create-closure.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/create-object-lit.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/create-regexp-lit.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/create-shallow-array-literal.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/create-shallow-literal.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/dataview-getbytelength-not-dataview.js create mode 100644 deps/v8/test/mjsunit/turbolev/dataview-getbytelength-undefined.js create mode 100644 deps/v8/test/mjsunit/turbolev/dataview-getbytelength.js create mode 100644 deps/v8/test/mjsunit/turbolev/dataview-load-not-stale-float64.js create mode 100644 deps/v8/test/mjsunit/turbolev/dataview-load-not-stale-int32.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dataview.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/delete-property-sloppy.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/delete-property-strict.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-arguments-length.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-arguments.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-double-array.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-double-array2.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-duplicated-recursive.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-duplicated.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-heap-number.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-identical-heap-number-fields.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-multi-escape.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-nested-objects.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-regexp.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-rest-length.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-rest.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/dematerialized-simple-object.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/deopt-raw-float-int32.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/eval.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/exception-phis-retagging.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/extend-property-backing-store-1.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/extend-property-backing-store-2.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/fact.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/float-arith.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/float64-compare.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/float64-phi-osr.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/float64-to-bool-branch.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/float64-to-bool.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/for-in-arr.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/for-in-obj.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/for-in-this.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/function-apply-arguments.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/function-apply.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/function-call-generic.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-async-await-loop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-async.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-if.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-infinite-loop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-loop-if.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/generator-loop-inline.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-loop-multi-if.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-loop-no-forward-edge.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-loop-untagged-phis.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-loop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-nested-loops.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-return-finally-loop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-return-finally.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-return.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-straight-line.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-throw-loop-2-yields.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-throw-loop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-throw-nested-loop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-throw.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-yield-star-loop-1.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-yield-star-loop-2.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generator-yield-star.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generic-binop-exception.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/generic-binops-unops.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/get-template-object.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/has-in-prototype-chain-wasm.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/has-in-prototype-chain.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/holey-array-load.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/holey-float64-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/holey-float64-phi-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/holey-float64-phi-to-smi.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/ieee754-unary.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/inlined-function-loop.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/inlined-generator-basic.js create mode 100644 deps/v8/test/mjsunit/turbolev/inlined-generator-loop.js create mode 100644 deps/v8/test/mjsunit/turbolev/inlined-generator-next.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/inner-function.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/instanceof.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/int32-compare.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/javascript-builtin-continuation.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/js-call-lazy-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/js-call-on-receiver.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/js-fun-call.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/lazy-deopt-multi-return.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/literal-nan-hole-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-arr-with-float64-index.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-const-string-key.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/load-constant-holey-array.js create mode 100644 deps/v8/test/mjsunit/turbolev/load-elimination-backing-store-alias.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-field.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-global-inside-typeof.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-global.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-holey-double-arr-for-branch.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-holey-double-arr-for-return.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-named-from-super.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-named-generic.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/load-named-on-num.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/loop-multiple-forward-edges-no-phi.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/loop-multiple-forward-edges.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/loop.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/maglev-assert-types.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/make-array-init-size.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/make-array-no-init-size.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/make-fast-arr.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/make_objects.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/map-migration.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/math-atan2.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/math-pow.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/math-round.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/math-sqrt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/megamorphic-load.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/mutable-heap-number-field.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/nested-loop-osr-throw.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/new-array.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/new-derived.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/new-obj-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/new-obj.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/new_obj_arr_proto.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/new_obj_int_property.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/no-backedge-loop.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/not-initialized-let-in-switch.js (85%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/number-float-truncate.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/number-to-hf64.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/number-to-string.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/osr.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/over-under-application-inline.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/over-under-application-not-inline.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/phi-untagging-conversions-truncation.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/poly-store-transition.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/raw-abs.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-351177452.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-351219206.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-351283984.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-351418008.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/regress-351418019.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-351576252.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-354145409-1.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-354145409-2.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-355016861.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356194021.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356436621.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356649152.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356720579.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356901359.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356913279.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356913284-1.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-356913284-2.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-358461173-1.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-358461173-2.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-358957666.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-359266991.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-360207713.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-361124378.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-368725681.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-372754523.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-373025979.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-379207983.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-379776583.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-385657142.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/regress-406054652.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/regress-453772795.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-454314508.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-456370968.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-457490096.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-462853804.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-464196074.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-464504276.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-465696601.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-466333912.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-468909596.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-469831362.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-470668818.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-475276561.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-475583927.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-476507590.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-477658238.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-478009695.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-478035107.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-478126029.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-478252842.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-479549166.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-479881588.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-482084211.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-484527367.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-485478594.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-485535276.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-487646536.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-488090094.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-488790215.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-489193276.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-489689984.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-490450922-1.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-490450922-2.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-490450922-3.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-491466705.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-492046462.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-493319584.js create mode 100644 deps/v8/test/mjsunit/turbolev/regress-494058284.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/rest-param-length.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/script-context-smi-generator.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/set-get-keyed-generic.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/set-named-generic.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/set-prototype-has.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/shift_left.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/single-input-phi.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/smi-arith.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/stack-overflow.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/static-assert-fail.js create mode 100644 deps/v8/test/mjsunit/turbolev/static-assert-simple.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/store-field.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/store-float-to-smi-field.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/store-global.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/store-jsarray.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/store-uint32-to-smi-field.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/string-cmp.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/string-concat-throw.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/string-concat.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/string-from-charcode.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/string-lt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/string-or-oddball-compare.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/string-slice.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/string-to-boolean.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/super-try-catch-derived-constructor.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/switch.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/symbol-eq.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/tagged-equal.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/test-undetectable.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/throw.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/to-boolean.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/to-name.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/to-number-int32-phi.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/to-number.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/to-string.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-all-kinds.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-as-number-large.js (78%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-as-number.js (78%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-branch-if-to-boolean-true.js (78%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-deopt-large.js (76%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-exception-phi.js (84%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-index-into-array-large.js (82%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-index-into-array.js (84%) create mode 100644 deps/v8/test/mjsunit/turbolev/typed-array-length-index-into-typed-array-large.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-index-into-typed-array.js (66%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-iteration-large.js (82%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-iteration.js (84%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-phi.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-rab-gsab.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-store-into-global-large.js (78%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-store-into-global.js (80%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-store-script-context-large.js (79%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-store-script-context.js (82%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-to-boolean.js (78%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-to-number-large.js (77%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-array-length-to-number.js (79%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typed-arrays.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/typeof-self.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/uint32-conv.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/uint8-clamped-arr-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/unary_minus_smi_minus_0.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/unconditional-deopt.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/under-applied-builtin-call.js (100%) create mode 100644 deps/v8/test/mjsunit/turbolev/unreachable-catch-handler.js rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/unreachable-catch.js (100%) rename deps/v8/test/mjsunit/{turboshaft/maglev-frontend => turbolev}/write-const-glob.js (100%) delete mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-351418019.js delete mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/typed-array-length-index-into-typed-array-large.js create mode 100644 deps/v8/test/mjsunit/turboshaft/regress-456779480.js create mode 100644 deps/v8/test/mjsunit/turboshaft/regress-475299908.js create mode 100644 deps/v8/test/mjsunit/typedarray-with-resizable-buffer.js create mode 100644 deps/v8/test/mjsunit/wasm/call-indirect-null-check.js create mode 100644 deps/v8/test/mjsunit/wasm/compact-imports.js create mode 100644 deps/v8/test/mjsunit/wasm/cont-bind.js create mode 100644 deps/v8/test/mjsunit/wasm/custom-descriptors-imports.js create mode 100644 deps/v8/test/mjsunit/wasm/custom-descriptors-oom.js create mode 100644 deps/v8/test/mjsunit/wasm/debug-trace-minimal.js create mode 100644 deps/v8/test/mjsunit/wasm/load-shift32.js create mode 100644 deps/v8/test/mjsunit/wasm/quarter-shuffles.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-455605199.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-462100921.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-467205576.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-467863659.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-471363817.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-474141354.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-488803413.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-496645739.js create mode 100644 deps/v8/test/mjsunit/wasm/regress-497667917.js create mode 100644 deps/v8/test/mjsunit/wasm/resume-throw.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/acq-rel-load-and-store.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/acq-rel-rmw-operations.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/array-new-elem.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/string-builtins-utf8.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/string-builtins.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/strings.js create mode 100644 deps/v8/test/mjsunit/wasm/shared-everything/wait-queue.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-dot-i8.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-extract-replace.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-load-replaces.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-reduce.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-replace-lane-zero.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-rot64-no-xor.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-s128-orn.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-usaddl.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-usaddw.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-ussubl.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-ussubw.js create mode 100644 deps/v8/test/mjsunit/wasm/simd-xor-rot64.js create mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-no-cont-leak.js create mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-params.js create mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-switch-loop.js create mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-switch.js create mode 100644 deps/v8/test/mjsunit/wasm/wasmfx-load-elimination.js create mode 100644 deps/v8/test/mjsunit/wasm/wide-arithmetic.js delete mode 100644 deps/v8/test/test262/local-tests/test/staging/built-ins/RegExp/escape/surrogate-pair.js rename deps/v8/test/{cctest/test-assembler-arm.cc => unittests/assembler/assembler-arm-unittest.cc} (95%) rename deps/v8/test/{cctest/test-assembler-arm64.cc => unittests/assembler/assembler-arm64-unittest.cc} (93%) rename deps/v8/test/{cctest => unittests/assembler}/assembler-helper-arm.cc (92%) rename deps/v8/test/{cctest => unittests/assembler}/assembler-helper-arm.h (100%) rename deps/v8/test/{cctest/test-assembler-ia32.cc => unittests/assembler/assembler-ia32-unittest.cc} (91%) rename deps/v8/test/{cctest/test-assembler-loong64.cc => unittests/assembler/assembler-loong64-unittest.cc} (95%) rename deps/v8/test/{cctest/test-assembler-mips64.cc => unittests/assembler/assembler-mips64-unittest.cc} (82%) rename deps/v8/test/{cctest/test-assembler-ppc.cc => unittests/assembler/assembler-ppc-unittest.cc} (96%) rename deps/v8/test/{cctest/test-assembler-riscv32.cc => unittests/assembler/assembler-riscv32-unittest.cc} (89%) rename deps/v8/test/{cctest/test-assembler-riscv64.cc => unittests/assembler/assembler-riscv64-unittest.cc} (85%) rename deps/v8/test/{cctest/test-assembler-s390.cc => unittests/assembler/assembler-s390-unittest.cc} (93%) delete mode 100644 deps/v8/test/unittests/assembler/macro-assembler-riscv-unittest.cc rename deps/v8/test/{cctest/test-macro-assembler-riscv32.cc => unittests/assembler/macro-assembler-riscv32-unittest.cc} (90%) rename deps/v8/test/{cctest/test-macro-assembler-riscv64.cc => unittests/assembler/macro-assembler-riscv64-unittest.cc} (91%) rename deps/v8/test/{cctest/test-simple-riscv32.cc => unittests/assembler/simple-riscv32-unittest.cc} (91%) rename deps/v8/test/{cctest/test-simple-riscv64.cc => unittests/assembler/simple-riscv64-unittest.cc} (91%) rename deps/v8/test/{cctest/test-sync-primitives-arm.cc => unittests/assembler/sync-primitives-arm-unittest.cc} (94%) rename deps/v8/test/{cctest => unittests/assembler}/test-helper-riscv32.cc (89%) rename deps/v8/test/{cctest => unittests/assembler}/test-helper-riscv32.h (97%) rename deps/v8/test/{cctest => unittests/assembler}/test-helper-riscv64.cc (89%) rename deps/v8/test/{cctest => unittests/assembler}/test-helper-riscv64.h (95%) rename deps/v8/test/{cctest => unittests/assembler}/test-utils-arm64.cc (93%) rename deps/v8/test/{cctest => unittests/assembler}/test-utils-arm64.h (99%) create mode 100644 deps/v8/test/unittests/builtins/builtins-math-unittest.cc create mode 100644 deps/v8/test/unittests/codegen/safepoint-table-unittest.cc create mode 100644 deps/v8/test/unittests/compiler/turboshaft/call-runtime-unittest.cc create mode 100644 deps/v8/test/unittests/dumpling/dumpling-unittest.cc create mode 100644 deps/v8/test/unittests/heap/cppgc-js/cpp-heap-stack-start-marker-unittest.cc create mode 100644 deps/v8/test/unittests/heap/cppgc/stack-start-marker-unittest.cc create mode 100644 deps/v8/test/unittests/heap/minimal-stack-unittest.cc create mode 100644 deps/v8/test/unittests/heap/page-casting-unittest.cc create mode 100644 deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateFieldSpecializedBytecode.golden create mode 100644 deps/v8/test/unittests/maglev/hamt-unittest.cc create mode 100644 deps/v8/test/unittests/maglev/maglev-graph-builder-unittest.cc create mode 100644 deps/v8/test/unittests/objects/module-request-unittest.cc create mode 100644 deps/v8/test/unittests/profiler/heap-snapshot-utils.cc create mode 100644 deps/v8/test/unittests/profiler/heap-snapshot-utils.h create mode 100644 deps/v8/test/unittests/sandbox/bytecode-verifier-unittest.cc create mode 100644 deps/v8/test/unittests/sandbox/libcxx-hardening-unittest.cc create mode 100644 deps/v8/test/unittests/sandbox/sandbox-violation-unittest.cc create mode 100644 deps/v8/test/unittests/wasm/compilation-hints-unittest.cc create mode 100644 deps/v8/test/webkit/fast/js/nested-object-gc-expected.txt create mode 100644 deps/v8/test/webkit/fast/js/nested-object-gc.js create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/casts.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/hardening.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/hardening.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/hardening_test.cc rename deps/v8/third_party/abseil-cpp/absl/base/{internal => }/throw_delegate.cc (93%) rename deps/v8/third_party/abseil-cpp/absl/base/{internal => }/throw_delegate.h (81%) create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/chunked_queue.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/chunked_queue_benchmark.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/chunked_queue_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/internal/chunked_queue.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/internal/heterogeneous_lookup_testing.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/linked_hash_map.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/linked_hash_map_benchmark.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/linked_hash_map_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/linked_hash_set.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/linked_hash_set_benchmark.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/container/linked_hash_set_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/log/internal/container.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/log/internal/container_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/meta/internal/constexpr_testing.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/meta/internal/constexpr_testing_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/meta/internal/requires.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/meta/internal/requires_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/internal/append_and_overwrite.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/internal/append_and_overwrite_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/internal/generic_printer.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/internal/generic_printer.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/internal/generic_printer_internal.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/internal/generic_printer_test.cc delete mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/string_view.cc delete mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/string_view_benchmark.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/clock_interface.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/clock_interface.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/clock_interface_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_name_win.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_name_win.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/simulated_clock.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/simulated_clock.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/time/simulated_clock_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/optional_ref.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/optional_ref_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/source_location.h create mode 100644 deps/v8/third_party/abseil-cpp/absl/types/source_location_test.cc create mode 100644 deps/v8/third_party/abseil-cpp/patches/0004-string-view-transitive-includes create mode 100644 deps/v8/third_party/abseil-cpp/patches/0005-mutex-deprecations.patch create mode 100644 deps/v8/third_party/abseil-cpp/patches/0006-undef-absl-hash-internal-has-crc32.patch create mode 100644 deps/v8/third_party/abseil-cpp/patches/0007-deprecated-base64-escape.patch create mode 100644 deps/v8/third_party/zlib/README create mode 100644 deps/v8/third_party/zlib/doc/algorithm.txt create mode 100644 deps/v8/third_party/zlib/doc/crc-doc.1.0.pdf create mode 100644 deps/v8/third_party/zlib/doc/rfc1950.txt create mode 100644 deps/v8/third_party/zlib/doc/rfc1951.txt create mode 100644 deps/v8/third_party/zlib/doc/rfc1952.txt create mode 100644 deps/v8/third_party/zlib/doc/txtvsbin.txt delete mode 100644 deps/v8/third_party/zlib/patches/0010-cmake-enable-simd.patch create mode 100644 deps/v8/third_party/zlib/patches/0010-cmake.patch create mode 100644 deps/v8/third_party/zlib/patches/0019-fix-zip64-in-zip.patch create mode 100644 deps/v8/third_party/zlib/win32/zlib1.rc delete mode 100644 deps/v8/third_party/zlib/zconf.h.cmakein create mode 100644 deps/v8/third_party/zlib/zlibConfig.cmake.in create mode 100644 deps/v8/tools/cluster_files.py create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/mutators/memory_corruption_mutator.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/resources/sandbox_fuzz_library.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test/test_memory_corruptions.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/memory_corruption/input.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/memory_corruption/output_expected.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/db/AwaitExpression/a1.json create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/db/index.json create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/expected.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/regress/await/input.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/transpile/proto1.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/transpile/proto1_expected.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/transpile/v8/test/mjsunit/mjsunit.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/transpile/v8/test/mjsunit/test1.js create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/test_data/transpile/v8/test/mjsunit/test1_expected.js create mode 100644 deps/v8/tools/testrunner/testproc/indicators_test.py create mode 100755 deps/v8/tools/turboshaft-stacktrace-filter.py create mode 100644 deps/v8/tools/turboshaft_type_formatter.py diff --git a/deps/v8/.clang-format b/deps/v8/.clang-format index d655b2039f8848..370034d67bba3a 100644 --- a/deps/v8/.clang-format +++ b/deps/v8/.clang-format @@ -14,6 +14,11 @@ Macros: - CASE_=case - FOR_WITH_HANDLE_SCOPE(isolate, init, loop_var, limit_check, increment)=for(init; loop_var; increment) - WHILE_WITH_HANDLE_SCOPE(isolate, limit_check)=while(limit_check) + # Make clang-format parse conditions in flag implications as expressions, not type definitions. + - DEFINE_IMPLICATION(cond,flag,value)=if(cond) { flag; }; + - DEFINE_WEAK_IMPLICATION(cond,flag,value)=if(cond) { flag; }; + - DEFINE_VALUE_IMPLICATION(cond,flag,value)=if(cond) { flag = value; }; + - DEFINE_WEAK_VALUE_IMPLICATION(cond,flag,value)=if(cond) { flag = value; }; StatementMacros: - DECL_CAST - DECL_VERIFIER diff --git a/deps/v8/.git-blame-ignore-revs b/deps/v8/.git-blame-ignore-revs index 0b12c1ac601857..98275bc6748f9a 100644 --- a/deps/v8/.git-blame-ignore-revs +++ b/deps/v8/.git-blame-ignore-revs @@ -124,3 +124,6 @@ cb67be1a3842fcf6a0da18aee444e3b7ea789e04 d1b27019d3bf86360ea838c317f8505fac6d3a7e 44fe02ced6e4c6b49d627807e3b3fd0edbbeb36e ec06bb6ce5641cf65e400ec55b7421f87d04b999 + +# Simplify variants flags +0476eb39b3c58671720d3ef78730821a5b7d93fa diff --git a/deps/v8/.gitignore b/deps/v8/.gitignore index 388d39863d83cc..f912b7a087d6ca 100644 --- a/deps/v8/.gitignore +++ b/deps/v8/.gitignore @@ -62,6 +62,7 @@ /src/inspector/build/closure-compiler /src/inspector/build/closure-compiler.tar.gz /test/benchmarks/data +/test/benchmarks/JetStream3 /test/fuzzer/wasm_corpus/ /test/fuzzer/wasm_corpus.tar.gz !/test/mjsunit/tools/*.log @@ -155,6 +156,7 @@ bazel-out bazel-testlogs bazel-v8 launch.json +MODULE.bazel.lock !/third_party/jinja2 !/third_party/markupsafe !/third_party/zlib diff --git a/deps/v8/.gn b/deps/v8/.gn index e13ae6d5ec82da..0de23defb360ec 100644 --- a/deps/v8/.gn +++ b/deps/v8/.gn @@ -36,10 +36,15 @@ default_args = { # Use Siso instead of Ninja. use_siso = true + + # V8 should stay in C++20 for now. + use_cxx23 = false } # These are the list of GN files that run exec_script. This whitelist exists # to force additional review for new uses of exec_script, which is strongly # discouraged except for gypi_to_gn calls. -exec_script_allowlist = build_dotfile_settings.exec_script_allowlist + - [ "//build_overrides/build.gni" ] +exec_script_allowlist = build_dotfile_settings.exec_script_allowlist + [ + "//build_overrides/build.gni", + "//gni/cluster_build.gni", + ] diff --git a/deps/v8/AUTHORS b/deps/v8/AUTHORS index 96d5b843d2badf..df2b957d6382a5 100644 --- a/deps/v8/AUTHORS +++ b/deps/v8/AUTHORS @@ -44,6 +44,7 @@ Julia Computing, Inc. <*@juliacomputing.com> CodeWeavers, Inc. <*@codeweavers.com> Alibaba, Inc. <*@alibaba-inc.com> SiFive, Inc. <*@sifive.com> +Island Technology, Inc. <*@island.io> Aapo Alasuutari Aaron Bieber @@ -131,7 +132,7 @@ Fedor Indutny Felix Geisendörfer Feng Yu Filipe David Manana -Florian Loitsch +Florian Loitsch Frank Lemanschik Franziska Hinkelmann Gao Sheng @@ -155,6 +156,7 @@ Huáng Jùnliàng HyeockJin Kim Iain Ireland Ilya Gavrilin +Ilyas Shabi Ingvar Stepanyan Ioseb Dzmanashvili Isiah Meadows @@ -165,6 +167,7 @@ James Pike Jan Krems Jan de Mooij Janusz Majnert +Jarden Xian Javad Amiri Jay Freeman Jeroen Bobbeldijk @@ -186,7 +189,7 @@ Junha Park Junming Huang Kang-Hao (Kenny) Lu Karl Skomski -Kasper Lund +Kasper Lund Keith Smiley Kenta Moriuchi Kevin Gibbons @@ -272,6 +275,7 @@ Rong Wang Ross Kirsling Ruben Bridgewater Ryan Dahl +Sahil Shaikh Sakthipriyan Vairamani (thefourtheye) Sander Mathijs van Veen Sandro Santilli @@ -340,6 +344,7 @@ Zhao Jiazhong Zhao Qin Zhaojun Meng Zheng Liu +Zhongqi Wang Zhongping Wang 柳荣一 Yang Xiang diff --git a/deps/v8/BUILD.bazel b/deps/v8/BUILD.bazel index 91da3cadbb526a..ae9c73762bef46 100644 --- a/deps/v8/BUILD.bazel +++ b/deps/v8/BUILD.bazel @@ -163,6 +163,18 @@ v8_flag( default = True, ) +v8_flag( + name = "v8_enable_undefined_double", + default = True, +) + +v8_flag(name = "v8_enable_experimental_tq_to_tsa") + +v8_flag( + name = "v8_use_host_cpu_arm_features", + default = True, +) + # Default setting for v8_enable_maglev selects.config_setting_group( name = "maglev_by_default", @@ -513,12 +525,13 @@ v8_config( "v8_enable_seeded_array_index_hash": "V8_ENABLE_SEEDED_ARRAY_INDEX_HASH", "v8_jitless": "V8_JITLESS", "v8_enable_vtunejit": "ENABLE_VTUNE_JIT_INTERFACE", + "v8_enable_undefined_double": "V8_ENABLE_UNDEFINED_DOUBLE", + "v8_use_host_cpu_arm_features": "V8_USE_HOST_CPU_ARM_FEATURES", }, defines = [ "GOOGLE3", "V8_ADVANCED_BIGINT_ALGORITHMS", "V8_CONCURRENT_MARKING", - "V8_ENABLE_LEAPTIERING", "V8_ENABLE_SPARKPLUG", "V8_ENABLE_EXTENSIBLE_RO_SNAPSHOT", "V8_ENABLE_CONTINUATION_PRESERVED_EMBEDDER_DATA", @@ -529,6 +542,18 @@ v8_config( "V8_ENABLE_CHECKS", ], "//conditions:default": [], + }) + select({ + "@v8//bazel/config:asan_enabled" : [ "V8_USE_ADDRESS_SANITIZER" ], + "//conditions:default": [], + }) + select({ + "@v8//bazel/config:hwasan_enabled" : [ "V8_USE_HWADDRESS_SANITIZER" ], + "//conditions:default": [], + }) + select({ + "@v8//bazel/config:msan_enabled" : [ "V8_USE_MEMORY_SANITIZER" ], + "//conditions:default": [], + }) + select({ + "@v8//bazel/config:ubsan_enabled" : [ "V8_USE_UNDEFINED_BEHAVIOR_SANITIZER" ], + "//conditions:default": [], }) + select( { "@v8//bazel/config:v8_target_ia32": ["V8_TARGET_ARCH_IA32"], @@ -803,6 +828,7 @@ filegroup( "src/base/abort-mode.cc", "src/base/abort-mode.h", "src/base/address-region.h", + "src/base/algorithm.h", "src/base/atomic-utils.h", "src/base/atomicops.h", "src/base/base-export.h", @@ -817,8 +843,9 @@ filegroup( "src/base/compiler-specific.h", "src/base/container-utils.h", "src/base/contextual.h", - "src/base/cpu.cc", - "src/base/cpu.h", + "src/base/cpu/cpu.cc", + "src/base/cpu/cpu.h", + "src/base/cpu/cpu-helper.h", "src/base/debug/stack_trace.cc", "src/base/debug/stack_trace.h", "src/base/discriminated-union.h", @@ -832,6 +859,7 @@ filegroup( "src/base/file-utils.cc", "src/base/file-utils.h", "src/base/flags.h", + "src/base/float16.h", "src/base/fpu.cc", "src/base/fpu.h", "src/base/functional/bind-internal.h", @@ -849,6 +877,7 @@ filegroup( "src/base/logging.cc", "src/base/logging.h", "src/base/macros.h", + "src/base/memcopy.h", "src/base/memory.h", "src/base/numbers/bignum.cc", "src/base/numbers/bignum.h", @@ -969,6 +998,25 @@ filegroup( "src/base/platform/platform-win32.h", "src/base/win32-headers.h", ], + }) + select({ + "@v8//bazel/config:v8_target_x64": [ + "src/base/cpu/cpu-x86.cc", + ], + "@v8//bazel/config:v8_target_ia32": [ + "src/base/cpu/cpu-x86.cc", + ], + "@v8//bazel/config:v8_target_arm64": [ + "src/base/cpu/cpu-arm.cc", + ], + "@v8//bazel/config:v8_target_arm": [ + "src/base/cpu/cpu-arm.cc", + ], + "@v8//bazel/config:v8_target_ppc64le": [ + "src/base/cpu/cpu-ppc.cc", + ], + "@v8//bazel/config:v8_target_riscv64": [ + "src/base/cpu/cpu-riscv.cc", + ], }), visibility = ["//visibility:public"], ) @@ -1337,7 +1385,14 @@ filegroup( "src/torque/types.h", "src/torque/utils.cc", "src/torque/utils.h", - ], + ] + select({ + ":is_v8_enable_experimental_tq_to_tsa": [ + "src/torque/ast-visitor.h", + "src/torque/tsa-generator.cc", + "src/torque/tsa-generator.h", + ], + "//conditions:default": [], + }), ) filegroup( @@ -1422,7 +1477,12 @@ filegroup( "src/builtins/builtins-function.cc", "src/builtins/builtins-global.cc", "src/builtins/builtins-internal.cc", + "src/builtins/builtins-iterator.h", + "src/builtins/builtins-iterator-inl.h", "src/builtins/builtins-json.cc", + "src/builtins/builtins-math.cc", + "src/builtins/builtins-math-xsum.h", + "src/builtins/builtins-math-xsum.cc", "src/builtins/builtins-number.cc", "src/builtins/builtins-object.cc", "src/builtins/builtins-promise.h", @@ -1445,6 +1505,7 @@ filegroup( "src/builtins/constants-table-builder.h", "src/builtins/data-view-ops.h", "src/builtins/profile-data-reader.h", + "src/builtins/superspread.h", "src/codegen/aligned-slot-allocator.cc", "src/codegen/aligned-slot-allocator.h", "src/codegen/assembler.cc", @@ -1631,6 +1692,7 @@ filegroup( "src/execution/isolate.cc", "src/execution/isolate.h", "src/execution/isolate-data.h", + "src/execution/isolate-data-fields.h", "src/execution/isolate-inl.h", "src/execution/isolate-utils.h", "src/execution/isolate-utils-inl.h", @@ -1707,9 +1769,9 @@ filegroup( "src/heap/base-space.h", "src/heap/base/active-system-pages.cc", "src/heap/base/active-system-pages.h", - "src/heap/memory-chunk-metadata.cc", - "src/heap/memory-chunk-metadata.h", - "src/heap/memory-chunk-metadata-inl.h", + "src/heap/base-page.cc", + "src/heap/base-page.h", + "src/heap/base-page-inl.h", "src/heap/code-range.cc", "src/heap/code-range.h", "src/heap/trusted-range.cc", @@ -1789,9 +1851,9 @@ filegroup( "src/heap/incremental-marking-job.h", "src/heap/index-generator.cc", "src/heap/index-generator.h", - "src/heap/large-page-metadata.cc", - "src/heap/large-page-metadata.h", - "src/heap/large-page-metadata-inl.h", + "src/heap/large-page.cc", + "src/heap/large-page.h", + "src/heap/large-page-inl.h", "src/heap/large-spaces.cc", "src/heap/large-spaces.h", "src/heap/linear-allocation-area.h", @@ -1833,9 +1895,9 @@ filegroup( "src/heap/memory-allocator.h", "src/heap/memory-balancer.cc", "src/heap/memory-balancer.h", - "src/heap/mutable-page-metadata.cc", - "src/heap/mutable-page-metadata.h", - "src/heap/mutable-page-metadata-inl.h", + "src/heap/mutable-page.cc", + "src/heap/mutable-page.h", + "src/heap/mutable-page-inl.h", "src/heap/memory-chunk.cc", "src/heap/memory-chunk.h", "src/heap/memory-chunk-constants.h", @@ -1860,9 +1922,9 @@ filegroup( "src/heap/heap-visitor.cc", "src/heap/heap-visitor.h", "src/heap/heap-visitor-inl.h", - "src/heap/page-metadata.cc", - "src/heap/page-metadata.h", - "src/heap/page-metadata-inl.h", + "src/heap/normal-page.cc", + "src/heap/normal-page.h", + "src/heap/normal-page-inl.h", "src/heap/paged-spaces.cc", "src/heap/paged-spaces.h", "src/heap/paged-spaces-inl.h", @@ -2118,6 +2180,9 @@ filegroup( "src/objects/js-collection-inl.h", "src/objects/js-collection-iterator.h", "src/objects/js-collection-iterator-inl.h", + "src/objects/js-data-object-builder.cc", + "src/objects/js-data-object-builder.h", + "src/objects/js-data-object-builder-inl.h", "src/objects/js-disposable-stack.cc", "src/objects/js-disposable-stack.h", "src/objects/js-disposable-stack-inl.h", @@ -2210,6 +2275,8 @@ filegroup( "src/objects/hole.h", "src/objects/trusted-object.h", "src/objects/trusted-object-inl.h", + "src/objects/trusted-pointer.h", + "src/objects/trusted-pointer-inl.h", "src/objects/option-utils.cc", "src/objects/option-utils.h", "src/objects/ordered-hash-table.cc", @@ -2357,7 +2424,6 @@ filegroup( "src/profiler/heap-snapshot-common.h", "src/profiler/heap-snapshot-generator.cc", "src/profiler/heap-snapshot-generator.h", - "src/profiler/heap-snapshot-generator-inl.h", "src/profiler/output-stream-writer.h", "src/profiler/profile-generator.cc", "src/profiler/profile-generator.h", @@ -2390,6 +2456,10 @@ filegroup( "src/regexp/regexp.h", "src/regexp/regexp-ast.cc", "src/regexp/regexp-ast.h", + "src/regexp/regexp-ast-printer.cc", + "src/regexp/regexp-ast-printer.h", + "src/regexp/regexp-bytecode-analysis.cc", + "src/regexp/regexp-bytecode-analysis.h", "src/regexp/regexp-bytecode-generator.cc", "src/regexp/regexp-bytecode-generator.h", "src/regexp/regexp-bytecode-generator-inl.h", @@ -2411,6 +2481,8 @@ filegroup( "src/regexp/regexp-error.cc", "src/regexp/regexp-error.h", "src/regexp/regexp-flags.h", + "src/regexp/regexp-graph-printer.cc", + "src/regexp/regexp-graph-printer.h", "src/regexp/regexp-interpreter.cc", "src/regexp/regexp-interpreter.h", "src/regexp/regexp-macro-assembler.cc", @@ -2419,8 +2491,12 @@ filegroup( "src/regexp/regexp-macro-assembler-tracer.cc", "src/regexp/regexp-macro-assembler-tracer.h", "src/regexp/regexp-nodes.h", + "src/regexp/regexp-node-printer.cc", + "src/regexp/regexp-node-printer.h", "src/regexp/regexp-parser.cc", "src/regexp/regexp-parser.h", + "src/regexp/regexp-printer.cc", + "src/regexp/regexp-printer.h", "src/regexp/regexp-result-vector.cc", "src/regexp/regexp-result-vector.h", "src/regexp/regexp-stack.cc", @@ -2470,6 +2546,8 @@ filegroup( "src/runtime/runtime-weak-refs.cc", "src/sandbox/bounded-size.h", "src/sandbox/bounded-size-inl.h", + "src/sandbox/bytecode-verifier.h", + "src/sandbox/bytecode-verifier.cc", "src/sandbox/check.h", "src/sandbox/external-pointer.h", "src/sandbox/external-pointer-inl.h", @@ -2497,6 +2575,8 @@ filegroup( "src/sandbox/code-sandboxing-mode.h", "src/sandbox/compactible-external-entity-table-inl.h", "src/sandbox/compactible-external-entity-table.h", + "src/sandbox/external-strings-cage.cc", + "src/sandbox/external-strings-cage.h", "src/sandbox/isolate.h", "src/sandbox/isolate-inl.h", "src/sandbox/indirect-pointer.h", @@ -2509,6 +2589,8 @@ filegroup( "src/sandbox/hardware-support.h", "src/sandbox/sandbox.cc", "src/sandbox/sandbox.h", + "src/sandbox/sandboxable-thread.cc", + "src/sandbox/sandboxable-thread.h", "src/sandbox/sandbox-malloc.h", "src/sandbox/sandboxed-pointer.h", "src/sandbox/sandboxed-pointer-inl.h", @@ -2565,6 +2647,7 @@ filegroup( "src/snapshot/startup-serializer.h", "src/strings/char-predicates.h", "src/strings/char-predicates-inl.h", + "src/strings/owning-external-string-resource.h", "src/strings/string-builder.cc", "src/strings/string-builder.h", "src/strings/string-builder-inl.h", @@ -2590,6 +2673,7 @@ filegroup( "src/tasks/task-utils.cc", "src/tasks/task-utils.h", "src/torque/runtime-macro-shims.h", + "src/tracing/perfetto-sdk.h", "src/tracing/trace-event.cc", "src/tracing/trace-event.h", "src/tracing/trace-event-no-perfetto.h", @@ -2613,7 +2697,6 @@ filegroup( "src/utils/identity-map.h", "src/utils/locked-queue.h", "src/utils/locked-queue-inl.h", - "src/utils/memcopy.cc", "src/utils/memcopy.h", "src/utils/output-stream.cc", "src/utils/output-stream.h", @@ -2902,6 +2985,7 @@ filegroup( "//conditions:default": [], }) + select({ ":enable_maglev": [ + "src/maglev/hamt.h", "src/maglev/maglev-assembler-inl.h", "src/maglev/maglev-assembler.h", "src/maglev/maglev-basic-block.h", @@ -2925,12 +3009,16 @@ filegroup( "src/maglev/maglev-ir-inl.h", "src/maglev/maglev-ir.h", "src/maglev/maglev-kna-processor.h", + "src/maglev/maglev-map-inference.h", + "src/maglev/maglev-node-type.h", "src/maglev/maglev-phi-representation-selector.h", "src/maglev/maglev-truncation.h", "src/maglev/maglev-pipeline-statistics.h", "src/maglev/maglev-post-hoc-optimizations-processors.h", "src/maglev/maglev-pre-regalloc-codegen-processors.h", + "src/maglev/maglev-range.h", "src/maglev/maglev-range-analysis.h", + "src/maglev/maglev-range-verification.h", "src/maglev/maglev-reducer-inl.h", "src/maglev/maglev-reducer.h", "src/maglev/maglev-regalloc-data.h", @@ -2954,9 +3042,12 @@ filegroup( "src/maglev/maglev-inlining.cc", "src/maglev/maglev-interpreter-frame-state.cc", "src/maglev/maglev-ir.cc", + "src/maglev/maglev-node-type.cc", "src/maglev/maglev-phi-representation-selector.cc", + "src/maglev/maglev-tracer.h", "src/maglev/maglev-truncation.cc", "src/maglev/maglev-pipeline-statistics.cc", + "src/maglev/maglev-range-verification.cc", "src/maglev/maglev-regalloc.cc", "src/maglev/maglev.cc", ], @@ -3032,12 +3123,14 @@ filegroup( "src/wasm/code-space-access.h", "src/wasm/compilation-environment.h", "src/wasm/compilation-environment-inl.h", + "src/wasm/compilation-hints-generation.cc", + "src/wasm/compilation-hints-generation.h", "src/wasm/constant-expression.cc", "src/wasm/constant-expression.h", "src/wasm/constant-expression-interface.cc", "src/wasm/constant-expression-interface.h", "src/wasm/decoder.h", - "src/wasm/float16.h", + "src/wasm/effect-handler.h", "src/wasm/function-body-decoder.cc", "src/wasm/function-body-decoder.h", "src/wasm/function-body-decoder-impl.h", @@ -3095,6 +3188,7 @@ filegroup( "src/wasm/wasm-disassembler.h", "src/wasm/wasm-disassembler-impl.h", "src/wasm/wasm-engine.cc", + "src/wasm/wasm-engine-globals.h", "src/wasm/wasm-engine.h", "src/wasm/wasm-export-wrapper-cache.cc", "src/wasm/wasm-export-wrapper-cache.h", @@ -3103,7 +3197,11 @@ filegroup( "src/wasm/wasm-features.cc", "src/wasm/wasm-features.h", "src/wasm/wasm-import-wrapper-cache.cc", + "src/wasm/wasm-stack-wrapper-cache.cc", + "src/wasm/wasm-wrapper-cache.cc", "src/wasm/wasm-import-wrapper-cache.h", + "src/wasm/wasm-stack-wrapper-cache.h", + "src/wasm/wasm-wrapper-cache.h", "src/wasm/wasm-init-expr.h", "src/wasm/wasm-js.cc", "src/wasm/wasm-js.h", @@ -3135,6 +3233,7 @@ filegroup( "src/wasm/wrappers.cc", "src/wasm/wrappers.h", "src/wasm/wrappers-inl.h", + "src/wasm/wasm-wrapper-cache-inl.h", "third_party/utf8-decoder/generalized-utf8-decoder.h", ], "//conditions:default": [], @@ -3254,8 +3353,8 @@ filegroup( "src/compiler/backend/spill-placer.cc", "src/compiler/backend/spill-placer.h", "src/compiler/backend/unwinding-info-writer.h", - "src/compiler/basic-block-instrumentor.cc", - "src/compiler/basic-block-instrumentor.h", + "src/compiler/basic-block-call-graph-profiler.cc", + "src/compiler/basic-block-call-graph-profiler.h", "src/compiler/branch-elimination.cc", "src/compiler/branch-elimination.h", "src/compiler/bytecode-analysis.cc", @@ -3394,8 +3493,6 @@ filegroup( "src/compiler/operator-properties.h", "src/compiler/osr.cc", "src/compiler/osr.h", - "src/compiler/pair-load-store-reducer.cc", - "src/compiler/pair-load-store-reducer.h", "src/compiler/per-isolate-compiler-cache.h", "src/compiler/persistent-map.h", "src/compiler/phase.h", @@ -3509,6 +3606,7 @@ filegroup( "src/compiler/turboshaft/late-load-elimination-reducer.h", "src/compiler/turboshaft/layered-hash-map.h", "src/compiler/turboshaft/load-store-simplification-reducer.h", + "src/compiler/turboshaft/load-store-verification-reducer.h", "src/compiler/turboshaft/loop-finder.cc", "src/compiler/turboshaft/loop-finder.h", "src/compiler/turboshaft/loop-peeling-phase.cc", @@ -3521,6 +3619,7 @@ filegroup( "src/compiler/turboshaft/machine-lowering-phase.cc", "src/compiler/turboshaft/machine-lowering-phase.h", "src/compiler/turboshaft/machine-lowering-reducer-inl.h", + "src/compiler/turboshaft/maglev-assert-types-reducer.h", "src/compiler/turboshaft/turbolev-early-lowering-reducer-inl.h", "src/compiler/turboshaft/turbolev-frontend-pipeline.cc", "src/compiler/turboshaft/turbolev-frontend-pipeline.h", @@ -3533,8 +3632,8 @@ filegroup( "src/compiler/turboshaft/operations.cc", "src/compiler/turboshaft/operations.h", "src/compiler/turboshaft/opmasks.h", - "src/compiler/turboshaft/optimize-phase.cc", - "src/compiler/turboshaft/optimize-phase.h", + "src/compiler/turboshaft/memory-optimization-phase.cc", + "src/compiler/turboshaft/memory-optimization-phase.h", "src/compiler/turboshaft/phase.cc", "src/compiler/turboshaft/phase.h", "src/compiler/turboshaft/pipelines.cc", @@ -3556,8 +3655,8 @@ filegroup( "src/compiler/turboshaft/snapshot-table.h", "src/compiler/turboshaft/snapshot-table-opindex.h", "src/compiler/turboshaft/stack-check-lowering-reducer.h", - "src/compiler/turboshaft/store-store-elimination-phase.cc", - "src/compiler/turboshaft/store-store-elimination-phase.h", + "src/compiler/turboshaft/load-elimination-phase.cc", + "src/compiler/turboshaft/load-elimination-phase.h", "src/compiler/turboshaft/store-store-elimination-reducer-inl.h", "src/compiler/turboshaft/string-escape-analysis-reducer.cc", "src/compiler/turboshaft/string-escape-analysis-reducer.h", @@ -3714,6 +3813,7 @@ filegroup( # include them explicitely when Maglev is disabled. ":enable_maglev": [], "//conditions:default": [ + "src/maglev/hamt.h", "src/maglev/maglev-basic-block.h", "src/maglev/maglev-code-gen-state.h", "src/maglev/maglev-code-gen-state-inl.h", @@ -3744,12 +3844,18 @@ filegroup( "src/maglev/maglev-ir.h", "src/maglev/maglev-ir-inl.h", "src/maglev/maglev-kna-processor.h", + "src/maglev/maglev-node-type.cc", + "src/maglev/maglev-node-type.h", + "src/maglev/maglev-range.h", "src/maglev/maglev-range-analysis.h", + "src/maglev/maglev-range-verification.cc", + "src/maglev/maglev-range-verification.h", "src/maglev/maglev-reducer-inl.h", "src/maglev/maglev-reducer.h", "src/maglev/maglev-register-frame-array.h", "src/maglev/maglev-phi-representation-selector.cc", "src/maglev/maglev-phi-representation-selector.h", + "src/maglev/maglev-tracer.h", "src/maglev/maglev-truncation.cc", "src/maglev/maglev-truncation.h", "src/maglev/maglev-post-hoc-optimizations-processors.h", @@ -3806,6 +3912,7 @@ filegroup( "src/builtins/builtins-string-gen.cc", "src/builtins/builtins-string-gen.h", "src/builtins/builtins-string-tsa.cc", + "src/builtins/builtins-string-tsa-inl.h", "src/builtins/builtins-typed-array-gen.cc", "src/builtins/builtins-typed-array-gen.h", "src/builtins/builtins-utils-gen.h", @@ -4037,24 +4144,20 @@ filegroup( name = "v8_bigint", srcs = [ "src/bigint/bigint.h", + "src/bigint/bigint-inl.h", "src/bigint/bigint-internal.cc", "src/bigint/bigint-internal.h", - "src/bigint/bitwise.cc", - "src/bigint/digit-arithmetic.h", "src/bigint/div-barrett.cc", "src/bigint/div-burnikel.cc", - "src/bigint/div-helpers.cc", - "src/bigint/div-helpers.h", + "src/bigint/div-helpers-inl.h", "src/bigint/div-schoolbook.cc", "src/bigint/fromstring.cc", "src/bigint/mul-fft.cc", "src/bigint/mul-karatsuba.cc", - "src/bigint/mul-schoolbook.cc", "src/bigint/mul-toom.cc", "src/bigint/tostring.cc", "src/bigint/util.h", - "src/bigint/vector-arithmetic.cc", - "src/bigint/vector-arithmetic.h", + "src/bigint/vector-arithmetic-inl.h", ], ) @@ -4394,6 +4497,8 @@ filegroup( "src/d8/d8-platforms.h", "src/d8/d8-posix.cc", "src/d8/d8-test.cc", + "src/d8/hardware-watchpoints.cc", + "src/d8/hardware-watchpoints.h", ], ) diff --git a/deps/v8/BUILD.gn b/deps/v8/BUILD.gn index 6432f7342e26a5..382c7d3ed44eab 100644 --- a/deps/v8/BUILD.gn +++ b/deps/v8/BUILD.gn @@ -4,16 +4,17 @@ import("//build/config/android/config.gni") import("//build/config/arm.gni") +import("//build/config/c++/c++.gni") import("//build/config/coverage/coverage.gni") import("//build/config/dcheck_always_on.gni") import("//build/config/host_byteorder.gni") import("//build/config/mips.gni") import("//build/config/riscv.gni") -import("//build/config/rust.gni") import("//build/config/sanitizers/sanitizers.gni") import("//build_overrides/build.gni") import("//third_party/icu/config.gni") +import("gni/cluster_build.gni") import("gni/snapshot_toolchain.gni") import("gni/v8.gni") @@ -21,6 +22,10 @@ if (is_clang) { import("//build/config/clang/clang.gni") } +if (v8_enable_temporal_support) { + import("//build/config/rust.gni") +} + if (is_ios) { import("//build/config/apple/mobile_config.gni") # For `target_platform`. } @@ -68,6 +73,9 @@ declare_args() { # Sets -DENABLE_DISASSEMBLER. v8_enable_disassembler = "" + # Sets -DV8_ENABLE_REGEXP_DIAGNOSTICS. + v8_enable_regexp_diagnostics = !build_with_chromium + # Sets the number of internal fields on promise objects. v8_promise_internal_field_count = 0 @@ -83,6 +91,9 @@ declare_args() { # Sets -DENABLE_VTUNE_TRACEMARK. v8_enable_vtunetracemark = false + # Sets -DV8_ENABLE_APX_F. + v8_enable_apx_f = false + # Sets -DENABLE_HUGEPAGE v8_enable_hugepage = false @@ -214,6 +225,11 @@ declare_args() { # the `--trace-turbo` .json file from `mksnapshot`. v8_log_builtins_block_count_input = "" + # This build flag is used to enable block positioning in profile-guided + # optimization of builtins based on raw execution counts (as opposed to + # branch hints). + v8_enable_builtins_block_position = false + # This build flag is used to control whether reorder builtins according to # the call graph with C3 algorithm based builtin PGO profiling. v8_enable_builtins_reordering = true @@ -456,8 +472,11 @@ declare_args() { # Use the experimental TSA-based definition for some builtins. v8_enable_experimental_tsa_builtins = false + # Use the experimental TSA backend for Torque. + v8_enable_experimental_tq_to_tsa = false + # Use the encoding of undefined in double values. - v8_enable_undefined_double = false + v8_enable_undefined_double = true v8_dcheck_always_on = dcheck_always_on @@ -481,9 +500,6 @@ declare_args() { # usages. The plugin is not exhaustive but covers most common known pitfalls. use_cppgc_clang_plugin = true - # Deinterleaving load support. - v8_enable_wasm_deinterleaved_mem_ops = false - # Expose F.p.caller and .arguments as own properties. v8_function_arguments_caller_are_own_props = false @@ -492,9 +508,31 @@ declare_args() { # Enable seeded array index hash. v8_enable_seeded_array_index_hash = false + + # add instrumentation for Dumpling differential fuzzing + v8_dumpling = false + + # Enable compilation of riscv32. + v8_riscv_enable_deprecated_riscv32 = false + + # Sets the level of logging detail in V8_Fatal. + # 0: No file and line and message only if args are provided (for official + # release builds). + # 1: Message but no file or line. + # 2: Everything (file, line, message). + v8_logging_level = "" } # Derived defaults. +if (v8_logging_level == "") { + if (v8_enable_verification_features || v8_dcheck_always_on) { + v8_logging_level = 2 + } else if (is_official_build) { + v8_logging_level = 0 + } else { + v8_logging_level = 1 + } +} if (cppgc_enable_verify_heap == "") { cppgc_enable_verify_heap = v8_enable_verification_features || v8_dcheck_always_on @@ -564,7 +602,6 @@ if (v8_multi_arch_build && rebase_path(get_label_info(":d8", "root_out_dir"), root_build_dir) == "clang_x64_fuzzer_experiments") { v8_enable_pointer_compression = !v8_enable_pointer_compression - v8_enable_undefined_double = !v8_enable_undefined_double v8_lower_limits_mode = !v8_lower_limits_mode } @@ -601,16 +638,18 @@ if (v8_enable_external_code_space == "") { v8_enable_pointer_compression && v8_enable_pointer_compression_shared_cage && (v8_current_cpu == "x64" || v8_current_cpu == "arm64" || - v8_current_cpu == "loong64") + v8_current_cpu == "loong64" || v8_current_cpu == "riscv64") } if (v8_enable_sparkplug == "") { v8_enable_sparkplug = !v8_jitless } if (v8_enable_maglev == "") { - v8_enable_maglev = v8_enable_turbofan && - (v8_current_cpu == "arm" || v8_current_cpu == "x64" || - v8_current_cpu == "arm64" || v8_current_cpu == "s390x" || - v8_current_cpu == "ppc64" || v8_current_cpu == "riscv64") + v8_enable_maglev = + v8_enable_turbofan && + (v8_current_cpu == "arm" || v8_current_cpu == "x64" || + v8_current_cpu == "arm64" || v8_current_cpu == "s390x" || + v8_current_cpu == "ppc64" || v8_current_cpu == "riscv64" || + v8_current_cpu == "loong64") } assert(v8_enable_turbofan || !v8_enable_maglev, "Maglev is not available when Turbofan is disabled.") @@ -742,6 +781,10 @@ if (v8_enable_webassembly && v8_current_cpu == "arm64") { v8_enable_wasm_deinterleaved_mem_ops = true } +if (v8_enable_experimental_tq_to_tsa) { + v8_enable_experimental_tsa_builtins = true +} + assert(!v8_disable_write_barriers || v8_enable_single_generation, "Disabling write barriers works only with single generation") @@ -766,9 +809,16 @@ assert(!v8_enable_pointer_compression_8gb || v8_enable_pointer_compression, assert(!v8_enable_sandbox || v8_enable_external_code_space, "The sandbox requires the external code space") +assert(!v8_enable_sandbox || use_safe_libcxx, + "The sandbox requires libc++ hardening") + assert(!v8_enable_memory_corruption_api || v8_enable_sandbox, "The Memory Corruption API requires the sandbox") +assert( + !v8_enable_memory_corruption_api || !is_lsan, + "The Memory Corruption API cannot be enabled together with LSan as both attach to the d8 process via ptrace") + assert(!v8_enable_sandbox_hardware_support || v8_enable_sandbox, "The sandbox must be enabled to enable sandbox hardware support") @@ -981,6 +1031,8 @@ external_v8_defines = [ "V8_DEPRECATION_WARNINGS", "V8_IMMINENT_DEPRECATION_WARNINGS", "V8_USE_PERFETTO", + "V8_USE_PERFETTO_JSON_EXPORT", + "V8_USE_PERFETTO_SDK", "V8_MAP_PACKING", "V8_IS_TSAN", "V8_ENABLE_DIRECT_HANDLE", @@ -993,6 +1045,10 @@ external_v8_defines = [ "V8_TARGET_OS_MACOS", "V8_TARGET_OS_WIN", "V8_TARGET_OS_CHROMEOS", + "V8_TARGET_ARCH_ARM64", + "V8_TARGET_ARCH_PPC64", + "V8_TARGET_ARCH_MIPS64", + "V8_TARGET_ARCH_LOONG64", ] enabled_external_v8_defines = [ @@ -1029,6 +1085,12 @@ if (v8_imminent_deprecation_warnings) { if (v8_use_perfetto) { enabled_external_v8_defines += [ "V8_USE_PERFETTO" ] } +if (v8_use_perfetto_json_export) { + enabled_external_v8_defines += [ "V8_USE_PERFETTO_JSON_EXPORT" ] +} +if (v8_use_perfetto_sdk) { + enabled_external_v8_defines += [ "V8_USE_PERFETTO_SDK" ] +} if (v8_enable_map_packing) { enabled_external_v8_defines += [ "V8_MAP_PACKING" ] } @@ -1069,6 +1131,22 @@ if (target_os == "android") { enabled_external_v8_defines += [ "V8_TARGET_OS_CHROMEOS" ] } +# Some V8_TARGET_ARCH_ defines that affect Api constants (see usages of +# V8_TARGET_ARCH_* in v8-internal.h). +# The target architecture may differ from host one e.g. in mksnapshot or in +# msan builds. +# TODO(ishell): support all target archs and add V8_HAVE_TARGET_ARCH similar +# to V8_TARGET_OS_* and V8_HAVE_TARGET_OS defines. +if (v8_current_cpu == "arm64") { + enabled_external_v8_defines += [ "V8_TARGET_ARCH_ARM64" ] +} else if (v8_current_cpu == "ppc64") { + enabled_external_v8_defines += [ "V8_TARGET_ARCH_PPC64" ] +} else if (v8_current_cpu == "mips64el") { + enabled_external_v8_defines += [ "V8_TARGET_ARCH_MIPS64" ] +} else if (v8_current_cpu == "loong64") { + enabled_external_v8_defines += [ "V8_TARGET_ARCH_LOONG64" ] +} + disabled_external_v8_defines = external_v8_defines - enabled_external_v8_defines # Put defines that are used in public headers here; public headers are @@ -1156,8 +1234,10 @@ config("features") { # Only targets in this file and its subdirs can depend on this. visibility = [ "./*" ] - defines = - [ "V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=${v8_typed_array_max_size_in_heap}" ] + defines = [ + "V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=${v8_typed_array_max_size_in_heap}", + "V8_LOGGING_LEVEL=${v8_logging_level}", + ] configs = [ ":v8_header_features", @@ -1179,8 +1259,7 @@ config("features") { if (v8_enable_pointer_compression) { if (v8_enable_pointer_compression_shared_cage) { defines += [ - # TODO(442942399): Re-enable after bug has been addressed. - # "V8_CONTIGUOUS_COMPRESSED_RO_SPACE", + "V8_CONTIGUOUS_COMPRESSED_RO_SPACE", "V8_CONTIGUOUS_COMPRESSED_RO_SPACE_SIZE_MB=${v8_contiguous_compressed_ro_space_size_mb}", ] } else { @@ -1197,12 +1276,18 @@ config("features") { if (v8_log_builtins_block_count_input != "") { defines += [ "LOG_BUILTIN_BLOCK_COUNT" ] } + if (v8_enable_builtins_block_position) { + defines += [ "BUILTIN_BLOCK_POSITION" ] + } if (v8_enable_future) { defines += [ "V8_ENABLE_FUTURE" ] } if (v8_enable_lite_mode) { defines += [ "V8_LITE_MODE" ] } + if (v8_use_host_cpu_arm_features) { + defines += [ "V8_USE_HOST_CPU_ARM_FEATURES" ] + } if (v8_enable_seeded_array_index_hash) { defines += [ "V8_ENABLE_SEEDED_ARRAY_INDEX_HASH" ] } @@ -1215,6 +1300,9 @@ config("features") { if (v8_enable_vtunetracemark) { defines += [ "ENABLE_VTUNE_TRACEMARK" ] } + if (v8_enable_apx_f) { + defines += [ "V8_ENABLE_APX_F" ] + } if (v8_enable_hugepage) { defines += [ "ENABLE_HUGEPAGE" ] } @@ -1245,6 +1333,9 @@ config("features") { if (v8_enable_trace_feedback_updates) { defines += [ "V8_TRACE_FEEDBACK_UPDATES" ] } + if (v8_enable_regexp_diagnostics) { + defines += [ "V8_ENABLE_REGEXP_DIAGNOSTICS" ] + } if (v8_enable_test_features) { defines += [ "V8_ENABLE_ALLOCATION_TIMEOUT" ] defines += [ "V8_ENABLE_FORCE_SLOW_PATH" ] @@ -1332,6 +1423,15 @@ config("features") { if (v8_fuzzilli) { defines += [ "V8_FUZZILLI" ] } + if (use_chromium_fuzzilli) { + defines += [ "USE_CHROMIUM_FUZZILLI" ] + } + if (v8_dumpling) { + defines += [ "V8_DUMPLING" ] + } + if (v8_riscv_enable_deprecated_riscv32) { + defines += [ "V8_RISCV_ENABLE_DEPRECATED_RISCV32" ] + } if (v8_enable_fuzztest) { defines += [ "V8_ENABLE_FUZZTEST" ] } @@ -1435,9 +1535,6 @@ config("features") { if (v8_enable_wasm_simd256_revec) { defines += [ "V8_ENABLE_WASM_SIMD256_REVEC" ] } - if (v8_enable_wasm_deinterleaved_mem_ops) { - defines += [ "V8_ENABLE_WASM_DEINTERLEAVED_MEM_OPS" ] - } if (v8_enable_maglev_graph_printer) { defines += [ "V8_ENABLE_MAGLEV_GRAPH_PRINTER" ] } @@ -1462,10 +1559,12 @@ config("features") { if (v8_enable_experimental_tsa_builtins) { defines += [ "V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS" ] } + if (v8_enable_experimental_tq_to_tsa) { + defines += [ "V8_ENABLE_EXPERIMENTAL_TQ_TO_TSA" ] + } if (v8_enable_undefined_double) { defines += [ "V8_ENABLE_UNDEFINED_DOUBLE" ] } - defines += [ "V8_ENABLE_LEAPTIERING" ] if (v8_enable_partition_alloc) { defines += [ "V8_ENABLE_PARTITION_ALLOC" ] } @@ -1492,24 +1591,16 @@ config("toolchain") { ldflags = [] if (v8_current_cpu == "arm") { - defines += [ "V8_TARGET_ARCH_ARM" ] - if (arm_version >= 7) { - defines += [ "CAN_USE_ARMV7_INSTRUCTIONS" ] - } - if (arm_fpu == "vfpv3-d16") { - defines += [ "CAN_USE_VFP3_INSTRUCTIONS" ] - } else if (arm_fpu == "vfpv3") { - defines += [ - "CAN_USE_VFP3_INSTRUCTIONS", - "CAN_USE_VFP32DREGS", - ] - } else if (arm_fpu == "neon") { - defines += [ - "CAN_USE_VFP3_INSTRUCTIONS", - "CAN_USE_VFP32DREGS", - "CAN_USE_NEON", - ] - } + defines += [ + "V8_TARGET_ARCH_ARM", + + # TODO(arm): Now that we always require v7+ and neon, we can simplify the + # code and then stop defining these. + "CAN_USE_ARMV7_INSTRUCTIONS", + "CAN_USE_VFP3_INSTRUCTIONS", + "CAN_USE_VFP32DREGS", + "CAN_USE_NEON", + ] # TODO(infra): Add support for arm_test_noprobe. @@ -1576,14 +1667,14 @@ config("toolchain") { defines += [ "V8_TARGET_ARCH_S390X" ] if (host_byteorder == "little") { defines += [ "V8_TARGET_ARCH_S390X_LE_SIM" ] - } else if (current_os != "zos") { - cflags += [ "-march=z196" ] + } else if (!v8_target_is_simulator && current_os != "zos") { + cflags += [ "-march=z14" ] } } if (v8_current_cpu == "ppc64") { defines += [ "V8_TARGET_ARCH_PPC64" ] cflags += [ "-ffp-contract=off" ] - if (current_os == "aix") { + if (current_os == "aix" && !is_clang) { cflags += [ # Work around AIX ceil, trunc and round oddities. "-mcpu=power5+", @@ -1592,18 +1683,26 @@ config("toolchain") { # Work around AIX assembler popcntb bug. "-mno-popcntb", ] + } else if (!v8_target_is_simulator) { + cflags += [ "-mcpu=pwr9" ] } } - # Under simulator build, compiler will not provide __riscv_xlen. Define here if (v8_current_cpu == "riscv64" || v8_current_cpu == "riscv32") { if (v8_target_is_simulator) { - defines += [ "_RISCV_TARGET_SIMULATOR" ] + defines += [ "RISCV_TARGET_SIMULATOR" ] } if (riscv_use_rvv || v8_target_is_simulator) { defines += [ "CAN_USE_RVV_INSTRUCTIONS" ] defines += [ "RVV_VLEN=${riscv_rvv_vlen}" ] } + + if (riscv_use_zicfiss) { + defines += [ "V8_ENABLE_RISCV_SHADOW_STACK" ] + } + if (riscv_use_zicond) { + defines += [ "__riscv_zicond" ] + } if (riscv_use_zba) { defines += [ "__riscv_zba" ] } @@ -1613,10 +1712,19 @@ config("toolchain") { if (riscv_use_zbs) { defines += [ "__riscv_zbs" ] } + defines += [ "RISCV_CODE_ALIGNMENT=${riscv_code_alignment}" ] + defines += + [ "RISCV_CONSTANT_POOL_ALIGNMENT=${riscv_constant_pool_alignment}" ] } + if (v8_current_cpu == "riscv64") { defines += [ "V8_TARGET_ARCH_RISCV64" ] - defines += [ "__riscv_xlen=64" ] + + # When building the simulator, the compiler does not provide __riscv_xlen, + # so we explicitly define it here. + if (v8_target_is_simulator) { + defines += [ "__riscv_xlen=64" ] + } if (!is_clang) { cflags += [ "-ffp-contract=off" ] } @@ -1627,7 +1735,12 @@ config("toolchain") { if (v8_current_cpu == "riscv32") { defines += [ "V8_TARGET_ARCH_RISCV32" ] - defines += [ "__riscv_xlen=32" ] + + # When building the simulator, the compiler does not provide __riscv_xlen, + # so we explicitly define it here. + if (v8_target_is_simulator) { + defines += [ "__riscv_xlen=32" ] + } } if (v8_current_cpu == "x86") { @@ -1683,6 +1796,9 @@ config("toolchain") { if (is_clang) { cflags += [ "-Wunreachable-code" ] + if (v8_current_cpu != "ppc64" && v8_current_cpu != "s390x") { + cflags += [ "-Wlifetime-safety-permissive" ] + } if ((v8_current_cpu != "x64" && v8_current_cpu != "ia32") || target_os == "chromeos") { @@ -1782,10 +1898,10 @@ config("strict_warnings") { v8_current_cpu == "mips64el" || v8_current_cpu == "riscv64") { cflags += [ "-Wshorten-64-to-32" ] } - cflags += [ - "-Wmissing-field-initializers", - "-Wunnecessary-virtual-specifier", - ] + cflags += [ "-Wmissing-field-initializers" ] + if (v8_current_cpu != "ppc64" && v8_current_cpu != "s390x") { + cflags += [ "-Wunnecessary-virtual-specifier" ] + } } } @@ -1803,32 +1919,6 @@ config("always_turbofanimize") { } } -# Sanitizer defines. V8 will inherit a default `-fsanitize=array-bounds` -# from Chromium's `//build/config/`, which prevents clean usage of -# `__has_feature(undefined_behavior_sanitizer)` in the short term, -# until something like `--lie-about-ubsan-enablement=array-bounds` -# can be implemented. -# -# This config provides a clear signal of "are we sanitizing" tied to -# GN configuration. -# -# See also: https://crbug.com/386992829 -config("sanitizer_defines") { - defines = [] - if (is_asan) { - defines += [ "V8_USE_ADDRESS_SANITIZER" ] - } - if (is_hwasan) { - defines += [ "V8_USE_HWADDRESS_SANITIZER" ] - } - if (is_msan) { - defines += [ "V8_USE_MEMORY_SANITIZER" ] - } - if (is_ubsan) { - defines += [ "V8_USE_UNDEFINED_BEHAVIOR_SANITIZER" ] - } -} - ############################################################################### # Actions # @@ -2232,6 +2322,75 @@ if (v8_enable_webassembly) { ] } +if (v8_enable_experimental_tq_to_tsa) { + template("run_torque_to_tsa") { + if (target_name == "") { + suffix = "" + } else { + suffix = "_$target_name" + } + + toolchain = invoker.toolchain + + action("run_torque_to_tsa" + suffix) { + visibility = [ + ":*", + "test/cctest/:*", + "tools/debug_helper/:*", + "tools/gcmole/:*", + ] + + deps = [ ":torque($toolchain)" ] + + if (is_msan) { + configs = [ + "//third_party/instrumented_libs:msan_runtime_libs($host_toolchain)", + ] + deps += [ "//third_party/instrumented_libs:ld-linux($host_toolchain)" ] + } + + script = "tools/run.py" + + sources = torque_files + + destination_folder = "$target_gen_dir/torque-generated$suffix" + + outputs = [] + + foreach(file, torque_files) { + filetq = string_replace(file, ".tq", "-tq") + outputs += [ + "$destination_folder/$filetq-tsa.cc", + "$destination_folder/$filetq-tsa.h", + ] + } + + args = [ + "./" + rebase_path(get_label_info(":torque($toolchain)", + "root_out_dir") + "/torque", + root_build_dir), + "-o", + rebase_path("$destination_folder", root_build_dir), + "-v8-root", + rebase_path(".", root_build_dir), + "-output-tsa", + ] + if (v8_annotate_torque_ir) { + args += [ "-annotate-ir" ] + } + if (defined(invoker.args)) { + args += invoker.args + } + args += torque_files + } + } + + # Default run_torque_to_tsa action + run_torque_to_tsa("") { + toolchain = v8_generator_toolchain + } +} + # Template for running torque # When building with v8_verify_torque_generation_invariance=true we need # to be able to run torque for both 32 and 64 bits in the same build @@ -2386,9 +2545,28 @@ v8_header_set("torque_runtime_support") { configs = [ ":internal_config" ] } -v8_source_set("torque_generated_initializers") { +# Build lists of torque-generated .cc and .h files for clustering +torque_csa_cc_files = [] +torque_csa_h_files = [] +torque_tsa_cc_files = [] +torque_tsa_h_files = [] +foreach(file, torque_files) { + filetq = string_replace(file, ".tq", "-tq") + torque_csa_cc_files += [ "$target_gen_dir/torque-generated/$filetq-csa.cc" ] + torque_csa_h_files += [ "$target_gen_dir/torque-generated/$filetq-csa.h" ] + if (v8_enable_experimental_tq_to_tsa) { + torque_tsa_cc_files += [ "$target_gen_dir/torque-generated/$filetq-tsa.cc" ] + torque_tsa_h_files += [ "$target_gen_dir/torque-generated/$filetq-tsa.h" ] + } +} + +v8_cluster_source_set("torque_generated_initializers") { visibility = [ ":*" ] # Only targets in this file can depend on this. + cluster_prefix = "torque-csa" + cluster_output_dir = "$target_gen_dir/torque-generated" + generated_sources = true + deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -2396,6 +2574,9 @@ v8_source_set("torque_generated_initializers") { ":v8_maybe_temporal", ":v8_tracing", ] + if (v8_enable_experimental_tq_to_tsa) { + deps += [ ":run_torque_to_tsa" ] + } public_deps = [ ":torque_runtime_support", @@ -2403,18 +2584,21 @@ v8_source_set("torque_generated_initializers") { ":v8_maybe_icu", ] - sources = [ - "$target_gen_dir/torque-generated/csa-types.h", - "$target_gen_dir/torque-generated/enum-verifiers.cc", - "$target_gen_dir/torque-generated/exported-macros-assembler.cc", - "$target_gen_dir/torque-generated/exported-macros-assembler.h", - ] - foreach(file, torque_files) { - filetq = string_replace(file, ".tq", "-tq") - sources += [ - "$target_gen_dir/torque-generated/$filetq-csa.cc", - "$target_gen_dir/torque-generated/$filetq-csa.h", - ] + sources = torque_csa_cc_files + [ + "$target_gen_dir/torque-generated/csa-types.h", + "$target_gen_dir/torque-generated/enum-verifiers.cc", + "$target_gen_dir/torque-generated/exported-macros-assembler.cc", + "$target_gen_dir/torque-generated/exported-macros-assembler.h", + ] + + # Add headers (always included) + sources += torque_csa_h_files + if (v8_enable_experimental_tq_to_tsa) { + sources += torque_tsa_h_files + + # TSA cc files are not clustered yet + sources += torque_tsa_cc_files + exclude_from_cluster = torque_tsa_cc_files } configs = [ ":internal_config" ] @@ -2432,9 +2616,25 @@ v8_source_set("torque_generated_initializers") { } } -v8_source_set("torque_generated_definitions") { +# Build lists of torque-generated definition files for clustering +torque_def_cc_files = [] +torque_def_inc_files = [] +foreach(file, torque_files) { + filetq = string_replace(file, ".tq", "-tq") + torque_def_cc_files += [ "$target_gen_dir/torque-generated/$filetq.cc" ] + torque_def_inc_files += [ + "$target_gen_dir/torque-generated/$filetq-inl.inc", + "$target_gen_dir/torque-generated/$filetq.inc", + ] +} + +v8_cluster_source_set("torque_generated_definitions") { visibility = [ ":*" ] # Only targets in this file can depend on this. + cluster_prefix = "torque-def" + cluster_output_dir = "$target_gen_dir/torque-generated" + generated_sources = true + deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -2443,27 +2643,25 @@ v8_source_set("torque_generated_definitions") { ":v8_maybe_temporal", ":v8_tracing", ] + if (v8_enable_experimental_tq_to_tsa) { + deps += [ ":run_torque_to_tsa" ] + } public_deps = [ ":v8_abseil", ":v8_maybe_icu", ] - sources = [ - "$target_gen_dir/torque-generated/class-forward-declarations.h", - "$target_gen_dir/torque-generated/class-verifiers.cc", - "$target_gen_dir/torque-generated/class-verifiers.h", - "$target_gen_dir/torque-generated/factory.cc", - "$target_gen_dir/torque-generated/objects-printer.cc", - ] - foreach(file, torque_files) { - filetq = string_replace(file, ".tq", "-tq") - sources += [ - "$target_gen_dir/torque-generated/$filetq-inl.inc", - "$target_gen_dir/torque-generated/$filetq.cc", - "$target_gen_dir/torque-generated/$filetq.inc", - ] - } + sources = torque_def_cc_files + [ + "$target_gen_dir/torque-generated/class-forward-declarations.h", + "$target_gen_dir/torque-generated/class-verifiers.cc", + "$target_gen_dir/torque-generated/class-verifiers.h", + "$target_gen_dir/torque-generated/factory.cc", + "$target_gen_dir/torque-generated/objects-printer.cc", + ] + + # Add .inc files (always included, not compiled directly) + sources += torque_def_inc_files configs = [ ":internal_config" ] } @@ -2560,7 +2758,7 @@ template("run_mksnapshot") { "root_out_dir") + "/mksnapshot", root_build_dir), "--turbo_instruction_scheduling", - "--stress-turbo-late-spilling", + "--turbo-always-optimize-spills", # In cross builds, the snapshot may be generated for both the host and # target toolchains. The same host binary is used to generate both, so @@ -2888,6 +3086,7 @@ action("v8_dump_build_config") { "dict_property_const_tracking=$v8_dict_property_const_tracking", "direct_handle=$v8_enable_direct_handle", "disassembler=$v8_enable_disassembler", + "dumpling=$v8_dumpling", "full_debug=$is_full_debug", "gdbjit=$v8_enable_gdbjit", "has_jitless=$v8_jitless", @@ -3030,7 +3229,7 @@ v8_source_set("v8_snapshot") { } } -v8_source_set("v8_initializers") { +v8_cluster_source_set("v8_initializers") { visibility = [ ":*", "test/cctest:*", @@ -3090,6 +3289,7 @@ v8_source_set("v8_initializers") { "src/builtins/builtins-sharedarraybuffer-gen.cc", "src/builtins/builtins-string-gen.cc", "src/builtins/builtins-string-gen.h", + "src/builtins/builtins-string-tsa-inl.h", "src/builtins/builtins-string-tsa.cc", "src/builtins/builtins-typed-array-gen.cc", "src/builtins/builtins-typed-array-gen.h", @@ -3146,6 +3346,9 @@ v8_source_set("v8_initializers") { } else if (v8_current_cpu == "arm64") { sources += [ "src/wasm/interpreter/arm64/interpreter-builtins-arm64.cc" ] + } else if (v8_current_cpu == "riscv64") { + sources += + [ "src/wasm/interpreter/riscv/interpreter-builtins-riscv.cc" ] } } } @@ -3463,6 +3666,9 @@ v8_header_set("v8_internal_headers") { "src/builtins/builtins-descriptors.h", "src/builtins/builtins-effects-analyzer.h", "src/builtins/builtins-inl.h", + "src/builtins/builtins-iterator-inl.h", + "src/builtins/builtins-iterator.h", + "src/builtins/builtins-math-xsum.h", "src/builtins/builtins-promise.h", "src/builtins/builtins-utils-inl.h", "src/builtins/builtins-utils.h", @@ -3470,6 +3676,7 @@ v8_header_set("v8_internal_headers") { "src/builtins/constants-table-builder.h", "src/builtins/data-view-ops.h", "src/builtins/profile-data-reader.h", + "src/builtins/superspread.h", "src/codegen/aligned-slot-allocator.h", "src/codegen/assembler-arch.h", "src/codegen/assembler-inl.h", @@ -3561,7 +3768,7 @@ v8_header_set("v8_internal_headers") { "src/compiler/backend/register-allocator.h", "src/compiler/backend/spill-placer.h", "src/compiler/backend/unwinding-info-writer.h", - "src/compiler/basic-block-instrumentor.h", + "src/compiler/basic-block-call-graph-profiler.h", "src/compiler/branch-elimination.h", "src/compiler/bytecode-analysis.h", "src/compiler/bytecode-graph-builder.h", @@ -3635,7 +3842,6 @@ v8_header_set("v8_internal_headers") { "src/compiler/operator-properties.h", "src/compiler/operator.h", "src/compiler/osr.h", - "src/compiler/pair-load-store-reducer.h", "src/compiler/per-isolate-compiler-cache.h", "src/compiler/persistent-map.h", "src/compiler/phase.h", @@ -3704,7 +3910,9 @@ v8_header_set("v8_internal_headers") { "src/compiler/turboshaft/late-escape-analysis-reducer.h", "src/compiler/turboshaft/late-load-elimination-reducer.h", "src/compiler/turboshaft/layered-hash-map.h", + "src/compiler/turboshaft/load-elimination-phase.h", "src/compiler/turboshaft/load-store-simplification-reducer.h", + "src/compiler/turboshaft/load-store-verification-reducer.h", "src/compiler/turboshaft/loop-finder.h", "src/compiler/turboshaft/loop-peeling-phase.h", "src/compiler/turboshaft/loop-peeling-reducer.h", @@ -3713,11 +3921,12 @@ v8_header_set("v8_internal_headers") { "src/compiler/turboshaft/machine-lowering-phase.h", "src/compiler/turboshaft/machine-lowering-reducer-inl.h", "src/compiler/turboshaft/machine-optimization-reducer.h", + "src/compiler/turboshaft/maglev-assert-types-reducer.h", + "src/compiler/turboshaft/memory-optimization-phase.h", "src/compiler/turboshaft/memory-optimization-reducer.h", "src/compiler/turboshaft/operation-matcher.h", "src/compiler/turboshaft/operations.h", "src/compiler/turboshaft/opmasks.h", - "src/compiler/turboshaft/optimize-phase.h", "src/compiler/turboshaft/phase.h", "src/compiler/turboshaft/pipelines.h", "src/compiler/turboshaft/pretenuring-propagation-reducer.h", @@ -3733,7 +3942,6 @@ v8_header_set("v8_internal_headers") { "src/compiler/turboshaft/snapshot-table-opindex.h", "src/compiler/turboshaft/snapshot-table.h", "src/compiler/turboshaft/stack-check-lowering-reducer.h", - "src/compiler/turboshaft/store-store-elimination-phase.h", "src/compiler/turboshaft/store-store-elimination-reducer-inl.h", "src/compiler/turboshaft/string-escape-analysis-reducer.h", "src/compiler/turboshaft/string-view.h", @@ -3810,6 +4018,7 @@ v8_header_set("v8_internal_headers") { "src/execution/frames.h", "src/execution/futex-emulation.h", "src/execution/interrupts-scope.h", + "src/execution/isolate-data-fields.h", "src/execution/isolate-data.h", "src/execution/isolate-inl.h", "src/execution/isolate-utils-inl.h", @@ -3855,6 +4064,8 @@ v8_header_set("v8_internal_headers") { "src/heap/allocation-result.h", "src/heap/allocation-stats.h", "src/heap/array-buffer-sweeper.h", + "src/heap/base-page-inl.h", + "src/heap/base-page.h", "src/heap/base-space.h", "src/heap/code-range.h", "src/heap/code-stats.h", @@ -3905,8 +4116,8 @@ v8_header_set("v8_internal_headers") { "src/heap/incremental-marking-job.h", "src/heap/incremental-marking.h", "src/heap/index-generator.h", - "src/heap/large-page-metadata-inl.h", - "src/heap/large-page-metadata.h", + "src/heap/large-page-inl.h", + "src/heap/large-page.h", "src/heap/large-spaces.h", "src/heap/linear-allocation-area.h", "src/heap/list.h", @@ -3937,8 +4148,6 @@ v8_header_set("v8_internal_headers") { "src/heap/memory-chunk-constants.h", "src/heap/memory-chunk-inl.h", "src/heap/memory-chunk-layout.h", - "src/heap/memory-chunk-metadata-inl.h", - "src/heap/memory-chunk-metadata.h", "src/heap/memory-chunk.h", "src/heap/memory-measurement-inl.h", "src/heap/memory-measurement.h", @@ -3947,14 +4156,15 @@ v8_header_set("v8_internal_headers") { "src/heap/minor-gc-job.h", "src/heap/minor-mark-sweep-inl.h", "src/heap/minor-mark-sweep.h", - "src/heap/mutable-page-metadata-inl.h", - "src/heap/mutable-page-metadata.h", + "src/heap/mutable-page-inl.h", + "src/heap/mutable-page.h", "src/heap/new-spaces-inl.h", "src/heap/new-spaces.h", + "src/heap/normal-page-inl.h", + "src/heap/normal-page.h", "src/heap/object-lock-inl.h", "src/heap/object-lock.h", "src/heap/object-stats.h", - "src/heap/page-metadata.h", "src/heap/paged-spaces-inl.h", "src/heap/paged-spaces.h", "src/heap/parallel-work-item.h", @@ -4121,6 +4331,8 @@ v8_header_set("v8_internal_headers") { "src/objects/js-collection-iterator-inl.h", "src/objects/js-collection-iterator.h", "src/objects/js-collection.h", + "src/objects/js-data-object-builder-inl.h", + "src/objects/js-data-object-builder.h", "src/objects/js-disposable-stack-inl.h", "src/objects/js-disposable-stack.h", "src/objects/js-function-inl.h", @@ -4256,6 +4468,8 @@ v8_header_set("v8_internal_headers") { "src/objects/transitions.h", "src/objects/trusted-object-inl.h", "src/objects/trusted-object.h", + "src/objects/trusted-pointer-inl.h", + "src/objects/trusted-pointer.h", "src/objects/turbofan-types-inl.h", "src/objects/turbofan-types.h", "src/objects/turboshaft-types-inl.h", @@ -4292,7 +4506,6 @@ v8_header_set("v8_internal_headers") { "src/profiler/cpu-profiler.h", "src/profiler/heap-profiler.h", "src/profiler/heap-snapshot-common.h", - "src/profiler/heap-snapshot-generator-inl.h", "src/profiler/heap-snapshot-generator.h", "src/profiler/output-stream-writer.h", "src/profiler/profile-generator-inl.h", @@ -4310,6 +4523,7 @@ v8_header_set("v8_internal_headers") { "src/regexp/experimental/experimental-interpreter.h", "src/regexp/experimental/experimental.h", "src/regexp/regexp-ast.h", + "src/regexp/regexp-bytecode-analysis.h", "src/regexp/regexp-bytecode-generator-inl.h", "src/regexp/regexp-bytecode-generator.h", "src/regexp/regexp-bytecode-iterator-inl.h", @@ -4319,12 +4533,10 @@ v8_header_set("v8_internal_headers") { "src/regexp/regexp-bytecodes.h", "src/regexp/regexp-code-generator.h", "src/regexp/regexp-compiler.h", - "src/regexp/regexp-dotprinter.h", "src/regexp/regexp-error.h", "src/regexp/regexp-flags.h", "src/regexp/regexp-interpreter.h", "src/regexp/regexp-macro-assembler-arch.h", - "src/regexp/regexp-macro-assembler-tracer.h", "src/regexp/regexp-macro-assembler.h", "src/regexp/regexp-nodes.h", "src/regexp/regexp-parser.h", @@ -4344,6 +4556,7 @@ v8_header_set("v8_internal_headers") { "src/runtime/runtime.h", "src/sandbox/bounded-size-inl.h", "src/sandbox/bounded-size.h", + "src/sandbox/bytecode-verifier.h", "src/sandbox/check.h", "src/sandbox/code-entrypoint-tag.h", "src/sandbox/code-pointer-inl.h", @@ -4363,6 +4576,7 @@ v8_header_set("v8_internal_headers") { "src/sandbox/external-pointer-table-inl.h", "src/sandbox/external-pointer-table.h", "src/sandbox/external-pointer.h", + "src/sandbox/external-strings-cage.h", "src/sandbox/hardware-support.h", "src/sandbox/indirect-pointer-inl.h", "src/sandbox/indirect-pointer-tag.h", @@ -4373,6 +4587,7 @@ v8_header_set("v8_internal_headers") { "src/sandbox/js-dispatch-table.h", "src/sandbox/sandbox-malloc.h", "src/sandbox/sandbox.h", + "src/sandbox/sandboxable-thread.h", "src/sandbox/sandboxed-pointer-inl.h", "src/sandbox/sandboxed-pointer.h", "src/sandbox/tagged-payload.h", @@ -4407,6 +4622,7 @@ v8_header_set("v8_internal_headers") { "src/snapshot/startup-serializer.h", "src/strings/char-predicates-inl.h", "src/strings/char-predicates.h", + "src/strings/owning-external-string-resource.h", "src/strings/string-builder-inl.h", "src/strings/string-builder.h", "src/strings/string-case.h", @@ -4468,6 +4684,17 @@ v8_header_set("v8_internal_headers") { sources += [ "src/snapshot/snapshot-compression.h" ] } + if (v8_enable_regexp_diagnostics) { + sources += [ + "src/regexp/regexp-ast-printer.h", + "src/regexp/regexp-dotprinter.h", + "src/regexp/regexp-graph-printer.h", + "src/regexp/regexp-macro-assembler-tracer.h", + "src/regexp/regexp-node-printer.h", + "src/regexp/regexp-printer.h", + ] + } + if (v8_enable_temporal_support) { sources += [ "src/objects/js-temporal-objects-inl.h", @@ -4482,6 +4709,7 @@ v8_header_set("v8_internal_headers") { "src/tracing/code-data-source.h", "src/tracing/code-trace-context.h", "src/tracing/perfetto-logger.h", + "src/tracing/perfetto-sdk.h", "src/tracing/perfetto-utils.h", ] } @@ -4497,6 +4725,7 @@ v8_header_set("v8_internal_headers") { if (v8_enable_maglev) { sources += [ + "src/maglev/hamt.h", "src/maglev/maglev-assembler-inl.h", "src/maglev/maglev-assembler.h", "src/maglev/maglev-basic-block.h", @@ -4521,15 +4750,21 @@ v8_header_set("v8_internal_headers") { "src/maglev/maglev-ir.h", "src/maglev/maglev-kna-processor.h", "src/maglev/maglev-known-node-aspects.h", + "src/maglev/maglev-map-inference.h", + "src/maglev/maglev-node-type.h", "src/maglev/maglev-phi-representation-selector.h", "src/maglev/maglev-pipeline-statistics.h", "src/maglev/maglev-post-hoc-optimizations-processors.h", "src/maglev/maglev-pre-regalloc-codegen-processors.h", + "src/maglev/maglev-range-analysis.h", + "src/maglev/maglev-range-verification.h", + "src/maglev/maglev-range.h", "src/maglev/maglev-reducer-inl.h", "src/maglev/maglev-reducer.h", "src/maglev/maglev-regalloc-data.h", "src/maglev/maglev-regalloc.h", "src/maglev/maglev-register-frame-array.h", + "src/maglev/maglev-tracer.h", "src/maglev/maglev-truncation.h", "src/maglev/maglev.h", ] @@ -4545,6 +4780,8 @@ v8_header_set("v8_internal_headers") { sources += [ "src/maglev/s390/maglev-assembler-s390-inl.h" ] } else if (v8_current_cpu == "ppc64") { sources += [ "src/maglev/ppc/maglev-assembler-ppc-inl.h" ] + } else if (v8_current_cpu == "loong64") { + sources += [ "src/maglev/loong64/maglev-assembler-loong64-inl.h" ] } } @@ -4601,10 +4838,11 @@ v8_header_set("v8_internal_headers") { "src/wasm/code-space-access.h", "src/wasm/compilation-environment-inl.h", "src/wasm/compilation-environment.h", + "src/wasm/compilation-hints-generation.h", "src/wasm/constant-expression-interface.h", "src/wasm/constant-expression.h", "src/wasm/decoder.h", - "src/wasm/float16.h", + "src/wasm/effect-handler.h", "src/wasm/function-body-decoder-impl.h", "src/wasm/function-body-decoder.h", "src/wasm/function-compiler.h", @@ -4641,6 +4879,7 @@ v8_header_set("v8_internal_headers") { "src/wasm/wasm-deopt-data.h", "src/wasm/wasm-disassembler-impl.h", "src/wasm/wasm-disassembler.h", + "src/wasm/wasm-engine-globals.h", "src/wasm/wasm-engine.h", "src/wasm/wasm-export-wrapper-cache.h", "src/wasm/wasm-external-refs.h", @@ -4659,10 +4898,13 @@ v8_header_set("v8_internal_headers") { "src/wasm/wasm-opcodes.h", "src/wasm/wasm-result.h", "src/wasm/wasm-serialization.h", + "src/wasm/wasm-stack-wrapper-cache.h", "src/wasm/wasm-subtyping.h", "src/wasm/wasm-tier.h", "src/wasm/wasm-tracing.h", "src/wasm/wasm-value.h", + "src/wasm/wasm-wrapper-cache-inl.h", + "src/wasm/wasm-wrapper-cache.h", "src/wasm/well-known-imports.h", "src/wasm/wrappers-inl.h", "src/wasm/wrappers.h", @@ -4691,6 +4933,10 @@ v8_header_set("v8_internal_headers") { ] } + if (v8_enable_builtins_block_position) { + sources += [ "src/compiler/backend/block-position.h" ] + } + if (v8_enable_i18n_support) { sources += [ "src/objects/intl-objects.h", @@ -5034,6 +5280,11 @@ v8_header_set("v8_internal_headers") { "src/baseline/riscv/baseline-compiler-riscv-inl.h", ] } + + if (riscv_use_zicfiss) { + sources += [ "src/execution/riscv/shadow-stack-riscv.h" ] + } + if (v8_enable_webassembly) { # Trap handling is enabled on riscv64 Linux and in simulators on # x64 on Linux. @@ -5124,6 +5375,9 @@ v8_header_set("v8_internal_headers") { ":v8_maybe_temporal", "//third_party/simdutf", ] + if (v8_enable_experimental_tq_to_tsa) { + deps += [ ":run_torque_to_tsa" ] + } } v8_compiler_sources = [ @@ -5144,7 +5398,7 @@ v8_compiler_sources = [ "src/compiler/backend/register-allocator-verifier.cc", "src/compiler/backend/register-allocator.cc", "src/compiler/backend/spill-placer.cc", - "src/compiler/basic-block-instrumentor.cc", + "src/compiler/basic-block-call-graph-profiler.cc", "src/compiler/branch-elimination.cc", "src/compiler/bytecode-analysis.cc", "src/compiler/bytecode-graph-builder.cc", @@ -5209,7 +5463,6 @@ v8_compiler_sources = [ "src/compiler/operator-properties.cc", "src/compiler/operator.cc", "src/compiler/osr.cc", - "src/compiler/pair-load-store-reducer.cc", "src/compiler/pipeline-statistics.cc", "src/compiler/pipeline.cc", "src/compiler/property-access-builder.cc", @@ -5253,21 +5506,21 @@ v8_compiler_sources = [ "src/compiler/turboshaft/instruction-selection-phase.cc", "src/compiler/turboshaft/late-escape-analysis-reducer.cc", "src/compiler/turboshaft/late-load-elimination-reducer.cc", + "src/compiler/turboshaft/load-elimination-phase.cc", "src/compiler/turboshaft/loop-finder.cc", "src/compiler/turboshaft/loop-peeling-phase.cc", "src/compiler/turboshaft/loop-unrolling-phase.cc", "src/compiler/turboshaft/loop-unrolling-reducer.cc", "src/compiler/turboshaft/machine-lowering-phase.cc", + "src/compiler/turboshaft/memory-optimization-phase.cc", "src/compiler/turboshaft/memory-optimization-reducer.cc", "src/compiler/turboshaft/operations.cc", - "src/compiler/turboshaft/optimize-phase.cc", "src/compiler/turboshaft/phase.cc", "src/compiler/turboshaft/pipelines.cc", "src/compiler/turboshaft/pretenuring-propagation-reducer.cc", "src/compiler/turboshaft/representations.cc", "src/compiler/turboshaft/sidetable.cc", "src/compiler/turboshaft/simplify-tf-loops.cc", - "src/compiler/turboshaft/store-store-elimination-phase.cc", "src/compiler/turboshaft/string-escape-analysis-reducer.cc", "src/compiler/turboshaft/turbolev-frontend-pipeline.cc", "src/compiler/turboshaft/turbolev-graph-builder.cc", @@ -5300,7 +5553,9 @@ if (!v8_enable_maglev) { "src/maglev/maglev-interpreter-frame-state.cc", "src/maglev/maglev-ir.cc", "src/maglev/maglev-known-node-aspects.cc", + "src/maglev/maglev-node-type.cc", "src/maglev/maglev-phi-representation-selector.cc", + "src/maglev/maglev-range-verification.cc", "src/maglev/maglev-truncation.cc", ] } @@ -5420,16 +5675,31 @@ if (v8_enable_wasm_simd256_revec) { ] } +exclude_from_compiler_cluster = [ + "src/compiler/turboshaft/turbolev-graph-builder.cc", # Slow. + "src/compiler/turboshaft/wasm-turboshaft-compiler.cc", # Pipeline::GenerateWasmCode. + "src/compiler/bytecode-analysis.cc", # Top-level 'using incl. + # 'interpreter::Register'. + "src/compiler/heap-refs.cc", # Is64() function. + "src/compiler/wasm-load-elimination.cc", # MayAlias. +] + +if (v8_enable_builtins_block_position) { + v8_compiler_sources += [ "src/compiler/backend/block-position.cc" ] +} + # The src/compiler files for use in mksnapshot. # - These might be built with additional optimizations if # v8_enable_fast_mksnapshot is set. # - We always include Turbofan even if v8_enable_turbofan is unset s.t. # builtins can be generated by mksnapshot. -v8_source_set("v8_compiler_for_mksnapshot_source_set") { +v8_cluster_source_set("v8_compiler_for_mksnapshot_source_set") { visibility = [ ":*" ] # Only targets in this file can depend on this. sources = v8_compiler_sources + exclude_from_cluster = exclude_from_compiler_cluster + public_deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -5437,6 +5707,9 @@ v8_source_set("v8_compiler_for_mksnapshot_source_set") { ":v8_maybe_icu", ":v8_tracing", ] + if (v8_enable_experimental_tq_to_tsa) { + public_deps += [ ":run_torque_to_tsa" ] + } deps = [ ":v8_base_without_compiler", @@ -5459,7 +5732,7 @@ v8_source_set("v8_compiler_for_mksnapshot_source_set") { } # The src/compiler files with default behavior. -v8_source_set("v8_compiler") { +v8_cluster_source_set("v8_compiler") { visibility = [ ":*" ] # Only targets in this file can depend on this. if (v8_enable_turbofan) { @@ -5469,6 +5742,8 @@ v8_source_set("v8_compiler") { sources = [ "src/compiler/turbofan-disabled.cc" ] } + exclude_from_cluster = exclude_from_compiler_cluster + public_deps = [ ":generate_bytecode_builtins_list", ":run_torque", @@ -5477,6 +5752,9 @@ v8_source_set("v8_compiler") { ":v8_maybe_icu", ":v8_tracing", ] + if (v8_enable_experimental_tq_to_tsa) { + public_deps += [ ":run_torque_to_tsa" ] + } deps = [ ":v8_base_without_compiler", @@ -5514,7 +5792,7 @@ group("v8_tracing") { } } -v8_source_set("v8_base_without_compiler") { +v8_cluster_source_set("v8_base_without_compiler") { # Only targets in this file and gcmole can depend on this. visibility = [ ":*", @@ -5524,6 +5802,24 @@ v8_source_set("v8_base_without_compiler") { # Split static libraries on windows into two. split_count = 2 + # Files excluded from clustering due to template instantiation order issues + # or because they are too large. + exclude_from_cluster = [ + "src/maglev/maglev-graph-builder.cc", + "src/maglev/maglev-ir.cc", + "src/snapshot/deserializer.cc", + "src/wasm/wasm-module.cc", + "src/heap/mark-compact.cc", # ShouldMovePage, also big. + "src/objects/intl-objects.cc", # CheckCalendar. + "src/objects/js-collator.cc", # CreateDataPropertyForOptions, also big. + "src/objects/js-display-names.cc", # CheckCalendar. + "src/objects/js-list-format.cc", + "src/objects/js-number-format.cc", # Style, also big. + "src/objects/js-temporal-objects.cc", # Unit, also big. + "src/runtime/runtime-test-wasm.cc", # WasmStackSize. + "src/sandbox/external-pointer-table.cc", # entry_spacer. + ] + sources = [ ### gcmole(all) ### "src/api/api-arguments.cc", @@ -5561,6 +5857,8 @@ v8_source_set("v8_base_without_compiler") { "src/builtins/builtins-internal.cc", "src/builtins/builtins-intl.cc", "src/builtins/builtins-json.cc", + "src/builtins/builtins-math-xsum.cc", + "src/builtins/builtins-math.cc", "src/builtins/builtins-number.cc", "src/builtins/builtins-object.cc", "src/builtins/builtins-reflect.cc", @@ -5674,6 +5972,7 @@ v8_source_set("v8_base_without_compiler") { "src/handles/traced-handles.cc", "src/heap/allocation-observer.cc", "src/heap/array-buffer-sweeper.cc", + "src/heap/base-page.cc", "src/heap/code-range.cc", "src/heap/code-stats.cc", "src/heap/collection-barrier.cc", @@ -5704,7 +6003,7 @@ v8_source_set("v8_base_without_compiler") { "src/heap/incremental-marking-job.cc", "src/heap/incremental-marking.cc", "src/heap/index-generator.cc", - "src/heap/large-page-metadata.cc", + "src/heap/large-page.cc", "src/heap/large-spaces.cc", "src/heap/local-factory.cc", "src/heap/local-heap.cc", @@ -5716,17 +6015,16 @@ v8_source_set("v8_base_without_compiler") { "src/heap/marking.cc", "src/heap/memory-allocator.cc", "src/heap/memory-balancer.cc", - "src/heap/memory-chunk-metadata.cc", "src/heap/memory-chunk.cc", "src/heap/memory-measurement.cc", "src/heap/memory-pool.cc", "src/heap/memory-reducer.cc", "src/heap/minor-gc-job.cc", "src/heap/minor-mark-sweep.cc", - "src/heap/mutable-page-metadata.cc", + "src/heap/mutable-page.cc", "src/heap/new-spaces.cc", + "src/heap/normal-page.cc", "src/heap/object-stats.cc", - "src/heap/page-metadata.cc", "src/heap/paged-spaces.cc", "src/heap/pretenuring-handler.cc", "src/heap/read-only-heap.cc", @@ -5811,6 +6109,7 @@ v8_source_set("v8_base_without_compiler") { "src/objects/js-atomics-synchronization.cc", "src/objects/js-break-iterator.cc", "src/objects/js-collator.cc", + "src/objects/js-data-object-builder.cc", "src/objects/js-date-time-format.cc", "src/objects/js-display-names.cc", "src/objects/js-disposable-stack.cc", @@ -5897,6 +6196,7 @@ v8_source_set("v8_base_without_compiler") { "src/regexp/experimental/experimental-interpreter.cc", "src/regexp/experimental/experimental.cc", "src/regexp/regexp-ast.cc", + "src/regexp/regexp-bytecode-analysis.cc", "src/regexp/regexp-bytecode-generator.cc", "src/regexp/regexp-bytecode-iterator.cc", "src/regexp/regexp-bytecode-peephole.cc", @@ -5904,10 +6204,8 @@ v8_source_set("v8_base_without_compiler") { "src/regexp/regexp-code-generator.cc", "src/regexp/regexp-compiler-tonode.cc", "src/regexp/regexp-compiler.cc", - "src/regexp/regexp-dotprinter.cc", "src/regexp/regexp-error.cc", "src/regexp/regexp-interpreter.cc", - "src/regexp/regexp-macro-assembler-tracer.cc", "src/regexp/regexp-macro-assembler.cc", "src/regexp/regexp-parser.cc", "src/regexp/regexp-result-vector.cc", @@ -5946,12 +6244,15 @@ v8_source_set("v8_base_without_compiler") { "src/runtime/runtime-typedarray.cc", "src/runtime/runtime-weak-refs.cc", "src/runtime/runtime.cc", + "src/sandbox/bytecode-verifier.cc", "src/sandbox/code-pointer-table.cc", "src/sandbox/cppheap-pointer-table.cc", "src/sandbox/external-pointer-table.cc", + "src/sandbox/external-strings-cage.cc", "src/sandbox/hardware-support.cc", "src/sandbox/js-dispatch-table.cc", "src/sandbox/sandbox.cc", + "src/sandbox/sandboxable-thread.cc", "src/sandbox/testing.cc", "src/sandbox/trusted-pointer-scope.cc", "src/sandbox/trusted-pointer-table.cc", @@ -5995,7 +6296,6 @@ v8_source_set("v8_base_without_compiler") { "src/utils/detachable-vector.cc", "src/utils/hex-format.cc", "src/utils/identity-map.cc", - "src/utils/memcopy.cc", "src/utils/ostreams.cc", "src/utils/output-stream.cc", "src/utils/sha-256.cc", @@ -6012,6 +6312,17 @@ v8_source_set("v8_base_without_compiler") { sources += [ "src/snapshot/snapshot-compression.cc" ] } + if (v8_enable_regexp_diagnostics) { + sources += [ + "src/regexp/regexp-ast-printer.cc", + "src/regexp/regexp-dotprinter.cc", + "src/regexp/regexp-graph-printer.cc", + "src/regexp/regexp-macro-assembler-tracer.cc", + "src/regexp/regexp-node-printer.cc", + "src/regexp/regexp-printer.cc", + ] + } + if (v8_enable_temporal_support) { sources += [ "src/builtins/builtins-temporal.cc", @@ -6044,8 +6355,10 @@ v8_source_set("v8_base_without_compiler") { "src/maglev/maglev-interpreter-frame-state.cc", "src/maglev/maglev-ir.cc", "src/maglev/maglev-known-node-aspects.cc", + "src/maglev/maglev-node-type.cc", "src/maglev/maglev-phi-representation-selector.cc", "src/maglev/maglev-pipeline-statistics.cc", + "src/maglev/maglev-range-verification.cc", "src/maglev/maglev-regalloc.cc", "src/maglev/maglev-truncation.cc", "src/maglev/maglev.cc", @@ -6080,6 +6393,11 @@ v8_source_set("v8_base_without_compiler") { "src/maglev/ppc/maglev-assembler-ppc.cc", "src/maglev/ppc/maglev-ir-ppc.cc", ] + } else if (v8_current_cpu == "loong64") { + sources += [ + "src/maglev/loong64/maglev-assembler-loong64.cc", + "src/maglev/loong64/maglev-ir-loong64.cc", + ] } } @@ -6111,6 +6429,7 @@ v8_source_set("v8_base_without_compiler") { "src/wasm/basic-block-calculator.cc", "src/wasm/canonical-types.cc", "src/wasm/code-space-access.cc", + "src/wasm/compilation-hints-generation.cc", "src/wasm/constant-expression-interface.cc", "src/wasm/constant-expression.cc", "src/wasm/function-body-decoder.cc", @@ -6145,8 +6464,10 @@ v8_source_set("v8_base_without_compiler") { "src/wasm/wasm-opcodes.cc", "src/wasm/wasm-result.cc", "src/wasm/wasm-serialization.cc", + "src/wasm/wasm-stack-wrapper-cache.cc", "src/wasm/wasm-subtyping.cc", "src/wasm/wasm-tracing.cc", + "src/wasm/wasm-wrapper-cache.cc", "src/wasm/well-known-imports.cc", ] if (v8_wasm_random_fuzzers) { @@ -6407,6 +6728,9 @@ v8_source_set("v8_base_without_compiler") { if (current_cpu == "x64" && is_linux) { sources += [ "src/trap-handler/handler-outside-simulator.cc" ] } + if (riscv_use_zicfiss) { + sources += [ "src/execution/riscv/shadow-stack-riscv.cc" ] + } } } else if (v8_current_cpu == "riscv32") { sources += [ @@ -6490,14 +6814,25 @@ v8_source_set("v8_base_without_compiler") { ":v8_maybe_icu", "//third_party/simdutf", ] + if (v8_enable_experimental_tq_to_tsa) { + public_deps += [ ":run_torque_to_tsa" ] + } if (v8_fuzzilli) { sources += [ - "src/fuzzilli/cov.cc", - "src/fuzzilli/cov.h", "src/fuzzilli/fuzzilli.cc", "src/fuzzilli/fuzzilli.h", ] + public_deps += [ ":fuzzilli_cov" ] + } + + if (v8_dumpling) { + sources += [ + "src/dumpling/dumpling-manager.cc", + "src/dumpling/dumpling-manager.h", + "src/dumpling/object-dumping.cc", + "src/dumpling/object-dumping.h", + ] } if (v8_enable_i18n_support) { @@ -6634,6 +6969,14 @@ v8_source_set("torque_base") { "src/torque/utils.h", ] + if (v8_enable_experimental_tq_to_tsa) { + sources += [ + "src/torque/ast-visitor.h", + "src/torque/tsa-generator.cc", + "src/torque/tsa-generator.h", + ] + } + deps = [ ":v8_flags", ":v8_shared_internal_headers", @@ -6701,6 +7044,7 @@ v8_component("v8_libbase") { "src/base/abort-mode.cc", "src/base/abort-mode.h", "src/base/address-region.h", + "src/base/algorithm.h", "src/base/atomic-utils.h", "src/base/atomicops.h", "src/base/base-export.h", @@ -6715,8 +7059,8 @@ v8_component("v8_libbase") { "src/base/compiler-specific.h", "src/base/container-utils.h", "src/base/contextual.h", - "src/base/cpu.cc", - "src/base/cpu.h", + "src/base/cpu/cpu.cc", + "src/base/cpu/cpu.h", "src/base/debug/stack_trace.cc", "src/base/debug/stack_trace.h", "src/base/discriminated-union.h", @@ -6730,6 +7074,7 @@ v8_component("v8_libbase") { "src/base/file-utils.cc", "src/base/file-utils.h", "src/base/flags.h", + "src/base/float16.h", "src/base/fpu.cc", "src/base/fpu.h", "src/base/free_deleter.h", @@ -6747,6 +7092,7 @@ v8_component("v8_libbase") { "src/base/logging.cc", "src/base/logging.h", "src/base/macros.h", + "src/base/memcopy.h", "src/base/memory.h", "src/base/numbers/bignum-dtoa.cc", "src/base/numbers/bignum-dtoa.h", @@ -6846,6 +7192,22 @@ v8_component("v8_libbase") { "src/base/vlq.h", ] + if (target_cpu == "x86" || target_cpu == "x64") { + sources += [ "src/base/cpu/cpu-x86.cc" ] + } else if (target_cpu == "arm" || target_cpu == "arm64") { + sources += [ "src/base/cpu/cpu-arm.cc" ] + } else if (target_cpu == "riscv64") { + sources += [ "src/base/cpu/cpu-riscv.cc" ] + } else if (target_cpu == "loong64") { + sources += [ "src/base/cpu/cpu-loong64.cc" ] + } else if (target_cpu == "mips64" || target_cpu == "mips64el") { + sources += [ "src/base/cpu/cpu-mips64.cc" ] + } else if (target_cpu == "ppc64") { + sources += [ "src/base/cpu/cpu-ppc.cc" ] + } else if (target_cpu == "s390x") { + sources += [ "src/base/cpu/cpu-s390.cc" ] + } + configs = [ ":internal_config_base" ] public_configs = [ ":libbase_config" ] @@ -7144,22 +7506,18 @@ v8_source_set("fuzzer_support") { v8_source_set("v8_bigint") { sources = [ + "src/bigint/bigint-inl.h", "src/bigint/bigint-internal.cc", "src/bigint/bigint-internal.h", "src/bigint/bigint.h", - "src/bigint/bitwise.cc", - "src/bigint/digit-arithmetic.h", "src/bigint/div-burnikel.cc", - "src/bigint/div-helpers.cc", - "src/bigint/div-helpers.h", + "src/bigint/div-helpers-inl.h", "src/bigint/div-schoolbook.cc", "src/bigint/fromstring.cc", "src/bigint/mul-karatsuba.cc", - "src/bigint/mul-schoolbook.cc", "src/bigint/tostring.cc", "src/bigint/util.h", - "src/bigint/vector-arithmetic.cc", - "src/bigint/vector-arithmetic.h", + "src/bigint/vector-arithmetic-inl.h", ] if (v8_advanced_bigint_algorithms) { @@ -7310,7 +7668,7 @@ v8_header_set("cppgc_headers") { public_deps = [ ":v8_config_headers" ] } -v8_source_set("cppgc_base") { +v8_cluster_source_set("cppgc_base") { visibility = [ ":*" ] sources = [ @@ -7410,6 +7768,10 @@ v8_source_set("cppgc_base") { "src/heap/cppgc/write-barrier.h", ] + exclude_from_cluster = [ + "src/heap/cppgc/concurrent-marker.cc", # kDefaultDeadlineCheckInterval. + ] + if (cppgc_enable_caged_heap) { sources += [ "src/heap/cppgc/caged-heap-local-data.cc", @@ -7438,6 +7800,7 @@ v8_source_set("cppgc_base") { if (v8_use_perfetto) { sources += [ + "src/tracing/perfetto-sdk.h", "src/tracing/trace-categories.cc", "src/tracing/trace-categories.h", ] @@ -7754,11 +8117,19 @@ group("v8_python_base") { data = [ ".vpython3" ] } +# Enable fallbacks for files that might be hard to access on Clusterfuzz. +copy("v8_clusterfuzz_fallbacks") { + testonly = true + sources = [ "test/mjsunit/wasm/wasm-module-builder.js" ] + outputs = [ "$root_out_dir/test/mjsunit/wasm/wasm-module-builder.js" ] +} + group("v8_clusterfuzz") { testonly = true deps = [ ":d8", + ":v8_clusterfuzz_fallbacks", ":v8_simple_inspector_fuzzer", "tools/clusterfuzz/trials:v8_clusterfuzz_resources", ] @@ -8006,6 +8377,8 @@ v8_executable("d8") { "src/d8/d8-test.cc", "src/d8/d8.cc", "src/d8/d8.h", + "src/d8/hardware-watchpoints.cc", + "src/d8/hardware-watchpoints.h", ] configs = [ @@ -8309,6 +8682,9 @@ if (v8_enable_webassembly) { ":v8_shared_internal_headers", ":v8_tracing", ] + if (v8_enable_experimental_tq_to_tsa) { + deps += [ ":run_torque_to_tsa" ] + } public_deps = [ ":v8_abseil", @@ -8409,6 +8785,9 @@ group("v8_generated_cc_files") { ":run_torque", "src/inspector:v8_generated_cc_files", ] + if (v8_enable_experimental_tq_to_tsa) { + deps += [ ":run_torque_to_tsa" ] + } } # Protobuf targets, used only when building outside of chromium. @@ -8437,6 +8816,24 @@ if (!build_with_chromium && v8_use_perfetto) { } } # if (!build_with_chromium && v8_use_perfetto) +if (v8_fuzzilli) { + v8_source_set("fuzzilli_cov") { + visibility = [ "*" ] + sources = [ + "src/fuzzilli/cov.cc", + "src/fuzzilli/cov.h", + ] + configs = [ + ":internal_config_base", + ":internal_config", + ] + deps = [ + ":v8_internal_headers", + ":v8_libbase", + ] + } +} + # GN evaluates each .gn file once per toolchain, so restricting to default # toolchain will ensure write_file() is called only once. if (current_toolchain == default_toolchain) { diff --git a/deps/v8/COMMON_OWNERS b/deps/v8/COMMON_OWNERS index 1a14c2458d6d0d..87e36677744ae4 100644 --- a/deps/v8/COMMON_OWNERS +++ b/deps/v8/COMMON_OWNERS @@ -8,6 +8,7 @@ dinfuehr@chromium.org dlehmann@chromium.org dmercadier@chromium.org ecmziegler@chromium.org +emaxx@google.com evih@chromium.org fgm@chromium.org gdeepti@chromium.org diff --git a/deps/v8/DEPS b/deps/v8/DEPS index 86740bd8ebbf1d..b2c1f763079317 100644 --- a/deps/v8/DEPS +++ b/deps/v8/DEPS @@ -6,6 +6,7 @@ use_relative_paths = True gclient_gn_args_file = 'build/config/gclient_args.gni' gclient_gn_args = [ + 'checkout_src_internal', ] vars = { @@ -29,6 +30,8 @@ vars = { 'checkout_instrumented_libraries': False, 'checkout_ittapi': False, + # Checkout extra benchmarks. + 'checkout_benchmarks': False, # Fetch the prebuilt binaries for llvm-cov and llvm-profdata. Needed to # process the raw profiles produced by instrumented targets (built with @@ -58,6 +61,9 @@ vars = { # Used for downloading the Fuchsia SDK without running hooks. 'checkout_fuchsia_no_hooks': False, + # V8 doesn't need src_internal, but some shared GN files use this variable. + 'checkout_src_internal': False, + # reclient CIPD package version 'reclient_version': 're_client_version:0.185.0.db415f21-gomaip', @@ -74,65 +80,60 @@ vars = { # This variable is overrided in Chromium's DEPS file. 'build_with_chromium': False, + # Repository URL + 'chromium_jetstream_git': 'https://chromium.googlesource.com/external/github.com/WebKit/JetStream.git', + # GN CIPD package version. - 'gn_version': 'git_revision:07d3c6f4dc290fae5ca6152ebcb37d6815c411ab', + 'gn_version': 'git_revision:6e8dcdebbadf4f8aa75e6a4b6e0bdf89dce1513a', # ninja CIPD package version # https://chrome-infra-packages.appspot.com/p/infra/3pp/tools/ninja 'ninja_version': 'version:3@1.12.1.chromium.4', # siso CIPD package version - 'siso_version': 'git_revision:0915813c4c786240e12d03aa3018c02bab4df14f', + 'siso_version': 'git_revision:87bad442ede1c60700dfabef5862c4a584621734', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling Fuchsia sdk # and whatever else without interference from each other. - 'fuchsia_version': 'version:29.20251023.3.1', + 'fuchsia_version': 'version:31.20260327.5.1', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling partition_alloc_version # and whatever else without interference from each other. - 'partition_alloc_version': 'db8446987dfff3cfc0c100b7d58e6a404ef639eb', + 'partition_alloc_version': 'b707a2ca5567b06f4b886fbcd888dfa7e8044718', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_build-tools_version # and whatever else without interference from each other. - 'android_sdk_build-tools_version': 'y3EsZLg4bxPmpW0oYsAHylywNyMnIwPS3kh1VbQLAFAC', + 'android_sdk_build-tools_version': 'febJrTgiK9s1ANoUlc4Orn3--zs9GjGCj2vQc8g7OaMC', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_emulator_version # and whatever else without interference from each other. 'android_sdk_emulator_version': '9lGp8nTUCRRWGMnI_96HcKfzjnxEJKUcfvfwmA3wXNkC', # Three lines of non-changing comments so that - # the commit queue can handle CLs rolling android_sdk_extras_version - # and whatever else without interference from each other. - 'android_sdk_extras_version': 'bY55nDqO6FAm6FkGIj09sh2KW9oqAkCGKjYok5nUvBMC', - # Three lines of non-changing comments so that - # the commit queue can handle CLs rolling android_sdk_patcher_version - # and whatever else without interference from each other. - 'android_sdk_patcher_version': 'I6FNMhrXlpB-E1lOhMlvld7xt9lBVNOO83KIluXDyA0C', - # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_platform-tools_version # and whatever else without interference from each other. 'android_sdk_platform-tools_version': 'qTD9QdBlBf3dyHsN1lJ0RH6AhHxR42Hmg2Ih-Vj4zIEC', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_platforms_version # and whatever else without interference from each other. - 'android_sdk_platforms_version': '_YHemUrK49JrE7Mctdf5DDNOHu1VKBx_PTcWnZ-cbOAC', - # Three lines of non-changing comments so that - # the commit queue can handle CLs rolling android_sdk_sources_version - # and whatever else without interference from each other. - 'android_sdk_sources_version': 'qfTSF99e29-w3eIVPpfcif0Em5etyvxuicTDTntWHQMC', + 'android_sdk_platforms_version': 'WhtP32Q46ZHdTmgCgdauM3ws_H9iPoGKEZ_cPggcQ6wC', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling android_sdk_tools-lint_version # and whatever else without interference from each other. 'android_sdk_cmdline-tools_version': 'gekOVsZjseS1w9BXAT3FsoW__ByGDJYS9DgqesiwKYoC', + # Three lines of non-changing comments so that + # the commit queue can handle CLs rolling jetstream_3.0-custom_revision + # and whatever else without interference from each other. + 'jetstream_3.0-custom_revision': '2145cedef4ca2777b792cb0059d3400ee2a6153c', } deps = { 'build': - Var('chromium_url') + '/chromium/src/build.git' + '@' + '81330a6e45719ab8c0d22e5548afbedb5482b068', + Var('chromium_url') + '/chromium/src/build.git' + '@' + '9b7e5bb55b71044930fcf31b3fe531ad63151813', 'buildtools': - Var('chromium_url') + '/chromium/src/buildtools.git' + '@' + '723d636763a2635105e0e912bae25f662b2acaa8', + Var('chromium_url') + '/chromium/src/buildtools.git' + '@' + '22e55595e15ebbbbb4bef118d5a654b185b0b30d', 'buildtools/linux64': { 'packages': [ { @@ -173,12 +174,17 @@ deps = { 'dep_type': 'cipd', 'condition': '(host_os == "linux" or host_os == "mac" or host_os == "win") and host_cpu != "s390x" and host_os != "zos" and host_cpu != "ppc64" and (host_cpu != "arm64" or host_os == "mac")', }, + # TODO(498118202): Use checkout_benchmarks here too. 'test/benchmarks/data': Var('chromium_url') + '/v8/deps/third_party/benchmarks.git' + '@' + '05d7188267b4560491ff9155c5ee13e207ecd65f', + 'test/benchmarks/JetStream3': { + 'url': Var('chromium_jetstream_git') + '@' + Var('jetstream_3.0-custom_revision'), + 'condition': 'checkout_benchmarks', + }, 'test/mozilla/data': Var('chromium_url') + '/v8/deps/third_party/mozilla-tests.git' + '@' + 'f6c578a10ea707b1a8ab0b88943fe5115ce2b9be', 'test/test262/data': - Var('chromium_url') + '/external/github.com/tc39/test262.git' + '@' + 'd2940bdbb0e28fd002ec31b89f8182bbf63da092', + Var('chromium_url') + '/external/github.com/tc39/test262.git' + '@' + '5c8206929d81b2d3d727ca6aac56c18358c8d790', 'third_party/android_platform': { 'url': Var('chromium_url') + '/chromium/src/third_party/android_platform.git' + '@' + 'e3919359f2387399042d31401817db4a02d756ec', 'condition': 'checkout_android', @@ -186,33 +192,21 @@ deps = { 'third_party/android_sdk/public': { 'packages': [ { - 'package': 'chromium/third_party/android_sdk/public/build-tools/36.0.0', + 'package': 'chromium/third_party/android_sdk/public/build-tools/37.0.0', 'version': Var('android_sdk_build-tools_version'), }, { 'package': 'chromium/third_party/android_sdk/public/emulator', 'version': Var('android_sdk_emulator_version'), }, - { - 'package': 'chromium/third_party/android_sdk/public/extras', - 'version': Var('android_sdk_extras_version'), - }, - { - 'package': 'chromium/third_party/android_sdk/public/patcher', - 'version': Var('android_sdk_patcher_version'), - }, { 'package': 'chromium/third_party/android_sdk/public/platform-tools', 'version': Var('android_sdk_platform-tools_version'), }, { - 'package': 'chromium/third_party/android_sdk/public/platforms/android-36', + 'package': 'chromium/third_party/android_sdk/public/platforms/android-37.0', 'version': Var('android_sdk_platforms_version'), }, - { - 'package': 'chromium/third_party/android_sdk/public/sources/android-30', - 'version': Var('android_sdk_sources_version'), - }, { 'package': 'chromium/third_party/android_sdk/public/cmdline-tools', 'version': Var('android_sdk_cmdline-tools_version'), @@ -232,7 +226,7 @@ deps = { 'dep_type': 'cipd', }, 'third_party/catapult': { - 'url': Var('chromium_url') + '/catapult.git' + '@' + '4daf7b2cead7fb17ec3da4eedb30215e3bd3674a', + 'url': Var('chromium_url') + '/catapult.git' + '@' + '5a34891efa6e41c8aca8842386b8ee528963ffdf', 'condition': 'checkout_android', }, 'third_party/clang-format/script': @@ -246,19 +240,19 @@ deps = { 'condition': 'checkout_android', }, 'third_party/depot_tools': - Var('chromium_url') + '/chromium/tools/depot_tools.git' + '@' + '8a1ec6a0213ae033f6749f261e1c528488349991', + Var('chromium_url') + '/chromium/tools/depot_tools.git' + '@' + 'f63aa542d288ba4c73043329d097570688980df2', 'third_party/dragonbox/src': - Var('chromium_url') + '/external/github.com/jk-jeon/dragonbox.git' + '@' + '6c7c925b571d54486b9ffae8d9d18a822801cbda', + Var('chromium_url') + '/external/github.com/jk-jeon/dragonbox.git' + '@' + 'beeeef91cf6fef89a4d4ba5e95d47ca64ccb3a44', 'third_party/fp16/src': Var('chromium_url') + '/external/github.com/Maratyszcza/FP16.git' + '@' + '3d2de1816307bac63c16a297e8c4dc501b4076df', 'third_party/fast_float/src': Var('chromium_url') + '/external/github.com/fastfloat/fast_float.git' + '@' + 'cb1d42aaa1e14b09e1452cfdef373d051b8c02a4', 'third_party/fuchsia-gn-sdk': { - 'url': Var('chromium_url') + '/chromium/src/third_party/fuchsia-gn-sdk.git' + '@' + '99294ee55f28f8ae5a3552f4c435528e4c1686b6', + 'url': Var('chromium_url') + '/chromium/src/third_party/fuchsia-gn-sdk.git' + '@' + '2e07271b7993db4fe4d09679ad605d9740d70386', 'condition': 'checkout_fuchsia', }, 'third_party/simdutf': - Var('chromium_url') + '/chromium/src/third_party/simdutf' + '@' + 'acd71a451c1bcb808b7c3a77e0242052909e381e', + Var('chromium_url') + '/chromium/src/third_party/simdutf' + '@' + 'f7356eed293f8208c40b3c1b344a50bd70971983', # Exists for rolling the Fuchsia SDK. Check out of the SDK should always # rely on the hook running |update_sdk.py| script below. 'third_party/fuchsia-sdk/sdk': { @@ -272,23 +266,23 @@ deps = { 'dep_type': 'cipd', }, 'third_party/google_benchmark_chrome': { - 'url': Var('chromium_url') + '/chromium/src/third_party/google_benchmark.git' + '@' + 'fa1929c5500ccfc01852ba50ff9258303e93601e', + 'url': Var('chromium_url') + '/chromium/src/third_party/google_benchmark.git' + '@' + 'abeba5d5e6db5bdf85261045e148f1db3fdc40ad', }, 'third_party/google_benchmark_chrome/src': { - 'url': Var('chromium_url') + '/external/github.com/google/benchmark.git' + '@' + '761305ec3b33abf30e08d50eb829e19a802581cc', + 'url': Var('chromium_url') + '/external/github.com/google/benchmark.git' + '@' + '188e8278990a9069ffc84441cb5a024fd0bede37', }, 'third_party/fuzztest': - Var('chromium_url') + '/chromium/src/third_party/fuzztest.git' + '@' + 'aa6ba9074b8d66a2e2853a0a0992c25966022e13', + Var('chromium_url') + '/chromium/src/third_party/fuzztest.git' + '@' + 'c30987fb83696d87a9c0bccc010c3e8fd04c4f95', 'third_party/fuzztest/src': - Var('chromium_url') + '/external/github.com/google/fuzztest.git' + '@' + '7940ee9a7ebce6419c6391eef8b289524b16f198', + Var('chromium_url') + '/external/github.com/google/fuzztest.git' + '@' + '96e0bf47f71f15c921538f6f84e84d940dd00849', 'third_party/googletest/src': - Var('chromium_url') + '/external/github.com/google/googletest.git' + '@' + 'b2b9072ecbe874f5937054653ef8f2731eb0f010', + Var('chromium_url') + '/external/github.com/google/googletest.git' + '@' + '4fe3307fb2d9f86d19777c7eb0e4809e9694dde7', 'third_party/highway/src': Var('chromium_url') + '/external/github.com/google/highway.git' + '@' + '84379d1c73de9681b54fbe1c035a23c7bd5d272d', 'third_party/icu': - Var('chromium_url') + '/chromium/deps/icu.git' + '@' + 'f27805b7d7d8618fa73ce89e9d28e0a8b2216fec', + Var('chromium_url') + '/chromium/deps/icu.git' + '@' + 'ee5f27adc28bd3f15b2c293f726d14d2e336cbd5', 'third_party/instrumented_libs': { - 'url': Var('chromium_url') + '/chromium/third_party/instrumented_libraries.git' + '@' + '69015643b3f68dbd438c010439c59adc52cac808', + 'url': Var('chromium_url') + '/chromium/third_party/instrumented_libraries.git' + '@' + 'e8cb570a9a2ee9128e2214c73417ad2a3c47780b', 'condition': 'checkout_instrumented_libraries', }, 'third_party/ittapi': { @@ -302,179 +296,179 @@ deps = { 'third_party/jsoncpp/source': Var('chromium_url') + '/external/github.com/open-source-parsers/jsoncpp.git'+ '@' + '42e892d96e47b1f6e29844cc705e148ec4856448', 'third_party/libc++/src': - Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxx.git' + '@' + 'cdb24138c1591d12b07d5147825ec7dfeb495276', + Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxx.git' + '@' + '7ab65651aed6802d2599dcb7a73b1f82d5179d05', 'third_party/libc++abi/src': - Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxxabi.git' + '@' + 'a02fa0058d8d52aca049868d229808a3e5dadbad', + Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxxabi.git' + '@' + '8f11bb1d4438d0239d0dfc1bd9456a9f31629dda', 'third_party/libpfm4': - Var('chromium_url') + '/chromium/src/third_party/libpfm4.git' + '@' + '25c29f04c9127e1ca09e6c1181f74850aa7f118b', + Var('chromium_url') + '/chromium/src/third_party/libpfm4.git' + '@' + 'd35e15a834ad4e05ba2f0a3c1a2b76fde99a0570', 'third_party/libpfm4/src': - Var('chromium_url') + '/external/git.code.sf.net/p/perfmon2/libpfm4.git' + '@' + '964baf9d35d5f88d8422f96d8a82c672042e7064', + Var('chromium_url') + '/external/git.code.sf.net/p/perfmon2/libpfm4.git' + '@' + '977a25bb3dfe45f653a6cee71ffaae9a92fc3095', 'third_party/libunwind/src': - Var('chromium_url') + '/external/github.com/llvm/llvm-project/libunwind.git' + '@' + '61ba011ba3c4ed238af93ebad476d3ab5a2fb5ab', + Var('chromium_url') + '/external/github.com/llvm/llvm-project/libunwind.git' + '@' + '092645a3fa57462b31e589cd4fc975c15aac2ed9', 'third_party/llvm-libc/src': - Var('chromium_url') + '/external/github.com/llvm/llvm-project/libc.git' + '@' + 'db35841a6fcbeee98e4d7fe6ba3df1a876a18a62', + Var('chromium_url') + '/external/github.com/llvm/llvm-project/libc.git' + '@' + '6b594bd5f1cdc8c599bffe9197ee4b69785fef8e', 'third_party/llvm-build/Release+Asserts': { 'dep_type': 'gcs', 'bucket': 'chromium-browser-clang', 'objects': [ { - 'object_name': 'Linux_x64/clang-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'f6a487ffd0e56ba7a39b063d85d1f8ff7846514f50635785730cffb7368872ce', - 'size_bytes': 55669844, - 'generation': 1759771493989631, + 'object_name': 'Linux_x64/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '750b331006635281d7d90696629f67db748ba62004c46675eccb8af144141847', + 'size_bytes': 58029996, + 'generation': 1772218390302503, 'condition': 'host_os == "linux"', }, { - 'object_name': 'Linux_x64/clang-tidy-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '4fc7aacf4c25e50a25a941f1186a9e042ae26a2c5c698f359907798fa68106c8', - 'size_bytes': 14053336, - 'generation': 1759771494041411, + 'object_name': 'Linux_x64/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'd53439bb6ac13c8d2c30c20555ded434039802f70d4119c0138bd77d03552223', + 'size_bytes': 14392856, + 'generation': 1772218390323510, 'condition': 'host_os == "linux" and checkout_clang_tidy', }, { - 'object_name': 'Linux_x64/clangd-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '238897cb0b55ffcb7f6b8f6a10055e44e05023642441a800895704ced91d37d1', - 'size_bytes': 14197108, - 'generation': 1759771494144266, + 'object_name': 'Linux_x64/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'a24613fb7afce42c076bb95d1b671ac028746b379e88070c126f0aab17a4c34e', + 'size_bytes': 14635272, + 'generation': 1772218390330947, 'condition': 'host_os == "linux" and checkout_clangd', }, { - 'object_name': 'Linux_x64/llvm-code-coverage-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '2c5b0bf210ca982d8ec37cacf3d06d9c45bd6e68b33dcaabce0d108d6c266a36', - 'size_bytes': 2272128, - 'generation': 1759771494296549, + 'object_name': 'Linux_x64/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '8dcd816a83361b7924093ccba92dfe6bd29af2cf8af58bf7ce785b38c5027a8b', + 'size_bytes': 2328908, + 'generation': 1772218390452408, 'condition': 'host_os == "linux" and checkout_clang_coverage_tools', }, { - 'object_name': 'Linux_x64/llvmobjdump-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'fd644634db56977b072d951f26571ac41c9c298bf5989e99efeb150ee8427364', - 'size_bytes': 5666140, - 'generation': 1759771494159187, + 'object_name': 'Linux_x64/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '0a15d6b8c2b774b0706618d2afa123b9c87af2ec12e74dc44346df4c4690b670', + 'size_bytes': 5780116, + 'generation': 1772218390340688, 'condition': '(checkout_linux or checkout_mac or checkout_android) and host_os == "linux"', }, { - 'object_name': 'Mac/clang-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '44811b6ed6868142c088807f6bcc0d08811a7b11d3f2bc2124c45868037e8cc3', - 'size_bytes': 53583464, - 'generation': 1759771495565305, + 'object_name': 'Mac/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '2661847eb275079358ab186eaf7f85d6139d44c7413a731dfac7f5ed1ec34a01', + 'size_bytes': 54827776, + 'generation': 1772218392155773, 'condition': 'host_os == "mac" and host_cpu == "x64"', }, { - 'object_name': 'Mac/clang-mac-runtime-library-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '8a2e16410bede5d52c77a012f182dde2350b05e647f7c1acaf7823ce816b4422', - 'size_bytes': 1005144, - 'generation': 1759771503758969, + 'object_name': 'Mac/clang-mac-runtime-library-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '69918295c163ec5a20aede81d4100bbd41e01142d32e0555366bba05141f7bf2', + 'size_bytes': 1010608, + 'generation': 1772218399449599, 'condition': 'checkout_mac and not host_os == "mac"', }, { - 'object_name': 'Mac/clang-tidy-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '66633fe8846fddeda86b5ee992b945939bfe46567c9c685900c39531d22ce5cf', - 'size_bytes': 14133312, - 'generation': 1759771495642847, + 'object_name': 'Mac/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'b8013fe5d2410db4f365ec8779972415d1d0a08042a3a43f823a0da712108cff', + 'size_bytes': 14280488, + 'generation': 1772218392176137, 'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clang_tidy', }, { - 'object_name': 'Mac/clangd-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '44088b951aa7ddc96c0f32703b076311a7e7b803b3adfe0bfe9725f78c4fab29', - 'size_bytes': 15627392, - 'generation': 1759771495653658, + 'object_name': 'Mac/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '508098b26e74bd7f5cdcc40a2ed2db24e2bdde15e0f1c14ce94f685f991b3dd6', + 'size_bytes': 15455912, + 'generation': 1772218392186146, 'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clangd', }, { - 'object_name': 'Mac/llvm-code-coverage-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '79d62c78d256a508a0f3dbe59aa0fdf0391a9d462bf74e56adc1dee82efa83ac', - 'size_bytes': 2321940, - 'generation': 1759771495825689, + 'object_name': 'Mac/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '46c33f13a68fc14005560c01a91215b5cab54c07e920a714264352e46af1350c', + 'size_bytes': 2376304, + 'generation': 1772218392292978, 'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clang_coverage_tools', }, { - 'object_name': 'Mac/llvmobjdump-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'a10d075e19e7b614ffd8c5a65f04fbd45011ec74c735dda89f0b3780ab397329', - 'size_bytes': 5567160, - 'generation': 1759771495741126, + 'object_name': 'Mac/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '6a92e3f21b3a035f406313d24688bb1b312a9a0ec423ff808752b6638104aff3', + 'size_bytes': 5699700, + 'generation': 1772218392189830, 'condition': 'host_os == "mac" and host_cpu == "x64"', }, { - 'object_name': 'Mac_arm64/clang-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'c97e4f62cdd77edf725ccbf4cd63b589302605bf643c871f83214f39e629b2ea', - 'size_bytes': 44593804, - 'generation': 1759771504972271, + 'object_name': 'Mac_arm64/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '909be0f896bcf140c710548ccda4673c0aea2480e28d10803c19b1689b36acd5', + 'size_bytes': 45847044, + 'generation': 1772218401088162, 'condition': 'host_os == "mac" and host_cpu == "arm64"', }, { - 'object_name': 'Mac_arm64/clang-tidy-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '3a0eb0fb3a4633c8b4b143e826c5476c41cdd6bd0db8e93a74bbee6520b02b79', - 'size_bytes': 12136348, - 'generation': 1759771505073378, + 'object_name': 'Mac_arm64/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '83dc8d90529730ae503e684ea0047a0baec2b0c4a81941d1bb4196feea6ba264', + 'size_bytes': 12444972, + 'generation': 1772218401143017, 'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clang_tidy', }, { - 'object_name': 'Mac_arm64/clangd-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '2a5dc1f385bacd25b974b8aa15c57008e33bc384521e2d705a940acbb3292356', - 'size_bytes': 12479180, - 'generation': 1759771505148040, + 'object_name': 'Mac_arm64/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '3b7ff06ccd41b0a1fb165e182a35bcd74ae49172f1720cd276eb5feac0e3dd9f', + 'size_bytes': 12816980, + 'generation': 1772218401144631, 'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clangd', }, { - 'object_name': 'Mac_arm64/llvm-code-coverage-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '00bf0f82ca9aff15f32e7f0cf7e7b25d36a5a672a1a9bc345c1b7e140a478f93', - 'size_bytes': 1948520, - 'generation': 1759771505303586, + 'object_name': 'Mac_arm64/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '67148555d00427a3eaa8aeefb8c4c4e1271d585315bdbf0d28d20fd78957e309', + 'size_bytes': 1988008, + 'generation': 1772218401224240, 'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clang_coverage_tools', }, { - 'object_name': 'Mac_arm64/llvmobjdump-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '7aa959752d6beafc74129e4822912021f855584e55a55600044f1d42b889f8b0', - 'size_bytes': 5292960, - 'generation': 1759771505201957, + 'object_name': 'Mac_arm64/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'a31075e7f46ed77c62ecec424722bec8335ef306a4701660f19b713229c49afa', + 'size_bytes': 5421552, + 'generation': 1772218401116635, 'condition': 'host_os == "mac" and host_cpu == "arm64"', }, { - 'object_name': 'Win/clang-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'fc756186dea61e700bd0f885b585050d9356bbd7f942dafae25d38eef4671adf', - 'size_bytes': 47657436, - 'generation': 1759771514781908, + 'object_name': 'Win/clang-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': 'f2c9d2a8accf7ed2e3c19b3f67fb94e60365411a536fb9d71391dd2d4e7e14bb', + 'size_bytes': 49546756, + 'generation': 1772218410442709, 'condition': 'host_os == "win"', }, { - 'object_name': 'Win/clang-tidy-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'f7ecd7e8d555e8622e0096ea1aca3ddb3fb4e89e91228c3c87289a4b8ca7919c', - 'size_bytes': 14016476, - 'generation': 1759771514824669, + 'object_name': 'Win/clang-tidy-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '99e00bbb404557db32df4e7a183ac520c526fe0e143ca380dfb2d0c33a2025b5', + 'size_bytes': 14462056, + 'generation': 1772218410470169, 'condition': 'host_os == "win" and checkout_clang_tidy', }, { - 'object_name': 'Win/clang-win-runtime-library-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '0a426702c9e0f92ea27f9611a1665cc5df9a58820360d3fa6a4026b9a0e5120f', - 'size_bytes': 2501292, - 'generation': 1759771523074183, + 'object_name': 'Win/clang-win-runtime-library-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '62e9c022223e0fa6ff855c25dcee524818f04c570127ed7e74895b320a10100a', + 'size_bytes': 2597584, + 'generation': 1772218417651221, 'condition': 'checkout_win and not host_os == "win"', }, { - 'object_name': 'Win/clangd-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'b172d0246511cdeffbc5a4fa44ad402a6b9eacd9d3e2e77d88a9965f80d344d5', - 'size_bytes': 14364312, - 'generation': 1759771514873065, + 'object_name': 'Win/clangd-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '6a3ab3afb8d2e7f4a04eecd8073993586665ede3929308a0fa0119d9382b1e2d', + 'size_bytes': 14887416, + 'generation': 1772218410483998, 'condition': 'host_os == "win" and checkout_clangd', }, { - 'object_name': 'Win/llvm-code-coverage-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': 'b70528795afd95729971b74939e512c638a8a93fd1ee1c9205a6240f7af28802', - 'size_bytes': 2368144, - 'generation': 1759771515105244, + 'object_name': 'Win/llvm-code-coverage-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '4bd610d2fbcc6e2bd8fd2df8d8c23a915373f8c987701d295314e8b33d457075', + 'size_bytes': 2479300, + 'generation': 1772218410570017, 'condition': 'host_os == "win" and checkout_clang_coverage_tools', }, { - 'object_name': 'Win/llvmobjdump-llvmorg-22-init-8940-g4d4cb757-84.tar.xz', - 'sha256sum': '94c068f109e220e028a38f5beced7d6acd67725fc0b1da9fa8ed1b959f12d799', - 'size_bytes': 5673824, - 'generation': 1759771514962844, + 'object_name': 'Win/llvmobjdump-llvmorg-23-init-5669-g8a0be0bc-1.tar.xz', + 'sha256sum': '2ee77b6240b76353840439b38e7009d9f1fb8e97930dbbef3b1ff805ee981c5f', + 'size_bytes': 5846184, + 'generation': 1772218410487302, 'condition': '(checkout_linux or checkout_mac or checkout_android) and host_os == "win"', }, ], }, 'third_party/logdog/logdog': - Var('chromium_url') + '/infra/luci/luci-py/client/libs/logdog' + '@' + '0b2078a90f7a638d576b3a7c407d136f2fb62399', + Var('chromium_url') + '/infra/luci/luci-py/client/libs/logdog' + '@' + '62fe96d7fd97a62f21a4665d2e71f69e9eedb04e', 'third_party/markupsafe': Var('chromium_url') + '/chromium/src/third_party/markupsafe.git' + '@' + '4256084ae14175d38a3ff7d739dca83ae49ccec6', 'third_party/ninja': { @@ -492,56 +486,56 @@ deps = { 'condition': 'not build_with_chromium', }, 'third_party/perfetto': - Var('android_url') + '/platform/external/perfetto.git' + '@' + '40b529923598b739b2892a536a7692eedbed5685', + Var('chromium_url') + '/external/github.com/google/perfetto.git' + '@' + '6590fe9caf7164476c046cadb14ef9c8f79283e7', 'third_party/protobuf': - Var('chromium_url') + '/chromium/src/third_party/protobuf.git' + '@' + 'fcb7931541e4fe633b796db3f3e6f54c2dd297a8', + Var('chromium_url') + '/chromium/src/third_party/protobuf.git' + '@' + '04bb12d7ca5e16c58b55012acb32f07c89dd4e2b', 'third_party/re2/src': - Var('chromium_url') + '/external/github.com/google/re2.git' + '@' + '61c4644171ee6b480540bf9e569cba06d9090b4b', + Var('chromium_url') + '/external/github.com/google/re2.git' + '@' + '972a15cedd008d846f1a39b2e88ce48d7f166cbd', 'third_party/requests': { 'url': Var('chromium_url') + '/external/github.com/kennethreitz/requests.git' + '@' + 'c7e0fc087ceeadb8b4c84a0953a422c474093d6d', 'condition': 'checkout_android', }, 'tools/rust': - Var('chromium_url') + '/chromium/src/tools/rust' + '@' + '12557fcc00d7e94caa5e270d7343b566e48a68ae', + Var('chromium_url') + '/chromium/src/tools/rust' + '@' + '69bb79a132d32d67b6f6820226b02e50f1945202', 'tools/win': - Var('chromium_url') + '/chromium/src/tools/win' + '@' + '24494b071e019a2baea4355d9870ffc5fc0bbafe', + Var('chromium_url') + '/chromium/src/tools/win' + '@' + 'bfff5550ec231441c314c64878d860fdb6fdf174', 'third_party/rust': - Var('chromium_url') + '/chromium/src/third_party/rust' + '@' + '4d93511ebaceb09ebdd83c8876a4a936b75fa04d', + Var('chromium_url') + '/chromium/src/third_party/rust' + '@' + '2a12e46feff53058a40c57d21357279f0590a9f8', 'third_party/rust-toolchain': { 'dep_type': 'gcs', 'bucket': 'chromium-browser-clang', 'objects': [ { - 'object_name': 'Linux_x64/rust-toolchain-15283f6fe95e5b604273d13a428bab5fc0788f5a-1-llvmorg-22-init-8940-g4d4cb757.tar.xz', - 'sha256sum': '2bdaea0b11cb11a8f2f4dcb79b0dbb4bf38e2bd22479ff8014f55b9b6890e135', - 'size_bytes': 142044388, - 'generation': 1758743116775859, + 'object_name': 'Linux_x64/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': 'afbb00d27b8f9f65e6a754fb21e80dff084993285cf7f3c0020dece59c5bd67a', + 'size_bytes': 271641712, + 'generation': 1773769777991797, 'condition': 'host_os == "linux"', }, { - 'object_name': 'Mac/rust-toolchain-15283f6fe95e5b604273d13a428bab5fc0788f5a-1-llvmorg-22-init-8940-g4d4cb757.tar.xz', - 'sha256sum': '351347e1930a900c63b3953cdb10775b73572c6145e389f3820ba920816d46ca', - 'size_bytes': 135891820, - 'generation': 1758743118329536, + 'object_name': 'Mac/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': '70b86e82f1cb55777d40b5828ddcb80afea49510085290424b61251d22e9f959', + 'size_bytes': 259443552, + 'generation': 1773769780408342, 'condition': 'host_os == "mac" and host_cpu == "x64"', }, { - 'object_name': 'Mac_arm64/rust-toolchain-15283f6fe95e5b604273d13a428bab5fc0788f5a-1-llvmorg-22-init-8940-g4d4cb757.tar.xz', - 'sha256sum': '33d6b8cf4fc6617aa98888a46bc1dbef29ae9a9ebd01c3f248ef8c08ec5f198b', - 'size_bytes': 123302332, - 'generation': 1758743119839246, + 'object_name': 'Mac_arm64/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': 'e2e19684f31b653ce9238f6303aec22576085528c294757a7157d4ab5e1926dc', + 'size_bytes': 242768940, + 'generation': 1773769782590875, 'condition': 'host_os == "mac" and host_cpu == "arm64"', }, { - 'object_name': 'Win/rust-toolchain-15283f6fe95e5b604273d13a428bab5fc0788f5a-1-llvmorg-22-init-8940-g4d4cb757.tar.xz', - 'sha256sum': '4f6dfa230e5d401bf9aadd804142b412467177b17d50a3f52a8c69c1957aa2db', - 'size_bytes': 199998880, - 'generation': 1758743121322555, + 'object_name': 'Win/rust-toolchain-6f54d591c3116ee7f8ce9321ddeca286810cc142-7-llvmorg-23-init-5669-g8a0be0bc.tar.xz', + 'sha256sum': '37dd250549fed5a9765c3a88e3487409189e0c9c63b691fc77daa0b5f214bced', + 'size_bytes': 409536908, + 'generation': 1773769784773096, 'condition': 'host_os == "win"', }, ], }, - 'third_party/siso': { + 'third_party/siso/cipd': { 'packages': [ { 'package': 'build/siso/${{platform}}', @@ -552,13 +546,13 @@ deps = { 'condition': 'not build_with_chromium and host_cpu != "s390x" and host_os != "zos" and host_cpu != "ppc64"', }, 'third_party/zlib': - Var('chromium_url') + '/chromium/src/third_party/zlib.git'+ '@' + '85f05b0835f934e52772efc308baa80cdd491838', + Var('chromium_url') + '/chromium/src/third_party/zlib.git'+ '@' + 'b80f1d1e5256ac25f6aea3f31f13d458981cb1f9', 'tools/clang': - Var('chromium_url') + '/chromium/src/tools/clang.git' + '@' + '97f0845783b3d8ebca7541afb46ec53c3f4bd3ac', + Var('chromium_url') + '/chromium/src/tools/clang.git' + '@' + 'a86a254083c08ce3daf80ae02e1b27ef9397befb', 'tools/protoc_wrapper': Var('chromium_url') + '/chromium/src/tools/protoc_wrapper.git' + '@' + '3438d4183bfc7c0d6850e8b970204cc8189f0323', 'third_party/abseil-cpp': { - 'url': Var('chromium_url') + '/chromium/src/third_party/abseil-cpp.git' + '@' + '3fb321d9764442ceaf2e17b6e68ab6b6836bc78a', + 'url': Var('chromium_url') + '/chromium/src/third_party/abseil-cpp.git' + '@' + '2a7d49fc392cad55159d68d98aa3648bc89795d3', 'condition': 'not build_with_chromium', }, 'third_party/zoslib': { @@ -590,6 +584,7 @@ include_rules = [ '+absl/container/flat_hash_set.h', '+absl/container/btree_map.h', '+absl/functional/overload.h', + '+absl/numeric/int128.h', '+absl/status', '+absl/strings/str_format.h', '+absl/synchronization/mutex.h', diff --git a/deps/v8/GEMINI.md b/deps/v8/GEMINI.md index a05de91ed9d0dc..a034ba6c68e62a 100644 --- a/deps/v8/GEMINI.md +++ b/deps/v8/GEMINI.md @@ -167,68 +167,6 @@ Bug: 123456 - The `component` is the area of the codebase (e.g., `compiler`, `runtime`, `api`). - The `Bug:` line is important for linking to issues in the tracker at https://crbug.com/ -## Working with Torque - -Torque is a V8-specific language used to write V8 builtins and some V8 object definitions. It provides a higher-level syntax that compiles down to CSA code. - -### Key Concepts - -- **Purpose:** Simplify the creation of V8 builtins and object definitions by providing a more abstract language than writing CodeStubAssembler code directly. -- **File Extension:** `.tq` -- **Location:** Torque files are primarily located in `src/builtins` and `src/objects`. -- **Compilation:** Torque files are compiled by the `torque` compiler, which generates C++ and Code Stub Assembler (CSA) files. These generated files are placed in the `out//gen/torque-generated/` directory and then compiled as part of the normal V8 build process. - - **C++ files** `*.tq` files will generate filenames like `*-tq.inc`, `*-tq.cc`, and `*-tq-inl.inc`. Additionally, there are top-level files: - - `class-forward-declarations.h`: Forward declarations for all Torque-defined classes. - - `builtin-definitions.h`: A list of all defined builtins. - - `csa-types.h`: Type definitions for the Code Stub Assembler. - - `factory.cc` and `factory.inc`: Factory functions for creating instances of Torque-defined classes. - - `class-verifiers.h` and `.cc`: Heap object verification functions (for debug builds). - - `exported-macros-assembler.h` and `.cc`: C++ declarations and definitions for exported Torque macros. - - `objects-body-descriptors-inl.inc`: Inline definitions for object body descriptors, which define the memory layout of objects. - - `objects-printer.cc`: Object printer functions for debugging. - - `instance-types.h`: The `InstanceType` enum, used to identify object types at runtime. - - `interface-descriptors.inc`: Definitions for call interface descriptors, which manage function call conventions. - - **CSA files** These have filenames like `*-csa.cc` and `*-csa.h`. They contain the C++ code that uses the `CodeStubAssembler` API to generate the low-level implementation of builtins. - -### Syntax and Features - -- **Typescript-like Syntax:** Torque's syntax is similar to Typescript with support for functions (macros and builtins), variables, types, and control flow. -- **Macros and Builtins:** - - `macro`: Inlined functions for reusable logic. - - `builtin`: Non-inlined functions, callable from other builtins or JavaScript. -- **`extern` Keyword:** Used to call C++ defined CSA functions from Torque. This is how Torque code interfaces with the rest of the V8 codebase. -- **`transitioning` and `javascript` Keywords:** - - `transitioning`: Indicates a function can cause an object's map to change (e.g., when a property is added to a JSObject). - - `javascript`: Marks a builtin as being directly callable from JavaScript, with Javascript linkage. -- **Type System:** Torque has a strong type system that mirrors the V8 object hierarchy. This allows for compile-time type checking and safer code. -- **Labels and `goto`:** Torque uses a `labels` and `goto` system for control flow, which is particularly useful for handling exceptional cases and optimizing performance. - -### Workflow for Modifying Torque Files - -1. **Identify the relevant `.tq` file:** Builtins are in `src/builtins`, and object definitions are in `src/objects`. -2. **Modify the Torque code:** Make the necessary changes to the `.tq` file, following the existing syntax and conventions. -3. **Rebuild V8:** Run the appropriate `gm.py` command (e.g., `tools/dev/gm.py x64.release`) to recompile V8. This will automatically run the Torque compiler and build the generated C++ files. -4. **Test your changes:** Run the relevant tests to ensure that your changes are correct and have not introduced any regressions. - -### Example - -A simple Torque macro to add two SMIs might look like this: - -```torque -macro AddTwoSmis(a: Smi, b: Smi): Smi { - return a + b; -} -``` - -A more complex example showing a JavaScript-callable builtin: - -```torque -transitioning javascript builtin MyAwesomeBuiltin( - js-implicit context: NativeContext)(x: JSAny): Number { - // ... implementation ... -} -``` - ## Common Pitfalls & Best Practices - **Always format before committing:** Run `git cl format` before creating a commit to ensure your code adheres to the style guide. diff --git a/deps/v8/MODULE.bazel b/deps/v8/MODULE.bazel index 3370e06bc077b9..7d7ba53b579605 100644 --- a/deps/v8/MODULE.bazel +++ b/deps/v8/MODULE.bazel @@ -3,10 +3,10 @@ module( version = "0.0.0", ) -bazel_dep(name = "bazel_skylib", version = "1.7.1") -bazel_dep(name = "rules_cc", version = "0.1.2") +bazel_dep(name = "bazel_skylib", version = "1.8.1") +bazel_dep(name = "rules_cc", version = "0.2.0") bazel_dep(name = "rules_python", version = "1.0.0") -bazel_dep(name = "platforms", version = "0.0.11") +bazel_dep(name = "platforms", version = "1.0.0") bazel_dep(name = "abseil-cpp", version = "20250814.0") bazel_dep(name = "highway", version = "1.2.0") @@ -15,6 +15,178 @@ pip.parse( hub_name = "v8_python_deps", python_version = "3.11", requirements_lock = "//:bazel/requirements.txt", - extra_pip_args = ["--require-hashes"], + extra_pip_args = [ + "--require-hashes", + "--index-url=https://pypi.org/simple", + ], ) use_repo(pip, "v8_python_deps") + +# Define the local LLVM toolchain repository +llvm_toolchain_repository = use_repo_rule("//bazel/toolchain:llvm_repository.bzl", "llvm_toolchain_repository") + +llvm_toolchain_repository( + name = "llvm_toolchain", + path = "third_party/llvm-build/Release+Asserts", + config_file_content = """ +load("@bazel_tools//tools/cpp:cc_toolchain_config_lib.bzl", "feature", "flag_group", "flag_set", "tool_path") + +def _impl(ctx): + tool_paths = [ + tool_path(name = "gcc", path = "bin/clang"), + tool_path(name = "ld", path = "bin/lld"), + tool_path(name = "ar", path = "bin/llvm-ar"), + tool_path(name = "cpp", path = "bin/clang++"), + tool_path(name = "gcov", path = "/bin/false"), + tool_path(name = "nm", path = "bin/llvm-nm"), + tool_path(name = "objdump", path = "bin/llvm-objdump"), + tool_path(name = "strip", path = "bin/llvm-strip"), + ] + + features = [ + feature( + name = "default_compile_flags", + enabled = True, + flag_sets = [ + flag_set( + actions = [ + "c-compile", + "c++-compile", + "c++-header-parsing", + "c++-module-compile", + "c++-module-codegen", + "linkstamp-compile", + "assemble", + "preprocess-assemble", + ], + flag_groups = [ + flag_group( + flags = [ + "--sysroot={WORKSPACE_ROOT}/build/linux/debian_bullseye_amd64-sysroot", + "-nostdinc++", + "-isystem", + "{WORKSPACE_ROOT}/buildtools/third_party/libc++", + "-isystem", + "{WORKSPACE_ROOT}/third_party/libc++/src/include", + "-isystem", + "{WORKSPACE_ROOT}/third_party/libc++abi/src/include", + "-isystem", + "{WORKSPACE_ROOT}/third_party/libc++/src/src", + "-isystem", + "{WORKSPACE_ROOT}/third_party/llvm-libc/src", + "-D_LIBCPP_HARDENING_MODE_DEFAULT=_LIBCPP_HARDENING_MODE_NONE", + "-DLIBC_NAMESPACE=__llvm_libc_cr", + ], + ), + ], + ), + ], + ), + feature( + name = "default_linker_flags", + enabled = True, + flag_sets = [ + flag_set( + actions = [ + "c++-link-executable", + "c++-link-dynamic-library", + "c++-link-nodeps-dynamic-library", + ], + flag_groups = [ + flag_group( + flags = [ + "--sysroot={WORKSPACE_ROOT}/build/linux/debian_bullseye_amd64-sysroot", + "-fuse-ld=lld", + "-lm", + "-lpthread", + ], + ), + ], + ), + ], + ), + ] + + return cc_common.create_cc_toolchain_config_info( + ctx = ctx, + features = features, + cxx_builtin_include_directories = [ + "{WORKSPACE_ROOT}/buildtools/third_party/libc++", + "{WORKSPACE_ROOT}/third_party/libc++/src/include", + "{WORKSPACE_ROOT}/third_party/libc++abi/src/include", + "{WORKSPACE_ROOT}/third_party/libc++/src/src", + "{WORKSPACE_ROOT}/third_party/llvm-libc/src", + "{WORKSPACE_ROOT}/third_party/llvm-build/Release+Asserts/lib/clang/22/include", + "{WORKSPACE_ROOT}/third_party/llvm-build/Release+Asserts/lib/clang/23/include", + "{WORKSPACE_ROOT}/build/linux/debian_bullseye_amd64-sysroot/usr/include", + "{WORKSPACE_ROOT}/build/linux/debian_bullseye_amd64-sysroot/usr/local/include", + ], + toolchain_identifier = "local_clang", + host_system_name = "local", + target_system_name = "local", + target_cpu = "k8", + target_libc = "unknown", + compiler = "clang", + abi_version = "unknown", + abi_libc_version = "unknown", + tool_paths = tool_paths, + ) + +cc_toolchain_config = rule( + implementation = _impl, + attrs = {}, + provides = [CcToolchainConfigInfo], +) +""", + build_file_content = """ +load(":cc_toolchain_config.bzl", "cc_toolchain_config") + +package(default_visibility = ["//visibility:public"]) + +filegroup( + name = "all_files", + srcs = glob(["**/*"]), +) + +filegroup(name = "empty") + +cc_toolchain_config(name = "k8_toolchain_config") + +cc_toolchain( + name = "k8_toolchain", + all_files = ":all_files", + ar_files = ":all_files", + compiler_files = ":all_files", + dwp_files = ":empty", + linker_files = ":all_files", + objcopy_files = ":all_files", + strip_files = ":all_files", + supports_param_files = 0, + toolchain_config = ":k8_toolchain_config", + toolchain_identifier = "local_clang", +) + +toolchain( + name = "cc_toolchain_k8", + exec_compatible_with = [ + "@platforms//cpu:x86_64", + "@platforms//os:linux", + ], + target_compatible_with = [ + "@platforms//cpu:x86_64", + "@platforms//os:linux", + ], + toolchain = ":k8_toolchain", + toolchain_type = "@bazel_tools//tools/cpp:toolchain_type", +) +""", +) + +register_toolchains("@llvm_toolchain//:cc_toolchain_k8") + +# Define local repository for libc++ from third_party sources +libcxx_repository = use_repo_rule("//bazel/toolchain:libcxx_repository.bzl", "libcxx_repository") + +libcxx_repository( + name = "libcxx", +) diff --git a/deps/v8/README.md b/deps/v8/README.md index 5c548542eeab8c..25f09faa218454 100644 --- a/deps/v8/README.md +++ b/deps/v8/README.md @@ -5,7 +5,7 @@ V8 is Google's open source JavaScript engine. V8 implements ECMAScript as specified in ECMA-262. -V8 is written in C++ and is used in Google Chrome, the open source +V8 is written in C++ and is used in Chromium, the open source browser from Google. V8 can run standalone, or can be embedded into any C++ application. diff --git a/deps/v8/RISCV_OWNERS b/deps/v8/RISCV_OWNERS index cf613e2627324f..a8e379d1dfa193 100644 --- a/deps/v8/RISCV_OWNERS +++ b/deps/v8/RISCV_OWNERS @@ -1,3 +1,3 @@ -kasperl@rivosinc.com +kasperl@meta.com qiuji@iscas.ac.cn yahan@iscas.ac.cn diff --git a/deps/v8/WATCHLISTS b/deps/v8/WATCHLISTS index 0e9e78b120c9eb..db847a31279e54 100644 --- a/deps/v8/WATCHLISTS +++ b/deps/v8/WATCHLISTS @@ -60,6 +60,9 @@ 'arm': { 'filepath': '/arm/', }, + 'riscv': { + 'filepath': '/riscv/', + }, 'merges': { 'filepath': '.', }, @@ -111,6 +114,7 @@ 'WATCHLISTS': { 'maglev': [ + 'dmercadier+watch@chromium.org', 'leszeks+watch@chromium.org', 'verwaest+watch@chromium.org', 'victorgomes+watch@chromium.org', @@ -140,6 +144,9 @@ 'v8-ppc-ports@googlegroups.com', 'v8-risc-v-ports@chromium.org', ], + 'riscv': [ + 'v8-risc-v-ports@chromium.org', + ], 'merges': [ # Only enabled on branches created with tools/release/create_release.py 'v8-merges@googlegroups.com', diff --git a/deps/v8/agents/OWNERS b/deps/v8/agents/OWNERS new file mode 100644 index 00000000000000..3c70cea2fd5e6a --- /dev/null +++ b/deps/v8/agents/OWNERS @@ -0,0 +1 @@ +file:../COMMON_OWNERS diff --git a/deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md b/deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md new file mode 100644 index 00000000000000..9634dc7ea9dab5 --- /dev/null +++ b/deps/v8/agents/skills/port-to-heapobjectlayout/SKILL.md @@ -0,0 +1,346 @@ +--- +name: port-to-heapobjectlayout +description: Guide for porting V8 classes from legacy Torque layout to the new C++ HeapObjectLayout. Use when asked to move objects, struct subclasses, or field definitions from Torque to C++ as real members. +--- + +# Porting V8 Classes to HeapObjectLayout + +This skill guides you through porting an arbitrary V8 class from a legacy Torque layout to the new C++ `HeapObjectLayout`. The core idea is to shift layout authority from Torque generation to explicit C++ definitions using specialized layout primitives (like `TaggedMember`), while keeping Torque informed so it can verify the layout and use it in CodeStubAssembler (CSA) and builtins. + +## Migration Scope: Inheritance Subtrees + +**Crucial Constraint:** A C++ layout object (`HeapObjectLayout` subclass) cannot inherit from a legacy Torque layout object, and vice versa. Because of this, migrations must be done for **entire object inheritance (sub)trees at a time**. + +If you are migrating a base class, you must generally migrate all of its subclasses in the same operation. To make large inheritance trees manageable, you can subdivide the tree into smaller subtrees by introducing intermediate C++ layout base classes (e.g., `StructLayout`, `PrimitiveHeapObject`). Once an intermediate base class is migrated (and subclasses updated to inherit from it or its Torque equivalent temporarily), its subclasses can be grouped and migrated in more manageable batches. + +## Phase 1: Torque Definition Update (`.tq`) + +Torque needs to know that the layout is now managed by C++, but it still needs the field definitions to generate CSA/Builtin offsets and verification assertions. + +1. **Locate the class definition** in the relevant `.tq` file. +2. **Add the Layout Annotation:** Above the `extern class` definition, add the `@cppObjectLayoutDefinition` annotation. +3. **Preserve the Fields:** Do **not** remove the field definitions; Torque uses them for verification and offset generation. +4. **Ensure `extern`:** Ensure the class is declared as `extern`. + +```torque +// Example: src/objects/my-object.tq +@cppObjectLayoutDefinition +extern class MyObject extends Struct { + // KEEP these fields here! Torque needs them for layout verification. + flags: SmiTagged; + value: JSAny|TheHole; + weak_ref: Weak|Undefined; +} +``` + +## Phase 2: C++ Header Changes (`.h`) + +Define the explicit memory layout in the C++ header. + +1. **Include Object Macros:** The file must end with `#include "src/objects/object-macros.h"`. +2. **Class Definition & Macros:** Wrap the class in `V8_OBJECT` and `V8_OBJECT_END`. +3. **Inheritance:** Change the base class to a Layout class (e.g., `StructLayout`, `HeapObjectLayout`, `TrustedObjectLayout`). +4. **Declare Fields (Publicly):** Define the fields matching the Torque definition, appending `_` to their names. Use `TaggedMember` combined with `UnionOf` or `Weak` where appropriate: + * **Unions:** `TaggedMember> value_;` (Maps to `JSAny|TheHole`) + * **Weak Unions:** `TaggedMember, Undefined>> weak_ref_;` + * **Smis:** `TaggedMember flags_;` + * **Doubles:** `UnalignedDoubleMember float_field_;` + * **External Pointers:** `ExternalPointerMember ptr_;` + * **High-Level Types:** For non-tagged fields, prefer storing them as high-level types (e.g., `JSDispatchHandle`, strongly-typed `enum`s) rather than raw low-level types (like `int32_t` or `uint32_t`) whenever conceptually appropriate. +5. **Declare Accessors:** Add inline getters and setters in the `public` section. Return types should match the `UnionOf` types exactly. + * *Tip:* For complex `UnionOf` types, use a `public` typedef (e.g., `using Value = UnionOf<...>;`) within the class to improve readability of accessors and field declarations. + * *Note:* You can omit `PtrComprCageBase` getter overloads (e.g. `value(cage_base)`) as `TaggedMember` handles decompression natively. +6. **Diagnostic Declarations:** Add `DECL_PRINTER(MyObject)` and `DECL_VERIFIER(MyObject)`. +7. **Size Constants:** If you need size constants (like `kAlignedSize`), define them as `inline constexpr int` in the header, outside the `V8_OBJECT` block to avoid duplicate symbol errors during linking. + +```cpp +// Example: src/objects/my-object.h +#include "src/objects/struct.h" +#include "src/objects/object-macros.h" // Must be the last include + +namespace v8::internal { + +#include "torque-generated/src/objects/my-object-tq.inc" + +V8_OBJECT class MyObject : public StructLayout { + public: + // Accessors + inline int flags() const; + inline void set_flags(int value); + + inline Tagged> value() const; + inline void set_value(Tagged> value, WriteBarrierMode mode = UPDATE_WRITE_BARRIER); + + inline Tagged, Undefined>> weak_ref() const; + inline void set_weak_ref(Tagged, Undefined>> value, WriteBarrierMode mode = UPDATE_WRITE_BARRIER); + + // GC Body Descriptor + using BodyDescriptor = StructBodyDescriptor; + + // Diagnostics + DECL_PRINTER(MyObject) + DECL_VERIFIER(MyObject) + + // Fields (Public for simplified access and Torque asserts) + TaggedMember flags_; + TaggedMember> value_; + TaggedMember, Undefined>> weak_ref_; +} V8_OBJECT_END; + +} // namespace v8::internal +#include "src/objects/object-macros-undef.h" +``` + +## Phase 3: C++ Inline Header Changes (`-inl.h`) + +Implement the accessors using the `TaggedMember` APIs. + +```cpp +// Example: src/objects/my-object-inl.h +#include "src/objects/my-object.h" +#include "src/objects/objects-inl.h" +#include "src/objects/object-macros.h" + +namespace v8::internal { +#include "torque-generated/src/objects/my-object-tq-inl.inc" + +int MyObject::flags() const { + return flags_.load().value(); +} +void MyObject::set_flags(int value) { + flags_.store(this, Smi::FromInt(value)); +} + +Tagged> MyObject::value() const { + return value_.load(); +} +void MyObject::set_value(Tagged> value, WriteBarrierMode mode) { + value_.store(this, value, mode); +} + +Tagged, Undefined>> MyObject::weak_ref() const { + return weak_ref_.load(); +} +void MyObject::set_weak_ref(Tagged, Undefined>> value, WriteBarrierMode mode) { + weak_ref_.store(this, value, mode); +} + +} // namespace v8::internal +#include "src/objects/object-macros-undef.h" +``` + +### Passing `this` to Write Barriers + +If you need to pass the current object to a write barrier macro or function (like `CONDITIONAL_WRITE_BARRIER` or `JS_DISPATCH_HANDLE_WRITE_BARRIER`), it might currently expect a `Tagged`. + +**Do not** cast `this` to a `Tagged` pointer (e.g., `Tagged(this)`). Instead, follow the same overloading advice as with internal APIs: **add an overload** to the underlying write barrier function (e.g., `WriteBarrier::ForJSDispatchHandle`) so that it natively accepts your layout object pointer. + +```cpp +// Incorrect (Casting `this`): +JS_DISPATCH_HANDLE_WRITE_BARRIER(Tagged(this), new_handle); +JS_DISPATCH_HANDLE_WRITE_BARRIER(Tagged(ptr()), new_handle); + +// Correct (Add an overload if necessary, then pass `this` directly): +JS_DISPATCH_HANDLE_WRITE_BARRIER(this, new_handle); +``` + +### Handling Atomic Fields (Acquire/Release) + +If your class previously used atomic macros like `DECL_RELAXED_ACCESSORS` or `DECL_ACQUIRE_GETTER`, you can port these directly to `TaggedMember` which provides built-in support for atomic memory orderings: + +* **Acquire Load:** Use `field_.Acquire_Load()` +* **Release Store:** Use `field_.Release_Store(this, value, mode)` +* **Relaxed Load:** Use `field_.Relaxed_Load()` +* **Relaxed Store:** Use `field_.Relaxed_Store(this, value, mode)` + +```cpp +// In the .h file +inline Tagged my_atomic_field(AcquireLoadTag) const; +inline void set_my_atomic_field(Tagged value, ReleaseStoreTag, + WriteBarrierMode mode = UPDATE_WRITE_BARRIER); + +// In the -inl.h file +Tagged MyObject::my_atomic_field(AcquireLoadTag) const { + return my_atomic_field_.Acquire_Load(); +} +void MyObject::set_my_atomic_field(Tagged value, ReleaseStoreTag, + WriteBarrierMode mode) { + my_atomic_field_.Release_Store(this, value, mode); +} +``` + +### Missing Functionality in `FooMember` Types + +As you migrate classes, you will replace static `FooField` operations (e.g., `TaggedField`, `TrustedPointerField`) with instance-based `FooMember` wrappers (e.g., `TaggedMember`, `TrustedPointerMember`). + +If you find that some functionality is missing on a `FooMember` type where it is available on the corresponding `FooField` type, **you should add the missing functionality directly to the `FooMember` class** instead of working around it in your ported class. The implementation of the new `FooMember` method will typically just call into the underlying `FooField` static method. + +## Phase 4: Padding and Alignment + +V8 object sizes must always be aligned to `kTaggedSize`. When converting from Torque to C++, Torque used to automatically compute and insert padding fields if the object size was uneven (e.g., due to an odd number of 32-bit fields on a 64-bit platform). Now that the layout is explicitly in C++, you must handle this padding manually. + +If your fields result in an object size that isn't cleanly divisible by `kTaggedSize` (which is 8 bytes in 64-bit uncompressed builds and 4 bytes otherwise), you must explicitly add an `optional_padding_` field. The `V8_OBJECT` macro automatically applies compiler pragmas (like `-Wpadded`) that will cause a build failure if you miss this, ensuring there are no unintended gaps. + +1. **Add Padding Field:** In your class definition in `.h`, use the `TAGGED_SIZE_8_BYTES` macro to add an explicit `uint32_t` padding field if necessary. + +```cpp +// Example: src/objects/my-object.h +V8_OBJECT class MyObject : public StructLayout { + public: + // ... fields ... + TaggedMember value_; + int32_t some_32_bit_integer_; + +#if TAGGED_SIZE_8_BYTES + // Required because we have a single 32-bit field, making the size + // end in 4 bytes instead of 8. + uint32_t optional_padding_; +#endif +} V8_OBJECT_END; +``` + +*Note: In Torque, this was often written as `@if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;`. You should mirror this in the `.tq` file if you add it to the `.h` file.* + +## Phase 5: Diagnostic Implementation (`.cc`) + +Manually implement the printer and verifier since Torque no longer generates them. + +💡 **Pro-Tip: Steal from Torque!** +Before building with `@cppObjectLayoutDefinition`, look in your build output directory (e.g., `out/x64.debug/gen/torque-generated/src/objects/my-object-tq.cc`). Torque has already written the `MyObjectPrint` and `MyObjectVerify` functions for you. You can simply copy these generated functions and paste them into your manual `.cc` files. + +1. **Printer (`src/diagnostics/objects-printer.cc`):** + *(Copied from generated output and adapted if necessary)* + ```cpp + void MyObject::MyObjectPrint(std::ostream& os) { + PrintHeader(os, "MyObject"); + os << "\n - flags: " << flags(); + os << "\n - value: " << Brief(value()); + os << "\n - weak_ref: " << Brief(weak_ref()); + os << "\n"; + } + ``` +2. **Verifier (`src/diagnostics/objects-debug.cc`):** + *(Copied from generated output and adapted if necessary)* + ```cpp + void MyObject::MyObjectVerify(Isolate* isolate) { + CHECK(IsMyObject(*this)); + VerifyPointer(isolate, value()); + VerifyMaybeObjectPointer(isolate, weak_ref()); + } + ``` + +*Note: Casting is handled by the `Cast` free function in V8's modern object system, so you do not need to manually write `MyObject::Cast(Tagged object)` methods.* + +## Phase 6: Fixing Call Sites and Offsets + +Update references to sizes and offsets throughout the codebase (e.g., in `code-stub-assembler.cc` or builtins). + +* **Size:** Use `sizeof(MyObject)` instead of `MyObject::kSize`. +* **Offsets:** Use `offsetof(MyObject, field_name_)` instead of `MyObject::kFieldNameOffset`. Because the fields are public, `offsetof` will work seamlessly anywhere. + +### Handling Field Addresses in Internal APIs +Legacy code often calculated field addresses using `host->field_address(kMyFieldOffset)`. When migrating to `HeapObjectLayout`, **do not** add a generic `field_address(size_t offset)` method to your base layout class. + +Instead, prefer passing the field by its actual C++ memory address (e.g., `&host->my_field_`). If an internal API (like `AllocateAndInstallJSDispatchHandle` or `GetJSDispatchTableSpaceFor`) only accepts an `Address` or an `offset`, you should **add a new overload** to that API that accepts a strongly-typed pointer (or `void*`). + +```cpp +// Old Approach (Offset-based): +HeapObject::Allocate(host, offsetof(MyObject, field_), isolate, ...); + +// New Approach (Pointer-based): +HeapObject::Allocate(host, &host->field_, isolate, ...); // Add an overload for this! +``` + +```cpp +// Example CodeStubAssembler change: +- TNode result = Allocate(MyObject::kSize); +- StoreObjectFieldNoWriteBarrier(result, MyObject::kFlagsOffset, zero); ++ TNode result = Allocate(sizeof(MyObject)); ++ StoreObjectFieldNoWriteBarrier(result, offsetof(MyObject, flags_), zero); +``` + +## Phase 7: BodyDescriptors and `offsetof` + +When defining a `BodyDescriptor` for a `HeapObjectLayout` subclass, you often need to use `offsetof` to specify the layout of the newly defined C++ fields. However, using `offsetof` on a class *inside* its own definition results in an "incomplete type" compilation error. + +To solve this, V8 offers the `ObjectTraits` pattern. The rule is as follows: + +* **If the `BodyDescriptor` is a legitimate class** (e.g., manually declared with `class BodyDescriptor;` and defined in `objects-body-descriptors-inl.h` because it needs custom iteration logic like `VisitIndirectPointer`): + You do NOT need `ObjectTraits`. Declare it as a forward declaration inside the class as usual: + ```cpp + V8_OBJECT class MyObject : public HeapObjectLayout { + public: + // ... + class BodyDescriptor; // Just a declaration, it's fine! + } V8_OBJECT_END; + ``` + *Important note for custom BodyDescriptors:* Do NOT use methods like `RawExternalPointerField(offsetof(Foo, field_))` or offset-based `IterateTrustedPointer` inside `IterateBody`. Instead, use `Slot` constructors that take the address of the member directly, or member-based `Iterate` overloads: + ```cpp + // BAD + IterateTrustedPointer(obj, offsetof(MyObject, pointer_), v, IndirectPointerMode::kStrong, kTag); + v->VisitExternalPointer(obj, obj->RawExternalPointerField(offsetof(MyObject, ext_), kTag)); + + // GOOD + Tagged my_obj = UncheckedCast(obj); + IterateTrustedPointer(obj, &my_obj->pointer_, v, IndirectPointerMode::kStrong); + v->VisitExternalPointer(my_obj, ExternalPointerSlot(&my_obj->ext_, kTag)); + ``` + If the required slot constructor does not exist (e.g. `IndirectPointerSlot` taking a `TrustedPointerMember*`), add it to `slots.h`. + +* **If the `BodyDescriptor` is a typedef** (e.g., aliased using `using BodyDescriptor = FixedBodyDescriptor<...>;` or `SubclassBodyDescriptor<...>;`): + Do not alias it inside the class body. Instead, define it using the `ObjectTraits` pattern *after* the `V8_OBJECT_END` macro, where the class type is fully complete: + ```cpp + V8_OBJECT class MyObject : public HeapObjectLayout { + public: + // ... fields ... + } V8_OBJECT_END; + + template <> + struct ObjectTraits { + using BodyDescriptor = FixedBodyDescriptor; + }; + ``` + +## Phase 8: Verification + +1. **Build:** Run `tools/dev/gm.py`. +2. **Torque Asserts:** If compilation fails in `TorqueGeneratedMyObjectAsserts`, your C++ layout does not match the Torque definition. Fix the ordering or types in your C++ `V8_OBJECT`. +3. **Tests:** Run all test suites (`tools/run-tests.py ... cctest unittests mjsunit`) to confirm the write barriers and offset calculations are functioning perfectly at runtime. + +### Trusted Pointer and Code Pointer Accessors + +When a class contains `DECL_TRUSTED_POINTER_ACCESSORS(name, Type)` or `DECL_CODE_POINTER_ACCESSORS(name)`, the corresponding C++ macro implementations (`TRUSTED_POINTER_ACCESSORS` and `CODE_POINTER_ACCESSORS`) currently expect `Tagged` and will fail to compile if used directly on a `HeapObjectLayout` subclass. +To fix this, you must manually implement the accessors using `TrustedCast` and `TrustedPointerMember`: + +```cpp +// In the .h file +V8_OBJECT class CodeWrapper : public StructLayout { + public: + DECL_CODE_POINTER_ACCESSORS(code) + // ... + TrustedPointerMember code_; +} V8_OBJECT_END; + +// In the -inl.h file +Tagged CodeWrapper::code(IsolateForSandbox isolate) const { + return code_.load(isolate); +} +Tagged CodeWrapper::code(IsolateForSandbox isolate, AcquireLoadTag tag) const { + return code_.Acquire_Load(isolate); +} +void CodeWrapper::set_code(Tagged value, WriteBarrierMode mode) { + code_.store(this, value, mode); +} +void CodeWrapper::set_code(Tagged value, ReleaseStoreTag, WriteBarrierMode mode) { + code_.Release_Store(this, value, mode); +} +bool CodeWrapper::has_code() const { + return !code_.is_empty(); +} +void CodeWrapper::clear_code() { + code_.clear(this); +} +``` + +If the object uses a `SubclassBodyDescriptor`, it will NOT automatically visit `TrustedPointerMember`s. You must define a manual `class BodyDescriptor;` and use `IterateTrustedPointer` or `IterateCodePointer` taking the pointer to the member (i.e. `&my_obj->member_`) instead of `StructBodyDescriptor` or `SubclassBodyDescriptor`. diff --git a/deps/v8/agents/skills/torque/SKILL.md b/deps/v8/agents/skills/torque/SKILL.md new file mode 100644 index 00000000000000..f28db41e97183b --- /dev/null +++ b/deps/v8/agents/skills/torque/SKILL.md @@ -0,0 +1,87 @@ +--- +name: torque +description: Expert guidance for navigating, implementing, and verifying V8 Torque (.tq) builtins and object layouts. +--- + +# V8 Torque + +Torque is an Ahead-of-Time (AOT) generator that transforms `.tq` DSL into highly-optimized C++ CodeStubAssembler (CSA) code, which is then compiled into the `mksnapshot` binary. + +## Execution Pipeline + +To debug failures, you must understand its multi-stage build: + +1. **Generation**: The Torque compiler reads `.tq` files and generates C++ CodeStubAssembler files (`.cc`, `.h`, `.inc`) in `out//gen/torque-generated/`. +2. **Compilation**: `mksnapshot` (or the `d8` build) compiles the generated C++ files. +3. **Snapshotting**: `mksnapshot` executes the generated C++ code (via TurboFan or Maglev) to emit highly-optimized raw machine code. +4. **Linking**: The machine code is serialized into a snapshot and linked into V8, meaning Torque builtins run with zero translation overhead at runtime. + +## Implementation Patterns +Common Torque syntax, keywords, and linkage definitions: + +```cpp +// 1. Type Casting & Checks +const array = Cast(object) otherwise GotoLabel; +if (Is(object)) { ... } + +// 2. Control Flow +try { + const smi = Cast(input) otherwise IsNotSmi; +} label IsNotSmi deferred { + return runtime::DoSomething(context, input); +} + +// 3. Signatures & Keywords +// 'macro': Inlined functions for reusable logic. +transitioning macro Name(implicit context: Context)(arg: JSAny): JSAny + +// 'builtin': Non-inlined functions, callable from other builtins or JavaScript. +transitioning builtin Name(implicit context: Context)(arg: JSAny): JSAny + +// 'javascript': Marks a builtin as directly callable from JavaScript, with JS linkage. +transitioning javascript builtin Name(js-implicit context: NativeContext, receiver: JSAny)(arg: JSAny): JSAny + +// 'transitioning': Indicates a function can cause an object's map to change (e.g. adding properties). +// 'extern': Used to call C++ defined CSA functions from Torque. +extern transitioning macro NameInCpp(Context, JSAny): JSAny; +``` + +## Register in BUILD.gn + +If you create a **new** `.tq` file, you **MUST** register it in the root `BUILD.gn`. + +1. Locate the `v8_torque_files` list in `BUILD.gn`. +2. Add your new file path in alphabetical order. + +```gn +v8_torque_files = [ + "src/builtins/array-join.tq", + "src/builtins/my-new-builtin.tq", # Your addition + ... +] +``` + +*Note: Modifications to existing files do not require registration changes.* + +## Mandatory verification workflow + +The task is **incomplete** until you successfully execute this sequence: + +### 1. Build +Run the `gm.py` wrapper to trigger the Torque generator and C++ compilation. + +```bash +tools/dev/gm.py quiet {arch}.{type} +``` + +(e.g., `x64.optdebug` or `arm64.release`). Use `optdebug` for logic/debugging, `release` for performance/benchmarking. + +### 2. Verify with Tests +Run the relevant test suite (usually `mjsunit` for JavaScript-exposed builtins) to ensure correctness. Match the `{arch}.{type}` to your build. + +```bash +tools/run-tests.py --progress dots --outdir=out/{arch}.{type} mjsunit/ +``` + +### 3. Debug (If Necessary) +If the build fails during "Generation", inspect the `.tq` syntax. If it fails during "Compilation", check the generated C++ in `out//gen/torque-generated/`. diff --git a/deps/v8/bazel/config/BUILD.bazel b/deps/v8/bazel/config/BUILD.bazel index c81f2782031269..17e379b8e27baa 100644 --- a/deps/v8/bazel/config/BUILD.bazel +++ b/deps/v8/bazel/config/BUILD.bazel @@ -357,3 +357,28 @@ selects.config_setting_group( ":is_fastbuild", ], ) + +# To build with sanitizers in the command line, define the local +# variable SANITIZER. +# Eg: bazel build --copt=-fsanitize=address --linkopt=-fsanitize=address \ +# --define=SANITIZER=asan ... + +config_setting( + name = "asan_enabled", + values = {"define": "SANITIZER=asan"}, +) + +config_setting( + name = "hwasan_enabled", + values = {"define": "SANITIZER=hwasan"}, +) + +config_setting( + name = "msan_enabled", + values = {"define": "SANITIZER=msan"}, +) + +config_setting( + name = "ubsan_enabled", + values = {"define": "SANITIZER=ubsan"}, +) diff --git a/deps/v8/bazel/defs.bzl b/deps/v8/bazel/defs.bzl index a7e1e2af786ce4..bbe1495f0b3044 100644 --- a/deps/v8/bazel/defs.bzl +++ b/deps/v8/bazel/defs.bzl @@ -97,7 +97,7 @@ v8_config = rule( def _default_args(): return struct( - deps = [":define_flags"], + deps = [":define_flags", "@libcxx//:libc++"], defines = select({ "@v8//bazel/config:is_windows": [ "UNICODE", @@ -111,6 +111,7 @@ def _default_args(): "@v8//bazel/config:is_posix": [ "-fPIC", "-fno-strict-aliasing", + "-fconstexpr-steps=2000000", "-Werror", "-Wextra", "-Wno-unneeded-internal-declaration", @@ -122,7 +123,6 @@ def _default_args(): "-Wno-implicit-int-float-conversion", "-Wno-deprecated-copy", "-Wno-non-virtual-dtor", - "-Wno-unnecessary-virtual-specifier", "-isystem .", ], "//conditions:default": [], @@ -466,6 +466,7 @@ def _mksnapshot(ctx): ctx.actions.run( outputs = outs, inputs = [], + mnemonic = "V8Mksnapshot", arguments = [ "--embedded_variant=Default", "--target_os", @@ -563,6 +564,7 @@ def build_config_content(cpu, icu): ("dict_property_const_tracking", "false"), ("direct_handle", "false"), ("disassembler", "false"), + ("dumpling", "false"), ("full_debug", "false"), ("gdbjit", "false"), ("has_jitless", "false"), diff --git a/deps/v8/bazel/toolchain/BUILD.bazel b/deps/v8/bazel/toolchain/BUILD.bazel new file mode 100644 index 00000000000000..497f126c4c3af3 --- /dev/null +++ b/deps/v8/bazel/toolchain/BUILD.bazel @@ -0,0 +1,2 @@ +package(default_visibility = ["//visibility:public"]) +exports_files(["llvm_repository.bzl"]) diff --git a/deps/v8/bazel/toolchain/libcxx_repository.bzl b/deps/v8/bazel/toolchain/libcxx_repository.bzl new file mode 100644 index 00000000000000..a7d5f11053dd33 --- /dev/null +++ b/deps/v8/bazel/toolchain/libcxx_repository.bzl @@ -0,0 +1,99 @@ +"""Repository rule for building libc++ from third_party sources.""" + +def _libcxx_repository_impl(ctx): + # Find the workspace root + workspace_root = ctx.path(Label("@//:BUILD.bazel")).dirname + + # Symlink the source directories + ctx.symlink(workspace_root.get_child("third_party").get_child("libc++"), "libc++") + ctx.symlink(workspace_root.get_child("third_party").get_child("libc++abi"), "libc++abi") + ctx.symlink(workspace_root.get_child("third_party").get_child("llvm-libc"), "llvm-libc") + ctx.symlink(workspace_root.get_child("buildtools").get_child("third_party").get_child("libc++"), "buildtools_libc++") + + # Get the external repository path for include flags + # In bzlmod, repo names may have prefixes, so we need to determine the actual path + repo_path = "external/" + ctx.name + + # Create the BUILD file + # NOTE: We don't use 'includes' attribute here because it creates relative paths + # that conflict with the toolchain's absolute paths, breaking #include_next. + # The toolchain provides the libc++ include paths via -isystem flags. + build_content = ''' +package(default_visibility = ["//visibility:public"]) + +LIBCXX_COPTS = [ + "-std=c++23", + "-fPIC", + "-fstrict-aliasing", + "-fexceptions", + "-frtti", + "-D_LIBCPP_BUILDING_LIBRARY", + "-D_LIBCPP_HARDENING_MODE_DEFAULT=_LIBCPP_HARDENING_MODE_NONE", + "-DLIBC_NAMESPACE=__llvm_libc_cr", +] + +cc_library( + name = "libc++abi", + srcs = glob([ + "libc++abi/src/src/*.cpp", + "libc++abi/src/src/*.h", + "libc++abi/src/src/demangle/*.h", + ], exclude = [ + # Exclude files not needed for Linux build + "libc++abi/src/src/cxa_noexception.cpp", + "libc++abi/src/src/stdlib_new_delete.cpp", + ]), + hdrs = glob([ + "libc++abi/src/include/**/*.h", + "libc++/src/include/**/*", + "libc++/src/src/include/*.h", + "libc++abi/src/src/demangle/*.def", + "buildtools_libc++/__config_site", + "buildtools_libc++/__assertion_handler", + "llvm-libc/src/**/*.h", + ]), + copts = LIBCXX_COPTS + [ + "-DLIBCXXABI_SILENT_TERMINATE", + "-iquote", "{REPO_PATH}/libc++abi/src/src", + "-iquote", "{REPO_PATH}/libc++abi/src/src/demangle", + ], + linkstatic = True, +) + +cc_library( + name = "libc++", + srcs = glob([ + "libc++/src/src/*.cpp", + "libc++/src/src/*.h", + "libc++/src/src/filesystem/*.cpp", + "libc++/src/src/filesystem/*.h", + "libc++/src/src/ryu/*.cpp", + "libc++/src/src/include/*.h", + "libc++/src/src/include/ryu/*.h", + ]) + glob(["libc++/src/src/support/**/*.ipp"], allow_empty = True), + hdrs = glob([ + "libc++/src/include/**/*", + "buildtools_libc++/__config_site", + "buildtools_libc++/__assertion_handler", + "llvm-libc/src/**/*.h", + ]), + copts = LIBCXX_COPTS + [ + "-DLIBCXX_BUILDING_LIBCXXABI", + "-iquote", "{REPO_PATH}/libc++/src/src", + "-iquote", "{REPO_PATH}/libc++/src/src/filesystem", + ], + linkopts = [ + "-lpthread", + "-lm", + ], + deps = [":libc++abi"], + linkstatic = True, +) +'''.format(REPO_PATH=repo_path) + ctx.file("BUILD.bazel", build_content) + +libcxx_repository = repository_rule( + implementation = _libcxx_repository_impl, + local = True, + configure = True, +) diff --git a/deps/v8/bazel/toolchain/llvm_repository.bzl b/deps/v8/bazel/toolchain/llvm_repository.bzl new file mode 100644 index 00000000000000..76670a5e69b657 --- /dev/null +++ b/deps/v8/bazel/toolchain/llvm_repository.bzl @@ -0,0 +1,40 @@ +def _llvm_toolchain_impl(ctx): + # Find the workspace root by resolving a label in the main repository + # This assumes the main repo is "@" or the default. + workspace_root = ctx.path(Label("@//:BUILD.bazel")).dirname + + # Construct the path to the LLVM build directory within the workspace + # ctx.attr.path should be relative to the workspace root, + # e.g. "third_party/llvm-build/Release+Asserts" + # We manually split and traverse because get_child handles one component. + llvm_path = workspace_root + for component in ctx.attr.path.split("/"): + llvm_path = llvm_path.get_child(component) + + # Symlink top-level directories and files + items = ["bin", "lib", "include", "share"] + for item in items: + # Check if the item exists before symlinking to avoid errors + src_path = llvm_path.get_child(item) + if src_path.exists: + ctx.symlink(src_path, item) + + # Create the config file + config_content = ctx.attr.config_file_content.replace("{WORKSPACE_ROOT}", str(workspace_root)) + ctx.file("cc_toolchain_config.bzl", config_content) + + # Create the BUILD file + ctx.file("BUILD.bazel", ctx.attr.build_file_content) + +llvm_toolchain_repository = repository_rule( + implementation = _llvm_toolchain_impl, + attrs = { + "path": attr.string(mandatory = True, + doc = "Path to the LLVM install directory relative to workspace root"), + "build_file_content": attr.string(mandatory = True, doc = "Content of the BUILD file"), + "config_file_content": attr.string(mandatory = True, + doc = "Content of the cc_toolchain_config.bzl file"), + }, + local = True, + configure = True, # Indicates this rule depends on system configuration/files +) diff --git a/deps/v8/docs/OWNERS b/deps/v8/docs/OWNERS index 07428b275bbbc4..3c70cea2fd5e6a 100644 --- a/deps/v8/docs/OWNERS +++ b/deps/v8/docs/OWNERS @@ -1 +1 @@ -hpayer@chromium.org +file:../COMMON_OWNERS diff --git a/deps/v8/docs/README.md b/deps/v8/docs/README.md index e84a81dfdc16a6..713c809c266e69 100644 --- a/deps/v8/docs/README.md +++ b/deps/v8/docs/README.md @@ -1 +1 @@ -The documentation for V8 can be found at [v8.dev/docs](https://v8.dev/docs). +Most documentation for V8 can be found at [v8.dev/docs](https://v8.dev/docs). diff --git a/deps/v8/docs/security/triaging.md b/deps/v8/docs/security/triaging.md new file mode 100644 index 00000000000000..95143c95a5f792 --- /dev/null +++ b/deps/v8/docs/security/triaging.md @@ -0,0 +1,111 @@ +# Security Bug Triaging + +V8 generally triages security bugs based on [Chromium's guidelines](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/security/security-labels.md). + +Google-only: The internal version of this document is available at [go/v8-security-gardening](http://goto.google.com/v8-security-gardening). + +## Labels and classifications + +- **Type=Vulnerability**: Designates a security vulnerability that impacts users. +- **Severity**: Same as [Chromium's severities](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/security/severity-guidelines.md). +- **Priority**: A priority that in general is at least the severity. +In certain circumstances, e.g. in-the-wild exploitation, we may raise the priority further. +- **Security_Impact-{Head, Beta, Stable, Extended, None}** hotlists: Derived from milestones set in the **Found In** field, this hotlist specifies the earliest affected release channel. +Should not normally be set by humans, except in the case of **Security_Impact-None** (hotlistid: 5433277) which means that the bug is in a disabled feature, or otherwise doesn't impact Chrome: see the section below for more details. + +In addition, the following fields are set as part of triaging +- **Found In**: Should point to the milestone this was discovered to be broken. +It is okay to just set to the current stable or extended stable milestone if unknown. +- **Introduced In**: Should point to the milestone this was introduced. +It is okay to be conservative if unknown, e.g., to assume that the bug was present when a feature was launched. + +### Sandbox bypasses + +V8 Sandbox bypasses are included in Chrome’s VRP. +A successful bypass must show write access outside of the sandbox. +Read access is not considered part of the attack model. + +These bugs are currently treated differently from regular security bugs. +Specifically, the following properties are different from regular security bugs: + +- **Severity**: S2 +- **Security_Impact-None** (hotlistid: 5433277) +- **v8-sandbox** (hotlistid: 4802478) + +## Reproducing security bugs + +Security bugs should have proof-of-concept reproductions (POCs) attached to them. +V8 currently still accepts bugs without a POC with the caveat that such bugs have a much higher chance of being dismissed quickly. + +### Regular security bugs + +Bugs should reproduce on `d8` with `--fuzzing` and `--disallow-unsafe-flags`. +Bugs that only reproduce with other flag combinations have a much higher chance of not being considered security bugs in first place. +See the section below for common scenarios that lead to reclassifications. + +### Sandbox security bugs + +Bugs should reproduce in the [sandbox testing environment](../src/sandbox/README.md#testing). + +## Common cases for conditional features and code + +This section lists common triaging scenarios. + +### Bugs in code that is not experimental and is enabled by default + +Fields: **Type=Vulnerability**, **Security_Impact-{Head,Beta,Stable,Extended}** + +Rationale: Security bugs reachable through production code for regular users. + +### Bugs in code that is not experimental but not enabled by default + +Fields: **Type=Vulnerability**, **Security_Impact-None** + +Rationale: These bugs are in features that are generally complete and on the track of shipping at some point. +We encourage experimenting and finding bugs in those features. + +Note that **Severity** should still be set to the appropriate Severity (S0-S3) for **Security_Impact-None** issues, as if the feature were enabled or the code reachable. + +### Bugs in code guarded by experimental flags + +Fields: **Type=Bug**, **Security_Impact-None** + +Rationale: The flags and setups guard unfinished features that are explicitly not considered ready for fuzzing yet. +Flags are often following the naming of `--experimental-*` and imply the `--experimental` flag. +Sometimes these flags also have some experimental annotation on the flag descriptions. + +Note: If the flag is part of e.g. `--future` or `--wasm-staging` then this signals that the flags are ready for fuzzing. +We don’t change the flag names in this case to avoid further churn on the code base. + +### Bugs in developer flags such as `--trace-*` or flags that are clearly marked as unsafe + +Fields: **Type=Bug**, **Security_Impact-None** + +Rationale: Not reachable in production as these flags are only used by developers. + +## Other common cases + +### `nullptr` (or close to `0`) deref + +Fields: **Type=Bug**, **Security_Impact-None** + +V8 relies on `nullptr` dereferences to deterministically crash. + +### Broken `DCHECK`s or reliable `CHECK` crashers + +Fields: **Type=Bug**, **Security_Impact-None** + +Rationale: Crashes are either bogus and do not happen in production builds or are deterministically crashing the process. + +Note: `CHECK`s must not be behind special builds or phases, such as `--verify-*`. + +### Breakage through directly invoking internal runtime functions with `%`-syntax + +Runtime functions like `%IterableForEach()` are directly visible to JavaScript programs via `--allow-natives-syntax`. +The functions are not supposed to be tested this way, as they generally have pre- and post-conditions. +This can lead to crashes (e.g. [484110302](crbug.com/484110302)) when they are incorrectly used. +Such crashes are working as intended. + +Functions that are exposed under fuzzing are specified in [`Runtime::IsEnabledForFuzzing()`](https://source.chromium.org/search?q=Runtime::IsEnabledForFuzzing()&ss=chromium). +The bottleneck also mentions potential caveats that could still lead to crashes. +To make this clear V8 will automatically remove any calls to unsupported functions when being invoked with `--fuzzing`. diff --git a/deps/v8/gni/cluster_build.gni b/deps/v8/gni/cluster_build.gni new file mode 100644 index 00000000000000..a8493964c6e0fc --- /dev/null +++ b/deps/v8/gni/cluster_build.gni @@ -0,0 +1,221 @@ +# Copyright 2026 the V8 project authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("v8.gni") + +declare_args() { + # Number of source files per cluster. + # Increasing this to 50 can improve build speed by 3-5%, but + # increases the minimum build time for a single .cc change + # by about 10%. + # On a machine with very few cores, eg. 8, it might even be + # worth setting to 100. + # You can override this in a args.gn file. + cluster_size = 25 +} + +# Smaller cluster size for heavy directories (turboshaft, maglev). +small_cluster_size = 5 + +# Directories that should use the smaller cluster size. +small_cluster_dirs = [ + "src/compiler/turboshaft", + "src/maglev", +] + +# A v8_source_set that clusters .cc files in cluster mode. +# +# In cluster mode: generates cluster files for .cc sources and compiles those +# In non-cluster mode: compiles sources directly (like v8_source_set) +# +# Arguments: Same as v8_source_set, plus: +# cluster_output_dir: Optional output directory for cluster files. +# Defaults to $target_gen_dir/clustered. +# cluster_prefix: Optional prefix for cluster file names. +# Defaults to target_name. +# exclude_from_cluster: Optional list of .cc files to compile individually. +# generated_sources: Set to true if sources are generated files located in +# cluster_output_dir. This affects how include paths are +# computed. Default: false. +template("v8_cluster_source_set") { + _target_name = target_name + + if (v8_enable_cluster_build) { + # Extract .cc files from sources for clustering + _excluded_files = [] + if (defined(invoker.exclude_from_cluster)) { + _excluded_files = invoker.exclude_from_cluster + } + + _cluster_sources = [] + _excluded_cc_sources = [] + _other_sources = [] + if (defined(invoker.sources)) { + foreach(s, invoker.sources) { + _ext = get_path_info(s, "extension") + if (_ext == "cc") { + # Check if this file is excluded + _is_excluded = false + foreach(_excl, _excluded_files) { + if (s == _excl) { + _is_excluded = true + } + } + if (_is_excluded) { + _excluded_cc_sources += [ s ] + } else { + _cluster_sources += [ s ] + } + } else { + _other_sources += [ s ] + } + } + } + + # Count cluster sources + _num_cluster_sources = 0 + foreach(s, _cluster_sources) { + _num_cluster_sources += 1 + } + + if (_num_cluster_sources > 0) { + _cluster_prefix = _target_name + if (defined(invoker.cluster_prefix)) { + _cluster_prefix = invoker.cluster_prefix + } + + _output_dir = "$target_gen_dir/clustered" + if (defined(invoker.cluster_output_dir)) { + _output_dir = invoker.cluster_output_dir + } + + _generated_sources = false + if (defined(invoker.generated_sources)) { + _generated_sources = invoker.generated_sources + } + + # Build args for small cluster directories + _small_cluster_args = [ + "--small-cluster-size", + "$small_cluster_size", + ] + foreach(_dir, small_cluster_dirs) { + _small_cluster_args += [ + "--small-cluster-dirs", + _dir, + ] + } + + # Build args for computing filenames + _compute_args = [ + "--compute-filenames", + "--cluster-size", + "$cluster_size", + "--prefix", + _cluster_prefix, + ] + _compute_args += _small_cluster_args + + # Compute cluster file names using exec_script + _cluster_filenames = exec_script( + v8_path_prefix + "/tools/cluster_files.py", + _compute_args + rebase_path(_cluster_sources, root_build_dir), + "list lines") + + _cluster_files = [] + foreach(f, _cluster_filenames) { + _cluster_files += [ "$_output_dir/$f" ] + } + + # Action to generate cluster files + action("${_target_name}_generate_clusters") { + visibility = [ ":*" ] + script = v8_path_prefix + "/tools/cluster_files.py" + + outputs = _cluster_files + + args = [ + "--generate", + "--output-dir", + rebase_path(_output_dir, root_build_dir), + "--prefix", + _cluster_prefix, + "--cluster-size", + "$cluster_size", + ] + args += _small_cluster_args + + # Include path computation depends on whether sources are generated + if (_generated_sources) { + # Generated sources: strip the output directory prefix + _strip_prefix = rebase_path(_output_dir, root_build_dir) + "/" + args += [ + "--strip-prefix", + _strip_prefix, + ] + } else { + # Source tree files: prepend path from output dir back to build dir + _include_prefix = rebase_path(root_build_dir, _output_dir) + "/" + args += [ + "--include-prefix", + _include_prefix, + ] + } + + args += rebase_path(_cluster_sources, root_build_dir) + + # Only forward testonly, not deps. The generate_clusters action just + # creates #include files from the source list - it doesn't need any + # dependencies. The deps are forwarded to the v8_source_set below + # where they're needed for actually compiling the cluster files. + forward_variables_from(invoker, [ "testonly" ]) + } + + # The actual source set with cluster files + v8_source_set(_target_name) { + forward_variables_from(invoker, + "*", + [ + "sources", + "cluster_prefix", + "cluster_output_dir", + "exclude_from_cluster", + "generated_sources", + ]) + + # Combine non-.cc files, cluster files, and excluded files + sources = _other_sources + _cluster_files + _excluded_cc_sources + + if (!defined(deps)) { + deps = [] + } + deps += [ ":${_target_name}_generate_clusters" ] + } + } else { + # No .cc files to cluster, just pass through + v8_source_set(_target_name) { + forward_variables_from(invoker, + "*", + [ + "cluster_prefix", + "cluster_output_dir", + "exclude_from_cluster", + "generated_sources", + ]) + } + } + } else { + # Non-cluster mode: just use v8_source_set directly + v8_source_set(_target_name) { + forward_variables_from(invoker, + "*", + [ + "cluster_prefix", + "cluster_output_dir", + "exclude_from_cluster", + "generated_sources", + ]) + } + } +} diff --git a/deps/v8/gni/v8.gni b/deps/v8/gni/v8.gni index d198859576a4bd..3a031e9ddfb622 100644 --- a/deps/v8/gni/v8.gni +++ b/deps/v8/gni/v8.gni @@ -61,12 +61,18 @@ declare_args() { # is still not accessible unless --harmony-temporal is enabled at runtime) # # Furthermore, some architectures don't have Rust toolchains in Chromium - v8_enable_temporal_support = !(defined(build_with_node) && build_with_node) && - target_cpu != "ppc64" && target_cpu != "s390x" + v8_enable_temporal_support = !(defined(build_with_node) && build_with_node) # Use static libraries instead of source_sets. v8_static_library = false + # Enable cluster build. This build mode compiles multiple .cc files in one + # compilation unit. These are files where the C++ compiler spends most of its + # time processing the same long list of .h files, which means they can be + # compiled together in almost the same time that just one of them would have + # taken. + v8_enable_cluster_build = false + # Enable monolithic static library for embedders. v8_monolithic = false @@ -80,6 +86,12 @@ declare_args() { # Implement tracing using Perfetto (https://perfetto.dev). v8_use_perfetto = false + # Use Perfetto JSON Export. + v8_use_perfetto_json_export = "" + + # Use Perfetto SDK headers. + v8_use_perfetto_sdk = false + # Override global symbol level setting for v8. v8_symbol_level = symbol_level @@ -97,25 +109,40 @@ declare_args() { # Enable Wasm interpreter tracing. v8_enable_drumbrake_tracing = false + # Use host CPU ARM features when compiling ARM/ARM64 snapshots + # (using mksnapshot). When true, use both CPU features from + # the target's CPU, and the host's CPU. + # Since mksnapshot's output runs on the target device, this is not + # desirable in general to take the CPU features of the host compiler. + # However, the default is true in order to preserve existing behavior, + # and ensure all necessary CPU features are available in certain scenarios + #(where target and host have the same CPU architecture but different CPUs). + v8_use_host_cpu_arm_features = true + # On non-Desktop platforms, enable explicit bounds checks in the Wasm # interpreter, where the bounds checking is done in the instruction handler, # not using an unhandled exception filter (which also doesn't work with # Win-ASAN). - # Also enables explicit bounds checks on component builds in platforms other - # than Windows because of a problem with function name mangling for vectorcall - # ABI on ELF (The vectorcall calling convention requires a mangling that - # includes @@, but on ELF an @ indicates that the part after it is the version - # of the symbol, with @@ indicating the default symbol version to link against - # when none is specified by the caller and this causes linker errors). As a - # workaround, we need to disable the vectorcall calling convention for - # component builds on Linux and Mac, which means that we cannot use DrumBrake - # builtins for Load/Store instruction handlers, because of the different - # calling convention. - # Windows component builds are also enabled to support cross-compilation. + # Trap-handler based Load/Store builtins are supported on x64 and arm64. + # On x64, also enables explicit bounds checks on component builds in platforms + # other than Windows because of a problem with function name mangling for + # vectorcall ABI on ELF (The vectorcall calling convention requires a mangling + # that includes @@, but on ELF an @ indicates that the part after it is the + # version of the symbol, with @@ indicating the default symbol version to link + # against when none is specified by the caller and this causes linker errors). + # As a workaround, we need to disable the vectorcall calling convention for + # x64 component builds on Linux and Mac, which means that we cannot use + # DrumBrake builtins for Load/Store instruction handlers on x64 component + # builds because of the different calling convention. + # Windows component builds are also affected to support cross-compilation. + # While arm64 uses the standard AAPCS64 calling convention, component builds + # work without this restriction only on iOS due to platform-specific + # build constraints. v8_drumbrake_bounds_checks = (is_win && (is_asan || is_ubsan || is_msan || is_tsan)) || - !(is_win || is_linux || is_mac) || v8_current_cpu != "x64" || !is_clang || - is_component_build + !(is_win || is_linux || is_mac || is_ios) || + (v8_current_cpu != "x64" && v8_current_cpu != "arm64") || !is_clang || + (is_component_build && target_os != "ios") # Enable the Turbofan compiler. # Sets -dV8_ENABLE_TURBOFAN. @@ -197,7 +224,9 @@ declare_args() { # GC. cppgc_enable_slim_write_barrier = true - # Enable pointer compression in cppgc. + # Enable pointer compression in cppgc. Note: this is automatically turned on + # by cppgc_enable_caged_heap on 64-bit platforms. To unconditionally disable + # pointer compression, set cppgc_enable_caged_heap = false. cppgc_enable_pointer_compression = false # Enable support for larger cages, up to 16GB. @@ -225,7 +254,7 @@ declare_args() { # When `v8_enable_pointer_compression_shared_cage` RO space is placed into a # contiguous area at the front of the cage. In case RO allocations fails this # size needs to be adjusted. - v8_contiguous_compressed_ro_space_size_mb = 8 + v8_contiguous_compressed_ro_space_size_mb = 16 # Change code emission and runtime features to be CET shadow-stack compliant # (incomplete and experimental). @@ -269,12 +298,25 @@ if (v8_enable_backtrace == "") { v8_enable_backtrace = is_debug && !v8_optimized_debug } +if (v8_use_perfetto_sdk) { + # When using perfetto SDK, we also need to enable perfetto support. + v8_use_perfetto = true +} + # Chromium is configured to use the perfetto client library, v8 should also # use perfetto for tracing. -if (build_with_chromium) { +if (build_with_chromium && !use_fuzzing_engine) { v8_use_perfetto = true } +# Enable JSON export by default when using perfetto but not the SDK. +if (v8_use_perfetto_json_export == "") { + v8_use_perfetto_json_export = v8_use_perfetto && !v8_use_perfetto_sdk +} +assert( + !(v8_use_perfetto_sdk && v8_use_perfetto_json_export), + "Perfetto JSON Export is not available when building with the Perfetto SDK.") + # Includes profiles to optimize builtins if # * it is a Chromium build, and # * Chromium builds with optimization. @@ -305,7 +347,8 @@ if (v8_enable_pointer_compression == "") { # Windows, Linux, MacOS and tvOS. is_drumbrake_supported = v8_enable_webassembly && v8_enable_pointer_compression && - (v8_current_cpu == "x64" || v8_current_cpu == "arm64") && + (v8_current_cpu == "x64" || v8_current_cpu == "arm64" || + v8_current_cpu == "riscv64") && (target_os == "win" || target_os == "linux" || target_os == "mac" || target_os == "ios") @@ -349,7 +392,6 @@ v8_add_configs = [ v8_path_prefix + ":features", v8_path_prefix + ":toolchain", v8_path_prefix + ":strict_warnings", - v8_path_prefix + ":sanitizer_defines", ] if (v8_force_optimize_speed) { diff --git a/deps/v8/include/cppgc/allocation.h b/deps/v8/include/cppgc/allocation.h index a7955fd1016e8e..450db00479e87a 100644 --- a/deps/v8/include/cppgc/allocation.h +++ b/deps/v8/include/cppgc/allocation.h @@ -50,18 +50,17 @@ class MakeGarbageCollectedTraitInternal { protected: static inline void MarkObjectAsFullyConstructed(const void* payload) { // See api_constants for an explanation of the constants. - std::atomic* atomic_mutable_bitfield = - reinterpret_cast*>( - const_cast(reinterpret_cast( - reinterpret_cast(payload) - - api_constants::kFullyConstructedBitFieldOffsetFromPayload))); + std::atomic_ref atomic_mutable_bitfield( + *const_cast(reinterpret_cast( + reinterpret_cast(payload) - + api_constants::kFullyConstructedBitFieldOffsetFromPayload))); // It's safe to split use load+store here (instead of a read-modify-write // operation), since it's guaranteed that this 16-bit bitfield is only // modified by a single thread. This is cheaper in terms of code bloat (on // ARM) and performance. - uint16_t value = atomic_mutable_bitfield->load(std::memory_order_relaxed); + uint16_t value = atomic_mutable_bitfield.load(std::memory_order_relaxed); value |= api_constants::kFullyConstructedBitMask; - atomic_mutable_bitfield->store(value, std::memory_order_release); + atomic_mutable_bitfield.store(value, std::memory_order_release); } // Dispatch based on compile-time information. diff --git a/deps/v8/include/cppgc/heap.h b/deps/v8/include/cppgc/heap.h index 02ee12eaba09d5..2968a0af197240 100644 --- a/deps/v8/include/cppgc/heap.h +++ b/deps/v8/include/cppgc/heap.h @@ -32,6 +32,18 @@ namespace internal { class Heap; } // namespace internal +/** + * A marker that captures the current stack start address. + */ +class V8_EXPORT StackStartMarker { + public: + StackStartMarker() : stack_start_(__builtin_frame_address(0)) {} + void* stack_start() const { return stack_start_; } + + private: + void* stack_start_; +}; + class V8_EXPORT Heap { public: /** @@ -151,8 +163,13 @@ class V8_EXPORT Heap { * GC scheduler follows. */ ResourceConstraints resource_constraints; - }; + /** + * Optional marker representing the stack start of the thread creating the + * heap. + */ + std::optional stack_start_marker = std::nullopt; + }; /** * Creates a new heap that can be used for object allocation. * diff --git a/deps/v8/include/cppgc/internal/api-constants.h b/deps/v8/include/cppgc/internal/api-constants.h index f3b0d8571d3b9d..73b955d7053ae1 100644 --- a/deps/v8/include/cppgc/internal/api-constants.h +++ b/deps/v8/include/cppgc/internal/api-constants.h @@ -28,7 +28,7 @@ constexpr size_t kGB = kMB * 1024; static constexpr size_t kFullyConstructedBitFieldOffsetFromPayload = 2 * sizeof(uint16_t); // Mask for in-construction bit. -static constexpr uint16_t kFullyConstructedBitMask = uint16_t{1}; +static constexpr uint16_t kFullyConstructedBitMask = uint16_t{1} << 15; static constexpr size_t kPageSizeBits = 17; static constexpr size_t kPageSize = size_t{1} << kPageSizeBits; diff --git a/deps/v8/include/libplatform/v8-tracing.h b/deps/v8/include/libplatform/v8-tracing.h index 2271729240b9cb..9d05949c38efac 100644 --- a/deps/v8/include/libplatform/v8-tracing.h +++ b/deps/v8/include/libplatform/v8-tracing.h @@ -14,9 +14,11 @@ #include "v8-platform.h" // NOLINT(build/include_directory) namespace perfetto { +#if defined(V8_USE_PERFETTO_JSON_EXPORT) namespace trace_processor { class TraceProcessorStorage; } +#endif // defined(V8_USE_PERFETTO_JSON_EXPORT) class TracingSession; } @@ -231,6 +233,12 @@ class V8_PLATFORM_EXPORT TraceConfig { #define V8_PLATFORM_NON_EXPORTED_BASE(code) code #endif // defined(_MSC_VER) +/** + * V8 Tracing controller default implementation. + * + * Will become obsolete in Perfetto build + * (v8_use_perfetto_json_export = true). + */ class V8_PLATFORM_EXPORT TracingController : public V8_PLATFORM_NON_EXPORTED_BASE(v8::TracingController) { public: @@ -307,10 +315,13 @@ class V8_PLATFORM_EXPORT TracingController std::unique_ptr trace_config_; std::atomic_bool recording_{false}; -#if defined(V8_USE_PERFETTO) - std::ostream* output_stream_ = nullptr; +#if defined(V8_USE_PERFETTO_JSON_EXPORT) std::unique_ptr trace_processor_; +#endif + +#if defined(V8_USE_PERFETTO) + std::ostream* output_stream_ = nullptr; TraceEventListener* listener_for_testing_ = nullptr; std::unique_ptr tracing_session_; #else // !defined(V8_USE_PERFETTO) diff --git a/deps/v8/include/v8-array-buffer.h b/deps/v8/include/v8-array-buffer.h index 3e64ece5debda3..4b55c445376530 100644 --- a/deps/v8/include/v8-array-buffer.h +++ b/deps/v8/include/v8-array-buffer.h @@ -77,6 +77,11 @@ class V8_EXPORT BackingStore : public v8::internal::BackingStoreBase { */ bool IsShared() const; + /** + * Indicates whether the backing store is immutable. + */ + bool IsImmutable() const; + /** * Indicates whether the backing store was created for a resizable ArrayBuffer * or a growable SharedArrayBuffer, and thus may be resized by user JavaScript @@ -328,6 +333,11 @@ class V8_EXPORT ArrayBuffer : public Object { */ bool WasDetached() const; + /** + * Returns true if this ArrayBuffer is immutable. + */ + bool IsImmutable() const; + /** * Detaches this ArrayBuffer and all its views (typed arrays). * Detaching sets the byte length of the buffer and all typed arrays to zero, diff --git a/deps/v8/include/v8-callbacks.h b/deps/v8/include/v8-callbacks.h index 850b7ccbd4f210..e5eba5a203b8bc 100644 --- a/deps/v8/include/v8-callbacks.h +++ b/deps/v8/include/v8-callbacks.h @@ -260,6 +260,15 @@ enum class CrashKeyId { using AddCrashKeyCallback = void (*)(CrashKeyId id, const std::string& value); +// --- CrashKeyString Callbacks --- +using CrashKey = void*; +enum class CrashKeySize { Size32, Size64, Size256, Size1024 }; + +using AllocateCrashKeyStringCallback = + std::function; +using SetCrashKeyStringCallback = + std::function; + // --- Enter/Leave Script Callback --- using BeforeCallEnteredCallback = void (*)(Isolate*); using CallCompletedCallback = void (*)(Isolate*); diff --git a/deps/v8/include/v8-context.h b/deps/v8/include/v8-context.h index 1d52f5bf40652e..21137f628f2def 100644 --- a/deps/v8/include/v8-context.h +++ b/deps/v8/include/v8-context.h @@ -276,6 +276,20 @@ class V8_EXPORT Context : public Data { * Gets the embedder data with the given index, which must have been set by a * previous call to SetEmbedderData with the same index. */ + V8_INLINE Local GetEmbedderDataV2(int index); + + /** + * Sets the embedder data with the given index, growing the data as + * needed. Note that index 0 currently has a special meaning for Chrome's + * debugger. + */ + void SetEmbedderDataV2(int index, Local value); + + /** + * Gets the embedder data with the given index, which must have been set by a + * previous call to SetEmbedderData with the same index. + */ + V8_DEPRECATE_SOON("Use GetEmbedderDataV2 instead") V8_INLINE Local GetEmbedderData(int index); /** @@ -291,6 +305,7 @@ class V8_EXPORT Context : public Data { * needed. Note that index 0 currently has a special meaning for Chrome's * debugger. */ + V8_DEPRECATE_SOON("Use SetEmbedderDataV2 instead") void SetEmbedderData(int index, Local value); /** @@ -304,7 +319,7 @@ class V8_EXPORT Context : public Data { V8_INLINE void* GetAlignedPointerFromEmbedderData(int index, EmbedderDataTypeTag tag); - V8_DEPRECATE_SOON( + V8_DEPRECATED( "Use GetAlignedPointerFromEmbedderData with EmbedderDataTypeTag " "parameter instead.") V8_INLINE void* GetAlignedPointerFromEmbedderData(Isolate* isolate, @@ -313,7 +328,7 @@ class V8_EXPORT Context : public Data { kEmbedderDataTypeTagDefault); } - V8_DEPRECATE_SOON( + V8_DEPRECATED( "Use GetAlignedPointerFromEmbedderData with EmbedderDataTypeTag " "parameter instead.") V8_INLINE void* GetAlignedPointerFromEmbedderData(int index) { @@ -329,7 +344,7 @@ class V8_EXPORT Context : public Data { * index, growing the data as needed. Note that index 0 currently has a * special meaning for Chrome's debugger. */ - V8_DEPRECATE_SOON( + V8_DEPRECATED( "Use SetAlignedPointerInEmbedderData with EmbedderDataTypeTag parameter " "instead.") void SetAlignedPointerInEmbedderData(int index, void* value) { @@ -453,6 +468,7 @@ class V8_EXPORT Context : public Data { internal::ValueHelper::InternalRepresentationType GetDataFromSnapshotOnce( size_t index); Local SlowGetEmbedderData(int index); + Local SlowGetEmbedderDataV2(int index); void* SlowGetAlignedPointerFromEmbedderData(int index, EmbedderDataTypeTag tag); }; @@ -471,7 +487,7 @@ Local Context::GetEmbedderData(int index) { A value = I::ReadRawField(embedder_data, value_offset); #ifdef V8_COMPRESS_POINTERS // We read the full pointer value and then decompress it in order to avoid - // dealing with potential endiannes issues. + // dealing with potential endianness issues. value = I::DecompressTaggedField(embedder_data, static_cast(value)); #endif @@ -482,6 +498,29 @@ Local Context::GetEmbedderData(int index) { #endif } +V8_INLINE Local Context::GetEmbedderDataV2(int index) { +#ifndef V8_ENABLE_CHECKS + using A = internal::Address; + using I = internal::Internals; + A ctx = internal::ValueHelper::ValueAsAddress(this); + A embedder_data = + I::ReadTaggedPointerField(ctx, I::kNativeContextEmbedderDataOffset); + int value_offset = + I::kEmbedderDataArrayHeaderSize + (I::kEmbedderDataSlotSize * index); + A value = I::ReadRawField(embedder_data, value_offset); +#ifdef V8_COMPRESS_POINTERS + // We read the full pointer value and then decompress it in order to avoid + // dealing with potential endianness issues. + value = I::DecompressTaggedField(embedder_data, static_cast(value)); +#endif + + auto* isolate = I::GetCurrentIsolate(); + return Local::New(isolate, value); +#else + return SlowGetEmbedderDataV2(index); +#endif +} + void* Context::GetAlignedPointerFromEmbedderData(Isolate* isolate, int index, EmbedderDataTypeTag tag) { #if !defined(V8_ENABLE_CHECKS) diff --git a/deps/v8/include/v8-cppgc.h b/deps/v8/include/v8-cppgc.h index aa3813b95ab2f1..9dc6ee5e617fb4 100644 --- a/deps/v8/include/v8-cppgc.h +++ b/deps/v8/include/v8-cppgc.h @@ -53,6 +53,11 @@ struct V8_EXPORT CppHeapCreateParams { */ cppgc::Heap::SweepingType sweeping_support = cppgc::Heap::SweepingType::kIncrementalAndConcurrent; + /** + * Optional marker representing the stack start of the thread creating the + * heap. + */ + std::optional stack_start_marker = std::nullopt; }; /** diff --git a/deps/v8/include/v8-data.h b/deps/v8/include/v8-data.h index bf40b746adf887..7be431b31921a7 100644 --- a/deps/v8/include/v8-data.h +++ b/deps/v8/include/v8-data.h @@ -77,7 +77,8 @@ class V8_EXPORT Data { class V8_EXPORT FixedArray : public Data { public: int Length() const; - Local Get(Local context, int i) const; + + Local Get(int i) const; V8_INLINE static FixedArray* Cast(Data* data) { #ifdef V8_ENABLE_CHECKS diff --git a/deps/v8/include/v8-debug.h b/deps/v8/include/v8-debug.h index 0aff8b9e675e8a..56b98a95b153e8 100644 --- a/deps/v8/include/v8-debug.h +++ b/deps/v8/include/v8-debug.h @@ -136,6 +136,17 @@ class V8_EXPORT StackTrace { kDetailed = kOverview | kIsEval | kIsConstructor | kScriptNameOrSourceURL }; + struct ScriptIdAndContext { + int id; + v8::Local context; + }; + + struct ScriptData { + int id; + v8::Local function; + v8::Local context; + }; + /** * Returns the (unique) ID of this stack trace. */ @@ -174,15 +185,45 @@ class V8_EXPORT StackTrace { static Local CurrentScriptNameOrSourceURL(Isolate* isolate); /** - * Returns the first valid script id at the top of - * the JS stack. The returned value is Message::kNoScriptIdInfo if no id - * was found. + * Returns the first valid script id at the top of the JS stack. The returned + * value is Message::kNoScriptIdInfo if no id was found. * * This method is equivalent to calling StackTrace::CurrentStackTrace and * walking the resulting frames from the beginning until a non-empty id is * found. The difference is that this method won't allocate a stack trace. */ static int CurrentScriptId(Isolate* isolate); + + /** + * Writes up to the first `frame_data.size()` valid script ids and function + * contexts at the top of the JS stack into the given span. Returns a span + * sized to the number of frames worth of data written. It's similar to the + * CurrentStackTrace method but doesn't allocate a stack trace. Further, it + * skips frames that don't have valid script ids or function contexts. The + * final difference is that the script id written for evals or regexp is that + * of the script that ran eval() or regexp, not the current context. + * + */ + V8_DEPRECATE_SOON("Use CurrentScriptData instead") + static v8::MemorySpan + CurrentScriptIdsAndContexts(Isolate* isolate, + v8::MemorySpan frame_data); + + /** + * Writes up to the first `frame_data.size()` valid script ids, functions, and + * contexts at the top of the JS stack into the given span. Returns a span + * sized to the number of frames worth of data written. It's similar to the + * CurrentStackTrace method but doesn't allocate a stack trace. Further, it + * skips non-js frames and frames that don't have valid script ids or function + * contexts. The final difference is that the script id written for evals or + * regexp is that of the script that ran eval() or regexp, not the current + * context. + * + * WARNING: This is an unfinished experimental feature. Semantics and + * implementation may change frequently. + */ + static v8::MemorySpan CurrentScriptData( + Isolate* isolate, v8::MemorySpan frame_data); }; } // namespace v8 diff --git a/deps/v8/include/v8-exception.h b/deps/v8/include/v8-exception.h index 5441a0ab6a403c..f240d9a609e92b 100644 --- a/deps/v8/include/v8-exception.h +++ b/deps/v8/include/v8-exception.h @@ -276,15 +276,18 @@ class V8_EXPORT TryCatch { void ResetInternal(); + // Helper methods for internal::Isolate. + bool capture_message() const; + void set_can_continue(bool value); + bool rethrow() const; + void set_rethrow(bool value); + internal::Isolate* i_isolate_; TryCatch* next_; void* exception_; void* message_obj_; internal::Address js_stack_comparable_address_; - bool is_verbose_ : 1; - bool can_continue_ : 1; - bool capture_message_ : 1; - bool rethrow_ : 1; + uint8_t flags_; friend class internal::Isolate; friend class internal::ThreadLocalTop; diff --git a/deps/v8/include/v8-extension.h b/deps/v8/include/v8-extension.h index 0705e2afbb8708..d0056cb286330d 100644 --- a/deps/v8/include/v8-extension.h +++ b/deps/v8/include/v8-extension.h @@ -33,7 +33,6 @@ class V8_EXPORT Extension { } const char* name() const { return name_; } - size_t source_length() const { return source_length_; } const String::ExternalOneByteStringResource* source() const { return source_; } @@ -48,7 +47,6 @@ class V8_EXPORT Extension { private: const char* name_; - size_t source_length_; // expected to initialize before source_ String::ExternalOneByteStringResource* source_; int dep_count_; const char** deps_; diff --git a/deps/v8/include/v8-external.h b/deps/v8/include/v8-external.h index c3feb1daad7e5f..acc3705ce1091a 100644 --- a/deps/v8/include/v8-external.h +++ b/deps/v8/include/v8-external.h @@ -28,26 +28,37 @@ constexpr ExternalPointerTypeTag kExternalPointerTypeTagDefault = 0; */ class V8_EXPORT External : public Value { public: - V8_DEPRECATE_SOON("Use the version with the type tag.") - static Local New(Isolate* isolate, void* value) { - return New(isolate, value, kExternalPointerTypeTagDefault); - } + /** + * Creates a new External object. + * + * \param isolate The isolate for the external object. + * \param value The C++ pointer value. + * \param tag The type tag of the external pointer. If type tags are not used + * in the embedder, the default value `kExternalPointerTypeTagDefault` can be + * used. + * \return The new External object. + */ static Local New(Isolate* isolate, void* value, ExternalPointerTypeTag tag); - V8_INLINE static External* Cast(Value* value) { + V8_INLINE static External* Cast(Data* value) { #ifdef V8_ENABLE_CHECKS CheckCast(value); #endif return static_cast(value); } - V8_DEPRECATE_SOON("Use the version with the type tag.") - void* Value() const { return Value(kExternalPointerTypeTagDefault); } - + /** + * Returns the value of the external pointer. + * + * \param tag The type tag of the external pointer. If type tags are not used + * in the embedder, the default value `kExternalPointerTypeTagDefault` can be + * used. + * \return The value of the external pointer. + */ void* Value(ExternalPointerTypeTag tag) const; private: - static void CheckCast(v8::Value* obj); + static void CheckCast(v8::Data* obj); }; } // namespace v8 diff --git a/deps/v8/include/v8-function-callback.h b/deps/v8/include/v8-function-callback.h index 0dad94ce22c270..80833bcd538f04 100644 --- a/deps/v8/include/v8-function-callback.h +++ b/deps/v8/include/v8-function-callback.h @@ -57,6 +57,7 @@ class ReturnValue { V8_INLINE void Set(const Local handle); template V8_INLINE void SetNonEmpty(const Local handle); + // Fast primitive number setters. V8_INLINE void Set(bool value); V8_INLINE void Set(double i); @@ -66,11 +67,13 @@ class ReturnValue { V8_INLINE void Set(uint16_t i); V8_INLINE void Set(uint32_t i); V8_INLINE void Set(uint64_t i); + // Fast JS primitive setters. V8_INLINE void SetNull(); V8_INLINE void SetUndefined(); V8_INLINE void SetFalse(); V8_INLINE void SetEmptyString(); + // Convenience getter for the Isolate. V8_INLINE Isolate* GetIsolate() const; @@ -103,7 +106,7 @@ class ReturnValue { V8_INLINE explicit ReturnValue(internal::Address* slot); // See FunctionCallbackInfo. - static constexpr int kIsolateValueIndex = -2; + static constexpr int kIsolateValueIndex = -1; internal::Address* value_; }; @@ -142,41 +145,75 @@ class FunctionCallbackInfo { friend class internal::CustomArguments; friend class debug::ConsoleCallArguments; friend void internal::PrintFunctionCallbackInfo(void*); + using I = internal::Internals; - // TODO(ishell, http://crbug.com/326505377): in case of non-constructor - // call, don't pass kNewTarget and kUnused. Add IsConstructCall flag to - // kIsolate field. - static constexpr int kUnusedIndex = 0; - static constexpr int kIsolateIndex = 1; - static constexpr int kContextIndex = 2; - static constexpr int kReturnValueIndex = 3; - static constexpr int kTargetIndex = 4; - static constexpr int kNewTargetIndex = 5; - static constexpr int kArgsLength = 6; - - static constexpr int kArgsLengthWithReceiver = kArgsLength + 1; - - // Codegen constants: - static constexpr int kSize = 3 * internal::kApiSystemPointerSize; - static constexpr int kImplicitArgsOffset = 0; - static constexpr int kValuesOffset = - kImplicitArgsOffset + internal::kApiSystemPointerSize; - static constexpr int kLengthOffset = - kValuesOffset + internal::kApiSystemPointerSize; - - static constexpr int kThisValuesIndex = -1; + // Frame block, matches the layout of ApiCallbackExitFrame. + // See ApiCallbackExitFrameConstants. + enum { + // + // Optional frame arguments block (exists only for API_CONSTRUCT_EXIT + // frame). + + // Frame arguments block. + kNewTargetIndex = -1, + + // + // Mandatory part, exists for both API_CALLBACK_EXIT and API_CONSTRUCT_EXIT + // frames. + // + + // Frame arguments block. + kArgcIndex, + + // Regular ExitFrame structure. + kFrameSPIndex, + kFrameTypeIndex, + kFrameConstantPoolIndex, // Optional, see I::kFrameCPSlotCount. + kFrameFPIndex = kFrameConstantPoolIndex + I::kFrameCPSlotCount, + kFramePCIndex, + + // Api arguments block, starts at kFirstArgumentIndex. + kFirstApiArgumentIndex, + kIsolateIndex = kFirstApiArgumentIndex, + kReturnValueIndex, + kContextIndex, + kTargetIndex, + + // JS args block, starts at kFrameFirstImplicitArgsIndex. + kReceiverIndex, + kFirstJSArgumentIndex, + + // Mandatory part includes receiver. + kArgsLength = kReceiverIndex + 1, + // Optional part size (exists only for API_CONSTRUCT_EXIT frame). + kOptionalArgsLength = 1, + + // The length of just Api arguments part. + kApiArgsLength = kReceiverIndex - kFirstApiArgumentIndex, + }; + + static_assert(kArgcIndex == 0); static_assert(ReturnValue::kIsolateValueIndex == kIsolateIndex - kReturnValueIndex); - V8_INLINE FunctionCallbackInfo(internal::Address* implicit_args, - internal::Address* values, int length); + internal::Address* address_of_first_argument() const { + return &values_[kFirstJSArgumentIndex]; + } + + V8_INLINE FunctionCallbackInfo() = default; + + // FunctionCallbackInfo object provides a view of the stack area where the + // data is stored and thus it's not supposed to be copyable/movable. + FunctionCallbackInfo(const FunctionCallbackInfo&) = delete; + FunctionCallbackInfo& operator=(const FunctionCallbackInfo&) = delete; + FunctionCallbackInfo(FunctionCallbackInfo&&) = delete; + FunctionCallbackInfo& operator=(FunctionCallbackInfo&&) = delete; - // TODO(https://crbug.com/326505377): flatten the v8::FunctionCallbackInfo - // object to avoid indirect loads through values_ and implicit_args_ and - // reduce the number of instructions in the CallApiCallback builtin. - internal::Address* implicit_args_; - internal::Address* values_; - internal::Address length_; + // Declare as mutable to let GC modify the contents of the slots even though + // it's not possible to change values via this class. + // Define the array size as 1 to make it clear that we are going to access + // it out-of-bounds from both sides anyway. + mutable internal::Address values_[1]; }; /** @@ -198,66 +235,6 @@ class PropertyCallbackInfo { */ V8_INLINE Local Data() const; - /** - * \return The receiver. In many cases, this is the object on which the - * property access was intercepted. When using - * `Reflect.get`, `Function.prototype.call`, or similar functions, it is the - * object passed in as receiver or thisArg. - * - * \code - * void GetterCallback(Local name, - * const v8::PropertyCallbackInfo& info) { - * auto context = info.GetIsolate()->GetCurrentContext(); - * - * v8::Local a_this = - * info.This() - * ->GetRealNamedProperty(context, v8_str("a")) - * .ToLocalChecked(); - * v8::Local a_holder = - * info.Holder() - * ->GetRealNamedProperty(context, v8_str("a")) - * .ToLocalChecked(); - * - * CHECK(v8_str("r")->Equals(context, a_this).FromJust()); - * CHECK(v8_str("obj")->Equals(context, a_holder).FromJust()); - * - * info.GetReturnValue().Set(name); - * } - * - * v8::Local templ = - * v8::FunctionTemplate::New(isolate); - * templ->InstanceTemplate()->SetHandler( - * v8::NamedPropertyHandlerConfiguration(GetterCallback)); - * LocalContext env; - * env->Global() - * ->Set(env.local(), v8_str("obj"), templ->GetFunction(env.local()) - * .ToLocalChecked() - * ->NewInstance(env.local()) - * .ToLocalChecked()) - * .FromJust(); - * - * CompileRun("obj.a = 'obj'; var r = {a: 'r'}; Reflect.get(obj, 'x', r)"); - * \endcode - */ - V8_INLINE Local This() const; - - /** - * \return The object in the prototype chain of the receiver that has the - * interceptor. Suppose you have `x` and its prototype is `y`, and `y` - * has an interceptor. Then `info.This()` is `x` and `info.Holder()` is `y`. - * The Holder() could be a hidden object (the global object, rather - * than the global proxy). - * - * \note For security reasons, do not pass the object back into the runtime. - */ - V8_DEPRECATED( - "V8 will stop providing access to hidden prototype (i.e. " - "JSGlobalObject). Use HolderV2() instead. \n" - "DO NOT try to workaround this by accessing JSGlobalObject via " - "v8::Object::GetPrototype() - it'll be deprecated soon too. \n" - "See http://crbug.com/333672197. ") - V8_INLINE Local Holder() const; - /** * \return The object in the prototype chain of the receiver that has the * interceptor. Suppose you have `x` and its prototype is `y`, and `y` @@ -265,6 +242,9 @@ class PropertyCallbackInfo { * In case the property is installed on the global object the Holder() * would return the global proxy. */ + V8_INLINE Local Holder() const; + // TODO(http://crbug.com/333672197): deprecate and remove. + V8_DEPRECATE_SOON("Use Holder().") V8_INLINE Local HolderV2() const; /** @@ -278,11 +258,18 @@ class PropertyCallbackInfo { V8_INLINE ReturnValue GetReturnValue() const; /** + * For [[Set]], [[DefineOwnProperty]] and [[Delete]] operations (i.e. + * for setter/definer/deleter callbacks) indicates whether TypeError + * should be thrown upon operation failure. The callback should throw + * TypeError only if it's necessary to provide more details than a default + * error thrown by V8 contains in this case. + * * \return True if the intercepted function should throw if an error occurs. - * Usually, `true` corresponds to `'use strict'`. + * Usually, `true` corresponds to `'use strict'` execution mode. * - * \note Always `false` when intercepting `Reflect.set()` - * independent of the language mode. + * \note Always `false` when the operation was initiated by respecive + * `Reflect` call (i.e. `Reflect.set()`, `Reflect.defineProperty()` and + * `Reflect.deleteProperty()`). */ V8_INLINE bool ShouldThrowOnError() const; @@ -293,22 +280,75 @@ class PropertyCallbackInfo { friend class internal::PropertyCallbackArguments; friend class internal::CustomArguments; friend void internal::PrintPropertyCallbackInfo(void*); + using I = internal::Internals; - static constexpr int kPropertyKeyIndex = 0; - static constexpr int kShouldThrowOnErrorIndex = 1; - static constexpr int kHolderIndex = 2; - static constexpr int kIsolateIndex = 3; - static constexpr int kHolderV2Index = 4; - static constexpr int kReturnValueIndex = 5; - static constexpr int kDataIndex = 6; - static constexpr int kThisIndex = 7; - static constexpr int kArgsLength = 8; + // ShouldThrowOnError() can return true only for setter/definer/deleter + // callbacks which match [[Set]]/[[DefineOwnProperty]]/[[Delete]] + // operations. We detect these operations by return value type - they + // all return boolean value, even though setter/deleter callbacks are + // still using v8::PropertyCallbackInfo. + // TODO(https://crbug.com/348660658): cleanup this, once the callbacks are + // migrated to a new return type. + static constexpr bool HasShouldThrowOnError() { + return std::is_same_v || std::is_same_v; + } - static constexpr int kSize = kArgsLength * internal::kApiSystemPointerSize; + // Indicates whether this is a named accessor/interceptor callback call + // or an indexed one. + V8_INLINE bool IsNamed() const; + + // Frame block, matches the layout of ApiAccessorExitFrame. + // See ApiAccessorExitFrameConstants. + enum { + // Frame arguments block. + kPropertyKeyIndex, + + // Regular ExitFrame structure. + kFrameSPIndex, + kFrameTypeIndex, + kFrameConstantPoolIndex, // Optional, see I::kFrameCPSlotCount. + kFrameFPIndex = kFrameConstantPoolIndex + I::kFrameCPSlotCount, + kFramePCIndex, + + // Other arguments block, starts at kFirstArgumentIndex. + kFirstApiArgumentIndex, + kIsolateIndex = kFirstApiArgumentIndex, + kReturnValueIndex, + kCallbackInfoIndex, + kHolderIndex, + + // + // Optional part, used only by setter/definer/deleter callbacks. + // + kFirstOptionalArgument, + kShouldThrowOnErrorIndex = kFirstOptionalArgument, + + // Used as value handle storage when called via CallApiSetter builtin. + kValueIndex, + + kFullArgsLength, + kMandatoryArgsLength = kFirstOptionalArgument, + kOptionalArgsLength = kFullArgsLength - kFirstOptionalArgument, + + // Various lengths of just Api arguments part. + kMandatoryApiArgsLength = kMandatoryArgsLength - kFirstApiArgumentIndex, + kFullApiArgsLength = kFullArgsLength - kFirstApiArgumentIndex, + }; + + // PropertyCallbackInfo object provides a view of the stack area where the + // data is stored and thus it's not supposed to be copyable/movable. + PropertyCallbackInfo(const PropertyCallbackInfo&) = delete; + PropertyCallbackInfo& operator=(const PropertyCallbackInfo&) = delete; + PropertyCallbackInfo(PropertyCallbackInfo&&) = delete; + PropertyCallbackInfo& operator=(PropertyCallbackInfo&&) = delete; PropertyCallbackInfo() = default; - mutable internal::Address args_[kArgsLength]; + // Declare as mutable to let GC modify the contents of the slots even though + // it's not possible to change values via this class. + // Define the array size as 1 to make it clear that we are going to access + // it out-of-bounds anyway. + mutable internal::Address args_[1]; }; using FunctionCallback = void (*)(const FunctionCallbackInfo& info); @@ -377,25 +417,9 @@ void ReturnValue::SetNonEmpty(const BasicTracedReference& handle) { template template void ReturnValue::Set(const Local handle) { - // "V8_DEPRECATE_SOON" this method if |T| is |void|. -#ifdef V8_IMMINENT_DEPRECATION_WARNINGS - static constexpr bool is_allowed_void = false; - static_assert(!std::is_void_v, - "ReturnValue::Set(const Local) is deprecated. " - "Do nothing to indicate that the operation succeeded or use " - "SetFalse() to indicate that the operation failed (don't " - "forget to handle info.ShouldThrowOnError()). " - "See http://crbug.com/348660658 for details."); -#else - static constexpr bool is_allowed_void = std::is_void_v; -#endif // V8_IMMINENT_DEPRECATION_WARNINGS - static_assert(is_allowed_void || std::is_base_of_v, "type check"); + static_assert(std::is_base_of_v, "type check"); if (V8_UNLIKELY(handle.IsEmpty())) { SetDefaultValue(); - } else if constexpr (is_allowed_void) { - // Simulate old behaviour for "v8::AccessorSetterCallback" for which - // it was possible to set the return value even for ReturnValue. - Set(handle->BooleanValue(GetIsolate())); } else { SetInternal(handle.ptr()); } @@ -404,29 +428,11 @@ void ReturnValue::Set(const Local handle) { template template void ReturnValue::SetNonEmpty(const Local handle) { - // "V8_DEPRECATE_SOON" this method if |T| is |void|. -#ifdef V8_IMMINENT_DEPRECATION_WARNINGS - static constexpr bool is_allowed_void = false; - static_assert(!std::is_void_v, - "ReturnValue::SetNonEmpty(const Local) is deprecated. " - "Do nothing to indicate that the operation succeeded or use " - "SetFalse() to indicate that the operation failed (don't " - "forget to handle info.ShouldThrowOnError()). " - "See http://crbug.com/348660658 for details."); -#else - static constexpr bool is_allowed_void = std::is_void_v; -#endif // V8_IMMINENT_DEPRECATION_WARNINGS - static_assert(is_allowed_void || std::is_base_of_v, "type check"); + static_assert(std::is_base_of_v, "type check"); #ifdef V8_ENABLE_CHECKS internal::VerifyHandleIsNonEmpty(handle.IsEmpty()); #endif // V8_ENABLE_CHECKS - if constexpr (is_allowed_void) { - // Simulate old behaviour for "v8::AccessorSetterCallback" for which - // it was possible to set the return value even for ReturnValue. - Set(handle->BooleanValue(GetIsolate())); - } else { - SetInternal(handle.ptr()); - } + SetInternal(handle.ptr()); } template @@ -611,91 +617,80 @@ void ReturnValue::Set(S* whatever) { static_assert(sizeof(S) < 0, "incompilable to prevent inadvertent misuse"); } -template -FunctionCallbackInfo::FunctionCallbackInfo(internal::Address* implicit_args, - internal::Address* values, - int length) - : implicit_args_(implicit_args), values_(values), length_(length) {} - template Local FunctionCallbackInfo::operator[](int i) const { - // values_ points to the first argument (not the receiver). if (i < 0 || Length() <= i) return Undefined(GetIsolate()); - return Local::FromSlot(values_ + i); + return Local::FromSlot(&values_[kFirstJSArgumentIndex + i]); } template Local FunctionCallbackInfo::This() const { - // values_ points to the first argument (not the receiver). - return Local::FromSlot(values_ + kThisValuesIndex); + return Local::FromSlot(&values_[kReceiverIndex]); } template Local FunctionCallbackInfo::NewTarget() const { - return Local::FromSlot(&implicit_args_[kNewTargetIndex]); + if (IsConstructCall()) { + // Can't use &values_[kNewTargetIndex] because of "array index -1 is + // before the beginning of the array" error. + internal::Address* values = &values_[0]; + return Local::FromSlot(values + kNewTargetIndex); + } + return Undefined(GetIsolate()); } template Local FunctionCallbackInfo::Data() const { - auto target = Local::FromSlot(&implicit_args_[kTargetIndex]); + auto target = Local::FromSlot(&values_[kTargetIndex]); return api_internal::GetFunctionTemplateData(GetIsolate(), target); } template Isolate* FunctionCallbackInfo::GetIsolate() const { - return *reinterpret_cast(&implicit_args_[kIsolateIndex]); + return reinterpret_cast(values_[kIsolateIndex]); } template ReturnValue FunctionCallbackInfo::GetReturnValue() const { - return ReturnValue(&implicit_args_[kReturnValueIndex]); + return ReturnValue(&values_[kReturnValueIndex]); } template bool FunctionCallbackInfo::IsConstructCall() const { - return !NewTarget()->IsUndefined(); + return I::SmiValue(values_[kFrameTypeIndex]) == I::kFrameTypeApiConstructExit; } template int FunctionCallbackInfo::Length() const { - return static_cast(length_); + return static_cast(values_[kArgcIndex]); } template -Isolate* PropertyCallbackInfo::GetIsolate() const { - return *reinterpret_cast(&args_[kIsolateIndex]); +bool PropertyCallbackInfo::IsNamed() const { + return I::SmiValue(args_[kFrameTypeIndex]) == + I::kFrameTypeApiNamedAccessorExit; } template -Local PropertyCallbackInfo::Data() const { - return Local::FromSlot(&args_[kDataIndex]); +Isolate* PropertyCallbackInfo::GetIsolate() const { + return *reinterpret_cast(&args_[kIsolateIndex]); } template -Local PropertyCallbackInfo::This() const { - return Local::FromSlot(&args_[kThisIndex]); +Local PropertyCallbackInfo::Data() const { + internal::Address callback_info = args_[kCallbackInfoIndex]; + internal::Address data = + I::ReadTaggedPointerField(callback_info, I::kCallbackInfoDataOffset); + return Local::New(GetIsolate(), data); } template Local PropertyCallbackInfo::Holder() const { return Local::FromSlot(&args_[kHolderIndex]); } - -namespace api_internal { -// Returns JSGlobalProxy if holder is JSGlobalObject or unmodified holder -// otherwise. -V8_EXPORT internal::Address ConvertToJSGlobalProxyIfNecessary( - internal::Address holder); -} // namespace api_internal - template Local PropertyCallbackInfo::HolderV2() const { - using I = internal::Internals; - if (!I::HasHeapObjectTag(args_[kHolderV2Index])) { - args_[kHolderV2Index] = - api_internal::ConvertToJSGlobalProxyIfNecessary(args_[kHolderIndex]); - } - return Local::FromSlot(&args_[kHolderV2Index]); + return Holder(); } template @@ -705,7 +700,7 @@ ReturnValue PropertyCallbackInfo::GetReturnValue() const { template bool PropertyCallbackInfo::ShouldThrowOnError() const { - using I = internal::Internals; + if constexpr (!HasShouldThrowOnError()) return false; if (args_[kShouldThrowOnErrorIndex] != I::IntegralToSmi(I::kInferShouldThrowMode)) { return args_[kShouldThrowOnErrorIndex] != I::IntegralToSmi(I::kDontThrow); diff --git a/deps/v8/include/v8-function.h b/deps/v8/include/v8-function.h index 9ee77596cd3796..18532519f8b89c 100644 --- a/deps/v8/include/v8-function.h +++ b/deps/v8/include/v8-function.h @@ -31,8 +31,8 @@ class V8_EXPORT Function : public Object { * for a given FunctionCallback. */ static MaybeLocal New( - Local context, FunctionCallback callback, - Local data = Local(), int length = 0, + Local context, FunctionCallback callback, Local data = {}, + int length = 0, ConstructorBehavior behavior = ConstructorBehavior::kAllow, SideEffectType side_effect_type = SideEffectType::kHasSideEffect); diff --git a/deps/v8/include/v8-initialization.h b/deps/v8/include/v8-initialization.h index 406f1d0ba54573..02f3acfba796a9 100644 --- a/deps/v8/include/v8-initialization.h +++ b/deps/v8/include/v8-initialization.h @@ -206,6 +206,47 @@ class V8_EXPORT V8 { static void DisposePlatform(); #if defined(V8_ENABLE_SANDBOX) + /** + * The mode the V8 sandbox operates in. + * + * These values are persisted to logs. Entries should not be renumbered and + * numeric values should never be reused. If you add new items here, update + * V8SandboxMode in tools/metrics/histograms/metadata/v8/enums.xml in + * Chromium. + */ + enum class SandboxMode : uint8_t { + /** + * The sandbox is configured securely with a full reservation and an + * inaccessible Smi address range. + */ + kSecure = 0, + /** + * The sandbox is configured insecurely without a known reason. + */ + kInsecure = 1, + /** + * The sandbox is partially reserved, but the Smi address range is + * inaccessible. + */ + kInsecurePartialReservationSmiInaccessible = 2, + /** + * The sandbox is fully reserved, but the Smi address range is accessible. + */ + kInsecureFullReservationSmiAccessible = 3, + /** + * The sandbox is partially reserved and the Smi address range is + * accessible. + */ + kInsecurePartialReservationSmiAccessible = 4, + + kMaxValue = kInsecurePartialReservationSmiAccessible, + }; + + /** + * Returns the current state of the sandbox. + */ + static SandboxMode GetSandboxMode(); + /** * Returns true if the sandbox is configured securely. * diff --git a/deps/v8/include/v8-inspector.h b/deps/v8/include/v8-inspector.h index d1993c0eade0ca..cdd94163e3d673 100644 --- a/deps/v8/include/v8-inspector.h +++ b/deps/v8/include/v8-inspector.h @@ -10,6 +10,7 @@ #include #include +#include "cppgc/garbage-collected.h" // NOLINT(build/include_directory) #include "v8-isolate.h" // NOLINT(build/include_directory) #include "v8-local-handle.h" // NOLINT(build/include_directory) @@ -415,10 +416,24 @@ class V8_EXPORT V8Inspector { virtual void sendNotification(std::unique_ptr message) = 0; virtual void flushProtocolNotifications() = 0; }; + + class V8_EXPORT ManagedChannel + : public cppgc::GarbageCollected { + public: + virtual ~ManagedChannel() = default; + virtual void sendResponse(int callId, + std::unique_ptr message) = 0; + virtual void sendNotification(std::unique_ptr message) = 0; + virtual void flushProtocolNotifications() = 0; + virtual void Trace(cppgc::Visitor* visitor) const {} + }; + enum ClientTrustLevel { kUntrusted, kFullyTrusted }; enum SessionPauseState { kWaitingForDebugger, kNotWaitingForDebugger }; // TODO(chromium:1352175): remove default value once downstream change lands. // Deprecated: Use `connectShared` instead. + // Channel is owned by the embedder. Ensure to keep it alive as long as the + // returned session is alive. virtual std::unique_ptr connect( int contextGroupId, Channel*, StringView state, ClientTrustLevel client_trust_level, @@ -429,10 +444,19 @@ class V8_EXPORT V8Inspector { // (V8InspectorClient::runMessageLoopOnPause) is running. To partially ensure // this, we defer session deconstruction until no "dispatchProtocolMessages" // remains on the stack. + // Channel is owned by the embedder. Ensure to keep it alive as long as the + // returned session is alive. virtual std::shared_ptr connectShared( int contextGroupId, Channel* channel, StringView state, ClientTrustLevel clientTrustLevel, SessionPauseState pauseState) = 0; + // Same as `connectShared` but takes a `ManagedChannel` instead. The session + // will take a cppgc::Persistent on the ManagedChannel so the embedder doesn't + // have to worry about the life-time of `channel`. + virtual std::shared_ptr connectShared( + int contextGroupId, ManagedChannel* channel, StringView state, + ClientTrustLevel clientTrustLevel, SessionPauseState pauseState) = 0; + // API methods. virtual std::unique_ptr createStackTrace( v8::Local) = 0; diff --git a/deps/v8/include/v8-internal.h b/deps/v8/include/v8-internal.h index 8d28f22018609a..d958e8d8dbb787 100644 --- a/deps/v8/include/v8-internal.h +++ b/deps/v8/include/v8-internal.h @@ -248,18 +248,6 @@ constexpr size_t kSandboxAlignment = kPtrComprCageBaseAlignment; // constant specifies the shift amount. constexpr uint64_t kSandboxedPointerShift = 64 - kSandboxSizeLog2; -// Size of the guard regions surrounding the sandbox. This assumes a worst-case -// scenario of a 32-bit unsigned index used to access an array of 64-bit values -// with an additional 4GB (compressed pointer) offset. In particular, accesses -// to TypedArrays are effectively computed as -// `entry_pointer = array->base + array->offset + index * array->element_size`. -// See also https://crbug.com/40070746 for more details. -constexpr size_t kSandboxGuardRegionSize = 32ULL * GB + 4ULL * GB; - -static_assert((kSandboxGuardRegionSize % kSandboxAlignment) == 0, - "The size of the guard regions around the sandbox must be a " - "multiple of its required alignment."); - // On OSes where reserving virtual memory is too expensive to reserve the // entire address space backing the sandbox, notably Windows pre 8.1, we create // a partially reserved sandbox that doesn't actually reserve most of the @@ -281,9 +269,6 @@ static_assert(kSandboxMinimumReservationSize > kPtrComprCageReservationSize, // able to construct a buffer that appears larger than the guard regions and // thereby "reach out of" the sandbox. constexpr size_t kMaxSafeBufferSizeForSandbox = 32ULL * GB - 1; -static_assert(kMaxSafeBufferSizeForSandbox <= kSandboxGuardRegionSize, - "The maximum allowed buffer size must not be larger than the " - "sandbox's guard regions"); constexpr size_t kBoundedSizeShift = 29; static_assert(1ULL << (64 - kBoundedSizeShift) == @@ -291,6 +276,22 @@ static_assert(1ULL << (64 - kBoundedSizeShift) == "The maximum size of a BoundedSize must be synchronized with the " "kMaxSafeBufferSizeForSandbox"); +// Size of the guard regions surrounding the sandbox. This assumes a worst-case +// scenario of a 32-bit unsigned index used to access an array of 64-bit values +// with an additional 32GB (bounded size) offset. In particular, accesses to +// TypedArrays are effectively computed as +// `entry_pointer = array->base + array->offset + index * array->element_size`. +// See also https://crbug.com/40070746 for more details. +constexpr size_t kSandboxGuardRegionSize = + 32ULL * GB + (kMaxSafeBufferSizeForSandbox + 1); + +static_assert((kSandboxGuardRegionSize % kSandboxAlignment) == 0, + "The size of the guard regions around the sandbox must be a " + "multiple of its required alignment."); +static_assert(kMaxSafeBufferSizeForSandbox <= kSandboxGuardRegionSize, + "The maximum allowed buffer size must not be larger than the " + "sandbox's guard regions"); + #endif // V8_ENABLE_SANDBOX #ifdef V8_COMPRESS_POINTERS @@ -308,14 +309,22 @@ constexpr size_t kExternalPointerTableReservationSize = 256 * MB; // smaller than the maximum table size even after the C++ compiler multiplies // them by 8 to be used as indexes into a table of 64 bit pointers. constexpr uint32_t kExternalPointerIndexShift = 7; +#elif defined(V8_TARGET_OS_IOS) +// iOS restricts large memory allocations, with 128 MB being the maximum size we +// can configure. If we exceed this, SegmentedTable::Initialize will throw a V8 +// out-of-memory error when running the JetStream benchmark +// (https://browserbench.org/JetStream/). +constexpr size_t kExternalPointerTableReservationSize = 128 * MB; +constexpr uint32_t kExternalPointerIndexShift = 8; #else constexpr size_t kExternalPointerTableReservationSize = 512 * MB; constexpr uint32_t kExternalPointerIndexShift = 6; #endif // V8_TARGET_OS_ANDROID -// The maximum number of entries in an external pointer table. +// The byte size of an entry in an external pointer table. constexpr int kExternalPointerTableEntrySize = 8; constexpr int kExternalPointerTableEntrySizeLog2 = 3; +// The maximum number of entries in an external pointer table. constexpr size_t kMaxExternalPointers = kExternalPointerTableReservationSize / kExternalPointerTableEntrySize; static_assert((1 << (32 - kExternalPointerIndexShift)) == kMaxExternalPointers, @@ -425,12 +434,54 @@ constexpr size_t kMaxCppHeapPointers = 0; // which all subtypes of a given supertype use contiguous tags. This struct can // then be used to represent such a type range. // +// As an example, consider the following type hierarchy: +// +// A F +// / \ +// B E +// / \ +// C D +// +// A potential type id assignment for range-based type checks is +// {A: 0, B: 1, C: 2, D: 3, E: 4, F: 5}. With that, the type check for type A +// would check for the range [A, E], while the check for B would check range +// [B, D], and for F it would simply check [F, F]. +// // In addition, there is an option for performance tweaks: if the size of the // type range corresponding to a supertype is a power of two and starts at a // power of two (e.g. [0x100, 0x13f]), then the compiler can often optimize // the type check to use even fewer instructions (essentially replace a AND + // SUB with a single AND). // +// Tag ranges can also to a limited degree be used for union types. For +// example, with the type graph as above, it would be possible to specify a +// Union(D, E, F) as the tag range [D, F]. However, this only works as long as +// the (otherwise independent) types that form the union have adjacent tags. +// +// +// There are broadly speaking two options for performing the type check when +// given the expected type range and the actual tag of the entry. +// +// The first option is to simply have the equivalent of +// +// CHECK(expected_tag_range.Contains(actual_tag)) +// +// This is nice and simple, and friendly to both the branch-predictor and the +// user/developer as it produces clear error messages. However, this approach +// may result in quite a bit of code being generated, for example for calling +// RuntimeAbort from generated code or similar. +// +// The second option is to generate code such as +// +// if (!expected_tag_range.Contains(actual_tag)) return nullptr; +// +// With this, we are also guaranteed to crash safely when the returned pointer +// is used, but this may result in significantly less code being generated, for +// example because the compiler can implement this with a single conditional +// select in combination with the zero register (e.g. on Arm). +// +// The choice of which approach to use therefore depends on the use case, the +// performance and code size constraints, and the importance of debuggability. template struct TagRange { static_assert(std::is_enum_v && @@ -438,7 +489,12 @@ struct TagRange { "Tag parameter must be an enum with base type uint16_t"); // Construct the inclusive tag range [first, last]. - constexpr TagRange(Tag first, Tag last) : first(first), last(last) {} + constexpr TagRange(Tag first, Tag last) : first(first), last(last) { +#ifdef V8_ENABLE_CHECKS + // This would typically be a DCHECK, but that's not available here. + if (first > last) __builtin_unreachable(); // Invalid tag range. +#endif + } // Construct a tag range consisting of a single tag. // @@ -466,8 +522,8 @@ struct TagRange { // Need to perform the math with uint32_t. Otherwise, the uint16_ts would // be promoted to (signed) int, allowing the compiler to (wrongly) assume // that an underflow cannot happen as that would be undefined behavior. - return static_cast(tag) - first <= - static_cast(last) - first; + return static_cast(tag) - static_cast(first) <= + static_cast(last) - static_cast(first); } constexpr bool Contains(TagRange tag_range) const { @@ -483,11 +539,56 @@ struct TagRange { return (static_cast(first) << 16) | last; } - // Internally we represent tag ranges as half-open ranges [first, last). - const Tag first; - const Tag last; + // Internally we represent tag ranges as closed ranges [first, last]. + Tag first; + Tag last; }; +#define SHARED_MANAGED_TAG_LIST(V) V(WasmFutexManagedObjectWaitListTag) + +#define MANAGED_TAG_LIST(V) \ + SHARED_MANAGED_TAG_LIST(V) \ + V(GenericManagedTag) \ + V(WasmWasmStreamingTag) \ + V(WasmFuncDataTag) \ + V(WasmManagedDataTag) \ + V(WasmNativeModuleTag) \ + V(BackingStoreTag) \ + V(CFunctionWithSignatureTag) \ + V(IcuBreakIteratorTag) \ + V(IcuListFormatterTag) \ + V(IcuLocaleTag) \ + V(IcuSimpleDateFormatTag) \ + V(IcuDateIntervalFormatTag) \ + V(IcuRelativeDateTimeFormatterTag) \ + V(IcuLocalizedNumberFormatterTag) \ + V(IcuPluralRulesTag) \ + V(IcuCollatorTag) \ + V(IcuBreakIteratorWithTextTag) \ + V(TemporalDurationTag) \ + V(TemporalInstantTag) \ + V(TemporalPlainDateTag) \ + V(TemporalPlainTimeTag) \ + V(TemporalPlainDateTimeTag) \ + V(TemporalPlainYearMonthTag) \ + V(TemporalPlainMonthDayTag) \ + V(TemporalZonedDateTimeTag) \ + V(DisplayNamesInternalTag) \ + V(D8WorkerTag) \ + V(D8ModuleEmbedderDataTag) + +#define FOREIGN_TAG_LIST(V) \ + V(GenericForeignTag) \ + V(ApiAccessCheckCallbackTag) \ + V(ApiAbortScriptExecutionCallbackTag) \ + V(SyntheticModuleTag) \ + V(MicrotaskCallbackTag) \ + V(MicrotaskCallbackDataTag) \ + V(MessageListenerTag) \ + V(WaiterQueueForeignTag) \ + /* Needs to stay last to form a range for resources. */ \ + MANAGED_TAG_LIST(V) + // // External Pointers. // @@ -587,60 +688,21 @@ enum ExternalPointerTag : uint16_t { kApiIndexedPropertyDefinerCallbackTag, kApiIndexedPropertyDeleterCallbackTag, kApiIndexedPropertyEnumeratorCallbackTag, + kApiIndexedPropertyIndexOfCallbackTag, kLastInterceptorInfoExternalPointerTag = - kApiIndexedPropertyEnumeratorCallbackTag, + kApiIndexedPropertyIndexOfCallbackTag, kLastMaybeReadOnlyExternalPointerTag = kLastInterceptorInfoExternalPointerTag, kWasmStackMemoryTag, - // Foreigns - kFirstForeignExternalPointerTag, - kGenericForeignTag = kFirstForeignExternalPointerTag, - - kApiAccessCheckCallbackTag, - kApiAbortScriptExecutionCallbackTag, - kSyntheticModuleTag, - kMicrotaskCallbackTag, - kMicrotaskCallbackDataTag, - kCFunctionTag, - kCFunctionInfoTag, - kMessageListenerTag, - kWaiterQueueForeignTag, - - // Managed - kFirstManagedResourceTag, - kFirstManagedExternalPointerTag = kFirstManagedResourceTag, - kGenericManagedTag = kFirstManagedExternalPointerTag, - kWasmWasmStreamingTag, - kWasmFuncDataTag, - kWasmManagedDataTag, - kWasmNativeModuleTag, - kIcuBreakIteratorTag, - kIcuUnicodeStringTag, - kIcuListFormatterTag, - kIcuLocaleTag, - kIcuSimpleDateFormatTag, - kIcuDateIntervalFormatTag, - kIcuRelativeDateTimeFormatterTag, - kIcuLocalizedNumberFormatterTag, - kIcuPluralRulesTag, - kIcuCollatorTag, - kTemporalDurationTag, - kTemporalInstantTag, - kTemporalPlainDateTag, - kTemporalPlainTimeTag, - kTemporalPlainDateTimeTag, - kTemporalPlainYearMonthTag, - kTemporalPlainMonthDayTag, - kTemporalZonedDateTimeTag, - kDisplayNamesInternalTag, - kD8WorkerTag, - kD8ModuleEmbedderDataTag, - kLastForeignExternalPointerTag = kD8ModuleEmbedderDataTag, - kLastManagedExternalPointerTag = kLastForeignExternalPointerTag, - // External resources whose lifetime is tied to their entry in the external - // pointer table but which are not referenced via a Managed +#define AS_ENUM(name) k##name, + FOREIGN_TAG_LIST(AS_ENUM) + +#undef AS_ENUM + + // External resources whose lifetime is tied to their entry in the + // external pointer table but which are not referenced via a Managed kArrayBufferExtensionTag, kLastManagedResourceTag = kArrayBufferExtensionTag, @@ -651,30 +713,89 @@ enum ExternalPointerTag : uint16_t { kLastExternalPointerTag = 0x7f, }; +constexpr const char* ToString(ExternalPointerTag tag) { + switch (tag) { +#define ENUM_CASE(name) \ + case ExternalPointerTag::k##name: \ + return #name; + + FOREIGN_TAG_LIST(ENUM_CASE) + +#undef ENUM_CASE + default: + return "Unknown tag"; + } +} + using ExternalPointerTagRange = TagRange; +#define AS_LIST(name) ExternalPointerTag::k##name, + +#define GET_FIRST(LIST) \ + []() { \ + ExternalPointerTag items[] = {LIST(AS_LIST)}; \ + return items[0]; \ + }() + +#define GET_LAST(LIST) \ + []() { \ + ExternalPointerTag items[] = {LIST(AS_LIST)}; \ + return items[(sizeof(items) / sizeof(items[0])) - 1]; \ + }() + constexpr ExternalPointerTagRange kAnyExternalPointerTagRange( kFirstExternalPointerTag, kLastExternalPointerTag); -constexpr ExternalPointerTagRange kAnySharedExternalPointerTagRange( - kFirstSharedExternalPointerTag, kLastSharedExternalPointerTag); + +constexpr ExternalPointerTag kFirstForeignExternalPointerTag = + GET_FIRST(FOREIGN_TAG_LIST); +constexpr ExternalPointerTag kLastForeignExternalPointerTag = + GET_LAST(FOREIGN_TAG_LIST); constexpr ExternalPointerTagRange kAnyForeignExternalPointerTagRange( kFirstForeignExternalPointerTag, kLastForeignExternalPointerTag); constexpr ExternalPointerTagRange kAnyInterceptorInfoExternalPointerTagRange( kFirstInterceptorInfoExternalPointerTag, kLastInterceptorInfoExternalPointerTag); + +constexpr ExternalPointerTag kFirstManagedExternalPointerTag = + GET_FIRST(MANAGED_TAG_LIST); +constexpr ExternalPointerTag kLastManagedExternalPointerTag = + GET_LAST(MANAGED_TAG_LIST); constexpr ExternalPointerTagRange kAnyManagedExternalPointerTagRange( kFirstManagedExternalPointerTag, kLastManagedExternalPointerTag); + constexpr ExternalPointerTagRange kAnyMaybeReadOnlyExternalPointerTagRange( kFirstMaybeReadOnlyExternalPointerTag, kLastMaybeReadOnlyExternalPointerTag); + +constexpr ExternalPointerTag kFirstManagedResourceTag = + GET_FIRST(MANAGED_TAG_LIST); +// kLastManagedResourceTag defined in the enum. constexpr ExternalPointerTagRange kAnyManagedResourceExternalPointerTag( kFirstManagedResourceTag, kLastManagedResourceTag); +constexpr ExternalPointerTag kFirstSharedManagedExternalPointerTag = + GET_FIRST(SHARED_MANAGED_TAG_LIST); +constexpr ExternalPointerTag kLastSharedManagedExternalPointerTag = + GET_LAST(SHARED_MANAGED_TAG_LIST); +constexpr ExternalPointerTagRange kAnySharedManagedExternalPointerTagRange( + kFirstSharedManagedExternalPointerTag, + kLastSharedManagedExternalPointerTag); + +#undef AS_LIST +#undef GET_FIRST +#undef GET_LAST + // True if the external pointer must be accessed from the shared isolate's // external pointer table. V8_INLINE static constexpr bool IsSharedExternalPointerType( ExternalPointerTagRange tag_range) { - return kAnySharedExternalPointerTagRange.Contains(tag_range); + // This range should only be used together with + // kAnySharedManagedExternalPointerTagRange in this predicate. Therefore + // it is defined in this scope. + constexpr ExternalPointerTagRange kAnySharedExternalPointerTagRange( + kFirstSharedExternalPointerTag, kLastSharedExternalPointerTag); + return kAnySharedExternalPointerTagRange.Contains(tag_range) || + kAnySharedManagedExternalPointerTagRange.Contains(tag_range); } // True if the external pointer may live in a read-only object, in which case @@ -760,9 +881,10 @@ constexpr uint32_t kTrustedPointerHandleShift = 9; constexpr TrustedPointerHandle kNullTrustedPointerHandle = kNullIndirectPointerHandle; -// The maximum number of entries in an trusted pointer table. +// The byte size of an entry in the trusted pointer table. constexpr int kTrustedPointerTableEntrySize = 8; constexpr int kTrustedPointerTableEntrySizeLog2 = 3; +// The maximum number of entries in the trusted pointer table. constexpr size_t kMaxTrustedPointers = kTrustedPointerTableReservationSize / kTrustedPointerTableEntrySize; static_assert((1 << (32 - kTrustedPointerHandleShift)) == kMaxTrustedPointers, @@ -808,9 +930,10 @@ constexpr uint32_t kCodePointerHandleMarker = 0x1; static_assert(kCodePointerHandleShift > 0); static_assert(kTrustedPointerHandleShift > 0); -// The maximum number of entries in a code pointer table. +// The byte size of an entry in a code pointer table. constexpr int kCodePointerTableEntrySize = 16; constexpr int kCodePointerTableEntrySizeLog2 = 4; +// The maximum number of entries in a code pointer table. constexpr size_t kMaxCodePointers = kCodePointerTableReservationSize / kCodePointerTableEntrySize; static_assert( @@ -901,6 +1024,9 @@ class Internals { static const int kExternalTwoByteRepresentationTag = 0x02; static const int kExternalOneByteRepresentationTag = 0x0a; + // AccessorInfo::data and InterceptorInfo::data field. + static const int kCallbackInfoDataOffset = 1 * kApiTaggedSize; + static const uint32_t kNumIsolateDataSlots = 4; static const int kStackGuardSize = 8 * kApiSystemPointerSize; static const int kNumberOfBooleanFlags = 6; @@ -915,15 +1041,11 @@ class Internals { 2 * kApiSystemPointerSize + 2 * kApiInt32Size; // ExternalPointerTable and TrustedPointerTable layout guarantees. - static const int kExternalPointerTableBasePointerOffset = 0; + static const int kExternalEntityTableBasePointerOffset = 0; static const int kSegmentedTableSegmentPoolSize = 4; - static const int kExternalPointerTableSize = - 4 * kApiSystemPointerSize + - kSegmentedTableSegmentPoolSize * sizeof(uint32_t); - static const int kTrustedPointerTableSize = + static const int kExternalEntityTableSize = 4 * kApiSystemPointerSize + kSegmentedTableSegmentPoolSize * sizeof(uint32_t); - static const int kTrustedPointerTableBasePointerOffset = 0; // IsolateData layout guarantees. static const int kIsolateCageBaseOffset = 0; @@ -967,38 +1089,60 @@ class Internals { static const int kIsolateExternalPointerTableOffset = kIsolateEmbedderDataOffset + kNumIsolateDataSlots * kApiSystemPointerSize; static const int kIsolateSharedExternalPointerTableAddressOffset = - kIsolateExternalPointerTableOffset + kExternalPointerTableSize; + kIsolateExternalPointerTableOffset + kExternalEntityTableSize; static const int kIsolateCppHeapPointerTableOffset = kIsolateSharedExternalPointerTableAddressOffset + kApiSystemPointerSize; #ifdef V8_ENABLE_SANDBOX static const int kIsolateTrustedCageBaseOffset = - kIsolateCppHeapPointerTableOffset + kExternalPointerTableSize; + kIsolateCppHeapPointerTableOffset + kExternalEntityTableSize; static const int kIsolateTrustedPointerTableOffset = kIsolateTrustedCageBaseOffset + kApiSystemPointerSize; static const int kIsolateSharedTrustedPointerTableAddressOffset = - kIsolateTrustedPointerTableOffset + kTrustedPointerTableSize; + kIsolateTrustedPointerTableOffset + kExternalEntityTableSize; static const int kIsolateTrustedPointerPublishingScopeOffset = kIsolateSharedTrustedPointerTableAddressOffset + kApiSystemPointerSize; static const int kIsolateCodePointerTableBaseAddressOffset = kIsolateTrustedPointerPublishingScopeOffset + kApiSystemPointerSize; - static const int kIsolateApiCallbackThunkArgumentOffset = + static const int kIsolateJSDispatchTableOffset = kIsolateCodePointerTableBaseAddressOffset + kApiSystemPointerSize; #else - static const int kIsolateApiCallbackThunkArgumentOffset = - kIsolateCppHeapPointerTableOffset + kExternalPointerTableSize; + static const int kIsolateJSDispatchTableOffset = + kIsolateCppHeapPointerTableOffset + kExternalEntityTableSize; #endif // V8_ENABLE_SANDBOX #else - static const int kIsolateApiCallbackThunkArgumentOffset = + static const int kIsolateJSDispatchTableOffset = kIsolateEmbedderDataOffset + kNumIsolateDataSlots * kApiSystemPointerSize; #endif // V8_COMPRESS_POINTERS - static const int kJSDispatchTableOffset = - kIsolateApiCallbackThunkArgumentOffset + kApiSystemPointerSize; + static const int kIsolateApiCallbackThunkArgumentOffset = + kIsolateJSDispatchTableOffset + kExternalEntityTableSize; static const int kIsolateRegexpExecVectorArgumentOffset = - kJSDispatchTableOffset + kApiSystemPointerSize; + kIsolateApiCallbackThunkArgumentOffset + kApiSystemPointerSize; static const int kContinuationPreservedEmbedderDataOffset = kIsolateRegexpExecVectorArgumentOffset + kApiSystemPointerSize; - static const int kIsolateRootsOffset = + static const int kCurrentMicrotaskQueueOffset = kContinuationPreservedEmbedderDataOffset + kApiSystemPointerSize; + static const int kCurrentMicrotaskNativeContextOffset = + kCurrentMicrotaskQueueOffset + kApiSystemPointerSize; + static const int kIsolateRootsOffset = + kCurrentMicrotaskNativeContextOffset + kApiSystemPointerSize; + +#if V8_TARGET_ARCH_PPC64 + static constexpr int kFrameCPSlotCount = 1; +#else + static constexpr int kFrameCPSlotCount = 0; +#endif + +#if V8_TARGET_ARCH_ARM64 + // The padding required to keep SP 16-byte aligned. + static constexpr int kSPAlignmentSlotCount = 1; +#else + static constexpr int kSPAlignmentSlotCount = 0; +#endif + + static const int kFrameTypeApiCallExit = 18; + static const int kFrameTypeApiConstructExit = 19; + static const int kFrameTypeApiNamedAccessorExit = 20; + static const int kFrameTypeApiIndexedAccessorExit = 21; // Assert scopes static const int kDisallowGarbageCollectionAlign = alignof(uint32_t); @@ -1020,13 +1164,9 @@ class Internals { using Tagged_t = uint32_t; struct StaticReadOnlyRoot { #ifdef V8_ENABLE_WEBASSEMBLY - static constexpr Tagged_t kBuildDependentTheHoleValue = 0x20001; + static constexpr Tagged_t kBuildDependentTheHoleValue = 0x2fffd; #else -#ifdef V8_INTL_SUPPORT - static constexpr Tagged_t kBuildDependentTheHoleValue = 0x6581; -#else - static constexpr Tagged_t kBuildDependentTheHoleValue = 0x58d1; -#endif + static constexpr Tagged_t kBuildDependentTheHoleValue = 0xfffd; #endif #define DEF_ROOT(name, value) static constexpr Tagged_t k##name = value; @@ -1180,6 +1320,11 @@ class Internals { return representation == kExternalTwoByteRepresentationTag; } + V8_INLINE static bool IsExternalOneByteString(int instance_type) { + int representation = (instance_type & kStringRepresentationAndEncodingMask); + return representation == kExternalOneByteRepresentationTag; + } + V8_INLINE static constexpr bool CanHaveInternalField(int instance_type) { static_assert(kJSObjectType + 1 == kFirstJSApiObjectType); static_assert(kJSObjectType < kLastJSApiObjectType); @@ -1267,7 +1412,7 @@ class Internals { V8_INLINE static Address* GetExternalPointerTableBase(v8::Isolate* isolate) { Address addr = reinterpret_cast
(isolate) + kIsolateExternalPointerTableOffset + - kExternalPointerTableBasePointerOffset; + kExternalEntityTableBasePointerOffset; return *reinterpret_cast(addr); } @@ -1276,7 +1421,7 @@ class Internals { Address addr = reinterpret_cast
(isolate) + kIsolateSharedExternalPointerTableAddressOffset; addr = *reinterpret_cast(addr); - addr += kExternalPointerTableBasePointerOffset; + addr += kExternalEntityTableBasePointerOffset; return *reinterpret_cast(addr); } #endif diff --git a/deps/v8/include/v8-isolate.h b/deps/v8/include/v8-isolate.h index 1efaa547bc0ed3..44bde532a6253f 100644 --- a/deps/v8/include/v8-isolate.h +++ b/deps/v8/include/v8-isolate.h @@ -357,18 +357,6 @@ class V8_EXPORT Isolate { */ bool allow_atomics_wait = true; - /** - * The following parameters describe the offsets for addressing type info - * for wrapped API objects and are used by the fast C API - * (for details see v8-fast-api-calls.h). - * - * V8_DEPRECATED was applied in v14.3. - */ - V8_DEPRECATED("This field is unused.") - int embedder_wrapper_type_index = -1; - V8_DEPRECATED("This field is unused.") - int embedder_wrapper_object_index = -1; - /** * Callbacks to invoke in case of fatal or OOM errors. */ @@ -671,7 +659,9 @@ class V8_EXPORT Isolate { kWithStatement = 180, kHtmlWrapperMethods = 181, kWasmCustomDescriptors = 182, - kWasmResizableBuffers = 183, + kOBSOLETE_WasmResizableBuffers = 183, + kInvalidatedArrayBufferMutableProtector = 184, + kHoleyArrayReadthrough = 185, // If you add new values here, you'll also need to update Chromium's: // web_feature.mojom, use_counter_callback.cc, and enums.xml. V8 changes to @@ -1492,6 +1482,13 @@ class V8_EXPORT Isolate { */ void SetAddCrashKeyCallback(AddCrashKeyCallback); + /** + * Enables the host application to provide a mechanism for allocating a new + * crash key and setting/updating values for them. + */ + void SetCrashKeyStringCallbacks(AllocateCrashKeyStringCallback, + SetCrashKeyStringCallback); + /** * Optional notification that the system is running low on memory. * V8 uses these notifications to attempt to free memory. @@ -1553,6 +1550,19 @@ class V8_EXPORT Isolate { */ void SetIsLoading(bool is_loading); + /** + * Optional notification to tell V8 whether the embedder is currently + * handling user input. If the embedder uses this notification, it should + * call SetIsInputHandling(true) when input handling starts, and + * SetIsInputHandling(false) when it ends. + * Calling SetIsInputHandling(true) while handling input, or calling + * SetIsInputHandling(false) while not handling input, both have no effect. + * V8 uses these notifications to guide heuristics. + * This is an unfinished experimental feature. Semantics and implementation + * may change frequently. + */ + void SetIsInputHandling(bool is_input_handling); + /** * Optional notification to tell V8 whether the embedder is currently frozen. * V8 uses these notifications to guide heuristics. @@ -1884,7 +1894,6 @@ class V8_EXPORT Isolate { internal::ValueHelper::InternalRepresentationType GetDataFromSnapshotOnce( size_t index); int64_t AdjustAmountOfExternalAllocatedMemoryImpl(int64_t change_in_bytes); - void HandleExternalMemoryInterrupt(); }; void Isolate::SetData(uint32_t slot, void* data) { diff --git a/deps/v8/include/v8-message.h b/deps/v8/include/v8-message.h index b3e898fa77d153..c7d6b5421809dc 100644 --- a/deps/v8/include/v8-message.h +++ b/deps/v8/include/v8-message.h @@ -139,13 +139,15 @@ class V8_EXPORT Message { /** * Returns the index within the script of the first character where - * the error occurred. + * the error occurred. This is best effort and not guaranteed. It may be -1 or + * even > EndPosition in some cases. */ int GetStartPosition() const; /** * Returns the index within the script of the last character where - * the error occurred. + * the error occurred. This is best effort and not guaranteed. It may be -1 or + * even < StartPosition in some cases. */ int GetEndPosition() const; diff --git a/deps/v8/include/v8-metrics.h b/deps/v8/include/v8-metrics.h index 1e8a546b8418bb..b67196c3e1be1c 100644 --- a/deps/v8/include/v8-metrics.h +++ b/deps/v8/include/v8-metrics.h @@ -53,6 +53,7 @@ struct GarbageCollectionFullCycle { std::optional priority = std::nullopt; bool reduce_memory = false; bool is_loading = false; + bool is_input_handling = false; GarbageCollectionPhases total; GarbageCollectionPhases total_cpp; GarbageCollectionPhases main_thread; diff --git a/deps/v8/include/v8-object.h b/deps/v8/include/v8-object.h index 65a144474cb095..ffab3f5ff536e2 100644 --- a/deps/v8/include/v8-object.h +++ b/deps/v8/include/v8-object.h @@ -163,30 +163,48 @@ enum PropertyAttribute { }; /** - * Accessor[Getter|Setter] are used as callback functions when setting|getting - * a particular data property. See Object::SetNativeDataProperty and + * This callback function is called when getting a particular data property + * (i.e. when performing [[Get]] operation). + * + * The callback returns the result by calling `info.GetReturnValue().Set(..)`. + * + * \param property The name of the property being requested. + * \param info Information about the intercepted request, such as + * isolate, object holding the property, return value. See + * `PropertyCallbackInfo`. + * + * See Object::SetNativeDataProperty and * ObjectTemplate::SetNativeDataProperty methods. */ using AccessorNameGetterCallback = void (*)(Local property, const PropertyCallbackInfo& info); -using AccessorNameSetterCallback = - void (*)(Local property, Local value, - const PropertyCallbackInfo& info); - /** - * Access control specifications. + * This callback function is called when setting a particular data property + * (i.e. when performing [[Set]] operation). + * + * In case of operation failure the callback should + * - call `info.GetReturnValue().Set(false)`, + * - (optionally) upon operation failure and info.ShouldThrowOnError() + * is true (indicating execution in `'use strict'` mode) the callback can + * throw TypeError if the error message needs to include more details than + * a TypeError thrown by V8 in this case. * - * Some accessors should be accessible across contexts. These - * accessors have an explicit access control parameter which specifies - * the kind of cross-context access that should be allowed. + * \param property The name of the property being requested. + * \param info Information about the intercepted request, such as + * isolate, object holding the property, return value, or whether running in + * `'use strict'` mode. See `PropertyCallbackInfo`. * + * See Object::SetNativeDataProperty and + * ObjectTemplate::SetNativeDataProperty methods. */ -enum V8_DEPRECATED( - "This enum is no longer used and will be removed in V8 14.3.") - AccessControl { - DEFAULT V8_ENUM_DEPRECATED("not used") = 0, - }; +using AccessorNameSetterCallbackV2 = + void (*)(Local property, Local value, + const PropertyCallbackInfo& info); +// TODO(https://crbug.com/348660658): deprecate and remove. +using AccessorNameSetterCallback = + void (*)(Local property, Local value, + const PropertyCallbackInfo& info); /** * Property filter bits. They can be or'ed to build a composite filter. @@ -373,11 +391,29 @@ class V8_EXPORT Object : public Value { */ V8_WARN_UNUSED_RESULT Maybe SetNativeDataProperty( Local context, Local name, - AccessorNameGetterCallback getter, - AccessorNameSetterCallback setter = nullptr, + AccessorNameGetterCallback getter, AccessorNameSetterCallbackV2 setter, + Local data = Local(), PropertyAttribute attributes = None, + SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, + SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect); + V8_WARN_UNUSED_RESULT Maybe SetNativeDataProperty( + Local context, Local name, + AccessorNameGetterCallback getter, AccessorNameSetterCallback setter, Local data = Local(), PropertyAttribute attributes = None, SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect); + // TODO(https://crbug.com/348660658): remove once AccessorNameSetterCallback + // is removed. + V8_WARN_UNUSED_RESULT Maybe SetNativeDataProperty( + Local context, Local name, + AccessorNameGetterCallback getter, nullptr_t setter = nullptr, + Local data = Local(), PropertyAttribute attributes = None, + SideEffectType getter_side_effect_type = SideEffectType::kHasSideEffect, + SideEffectType setter_side_effect_type = SideEffectType::kHasSideEffect) { + return SetNativeDataProperty( + context, name, getter, + static_cast(setter), data, attributes, + getter_side_effect_type, setter_side_effect_type); + } /** * Attempts to create a property with the given name which behaves like a data @@ -440,17 +476,24 @@ class V8_EXPORT Object : public Value { /** * Get the prototype object (same as calling Object.getPrototypeOf(..)). * This does not consult the security handler. - * TODO(http://crbug.com/333672197): rename back to GetPrototype(). */ - Local GetPrototypeV2(); + Local GetPrototype(); + // TODO(http://crbug.com/333672197): deprecate and remove. + V8_DEPRECATE_SOON("Use GetPrototype().") + inline Local GetPrototypeV2() { return GetPrototype(); } /** * Set the prototype object (same as calling Object.setPrototypeOf(..)). * This does not consult the security handler. - * TODO(http://crbug.com/333672197): rename back to SetPrototype(). */ + V8_WARN_UNUSED_RESULT Maybe SetPrototype(Local context, + Local prototype); + // TODO(http://crbug.com/333672197): deprecate and remove. + V8_DEPRECATE_SOON("Use SetPrototype().") V8_WARN_UNUSED_RESULT Maybe SetPrototypeV2(Local context, - Local prototype); + Local prototype) { + return SetPrototype(context, prototype); + } /** * Finds an instance of the given function template in the prototype @@ -517,23 +560,6 @@ class V8_EXPORT Object : public Value { int index, EmbedderDataTypeTag tag); - V8_DEPRECATE_SOON( - "Use GetAlignedPointerFromInternalField with EmbedderDataTypeTag " - "parameter instead.") - V8_INLINE void* GetAlignedPointerFromInternalField(int index) { - return GetAlignedPointerFromInternalField(index, - kEmbedderDataTypeTagDefault); - } - - V8_DEPRECATE_SOON( - "Use GetAlignedPointerFromInternalField with EmbedderDataTypeTag " - "parameter instead.") - V8_INLINE void* GetAlignedPointerFromInternalField(v8::Isolate* isolate, - int index) { - return GetAlignedPointerFromInternalField(isolate, index, - kEmbedderDataTypeTagDefault); - } - /** Same as above, but works for PersistentBase. */ V8_INLINE static void* GetAlignedPointerFromInternalField( const PersistentBase& object, int index, @@ -542,15 +568,6 @@ class V8_EXPORT Object : public Value { index, tag); } - V8_DEPRECATE_SOON( - "Use GetAlignedPointerFromInternalField with EmbedderDataTypeTag " - "parameter instead.") - V8_INLINE static void* GetAlignedPointerFromInternalField( - const PersistentBase& object, int index) { - return object.template value()->GetAlignedPointerFromInternalField( - index); - } - /** Same as above, but works for TracedReference. */ V8_INLINE static void* GetAlignedPointerFromInternalField( const BasicTracedReference& object, int index, @@ -559,15 +576,6 @@ class V8_EXPORT Object : public Value { index, tag); } - V8_DEPRECATE_SOON( - "Use GetAlignedPointerFromInternalField with EmbedderDataTypeTag " - "parameter instead.") - V8_INLINE static void* GetAlignedPointerFromInternalField( - const BasicTracedReference& object, int index) { - return object.template value()->GetAlignedPointerFromInternalField( - index); - } - /** * Sets a 2-byte-aligned native pointer in an internal field. To retrieve such * a field, GetAlignedPointerFromInternalField must be used, everything else @@ -576,19 +584,6 @@ class V8_EXPORT Object : public Value { void SetAlignedPointerInInternalField(int index, void* value, EmbedderDataTypeTag tag); - V8_DEPRECATE_SOON( - "Use SetAlignedPointerInInternalField with EmbedderDataTypeTag parameter " - "instead.") - void SetAlignedPointerInInternalField(int index, void* value) { - SetAlignedPointerInInternalField(index, value, kEmbedderDataTypeTagDefault); - } - - V8_DEPRECATE_SOON( - "Use SetAlignedPointerInInternalField with EmbedderDataTypeTag " - "parameter instead.") - void SetAlignedPointerInInternalFields(int argc, int indices[], - void* values[]); - // Type information for a Wrappable object that got wrapped with // `v8::Object::Wrap()`. struct WrapperTypeInfo { @@ -815,29 +810,17 @@ class V8_EXPORT Object : public Value { * * Prefer using version with Isolate parameter if you have an Isolate, * otherwise use the other one. + * + * The type tag has to match the type tag used for storing the value in the + * embedder field. + * If type tags are not used in the embedder, the default value + * `kEmbedderDataTypeTagDefault` can be used. */ void* GetAlignedPointerFromEmbedderDataInCreationContext( v8::Isolate* isolate, int index, EmbedderDataTypeTag tag); void* GetAlignedPointerFromEmbedderDataInCreationContext( int index, EmbedderDataTypeTag tag); - V8_DEPRECATE_SOON( - "Use GetAlignedPointerFromEmbedderDataInCreationContext with " - "EmbedderDataTypeTag parameter instead.") - void* GetAlignedPointerFromEmbedderDataInCreationContext(v8::Isolate* isolate, - int index) { - return GetAlignedPointerFromEmbedderDataInCreationContext( - isolate, index, kEmbedderDataTypeTagDefault); - } - - V8_DEPRECATE_SOON( - "Use GetAlignedPointerFromEmbedderDataInCreationContext with " - "EmbedderDataTypeTag parameter instead.") - void* GetAlignedPointerFromEmbedderDataInCreationContext(int index) { - return GetAlignedPointerFromEmbedderDataInCreationContext( - index, kEmbedderDataTypeTagDefault); - } - /** * Checks whether a callback is set by the * ObjectTemplate::SetCallAsFunctionHandler method. diff --git a/deps/v8/include/v8-persistent-handle.h b/deps/v8/include/v8-persistent-handle.h index aae1f83e29037d..e03c07dd1f3c8c 100644 --- a/deps/v8/include/v8-persistent-handle.h +++ b/deps/v8/include/v8-persistent-handle.h @@ -163,7 +163,7 @@ class PersistentBase : public api_internal::IndirectHandleBase { template V8_INLINE P* ClearWeak(); - // TODO(dcarney): remove this. + V8_DEPRECATE_SOON("Use ClearWeak() instead.") V8_INLINE void ClearWeak() { ClearWeak(); } /** @@ -308,8 +308,8 @@ class Persistent : public PersistentBase { if (M::kResetInDestructor) this->Reset(); } - // TODO(dcarney): this is pretty useless, fix or remove template + V8_DEPRECATE_SOON("Use Local::New(...).As()") V8_INLINE static Persistent& Cast(const Persistent& that) { #ifdef V8_ENABLE_CHECKS // If we're going to perform the type check then we have to check @@ -320,10 +320,14 @@ class Persistent : public PersistentBase { const_cast&>(that)); } - // TODO(dcarney): this is pretty useless, fix or remove template + V8_DEPRECATE_SOON("Use Local::New(...).As()") V8_INLINE Persistent& As() const { - return Persistent::Cast(*this); +#ifdef V8_ENABLE_CHECKS + if (!this->IsEmpty()) S::Cast(this->template value()); +#endif + return reinterpret_cast&>( + const_cast&>(*this)); } private: diff --git a/deps/v8/include/v8-platform.h b/deps/v8/include/v8-platform.h index 8d87fe973bc945..3484e988d9fec1 100644 --- a/deps/v8/include/v8-platform.h +++ b/deps/v8/include/v8-platform.h @@ -316,6 +316,29 @@ class JobTask { virtual size_t GetMaxConcurrency(size_t worker_count) const = 0; }; +// Allows a thread to temporarily boost another thread's priority to match its +// own priority. The priority is reset when the object is destroyed, which must +// happens on the boosted thread. +class ScopedBoostablePriority { + public: + ScopedBoostablePriority() = default; + virtual ~ScopedBoostablePriority() = default; + ScopedBoostablePriority(const ScopedBoostablePriority&) = delete; + ScopedBoostablePriority& operator=(const ScopedBoostablePriority& other) = + delete; + + // Boosts the priority of the thread where this ScopedBoostablePriority was + // created. Can be called from any thread, but requires proper external + // synchronization with the constructor, destructor and any other call to + // BoostPriority/Reset(). If called multiple times, only the first call takes + // effect. + virtual bool BoostPriority() = 0; + + // Resets the priority of the thread where this ScopedBoostablePriority was + // created to its original priority. + virtual void Reset() = 0; +}; + /** * A "blocking call" refers to any call that causes the calling thread to wait * off-CPU. It includes but is not limited to calls that wait on synchronous @@ -369,7 +392,7 @@ class ConvertableToTraceFormat { * * Can be implemented by an embedder to record trace events from V8. * - * Will become obsolete in Perfetto SDK build (v8_use_perfetto = true). + * Will become obsolete in Perfetto build (v8_use_perfetto = true). */ class TracingController { public: @@ -446,6 +469,77 @@ class TracingController { virtual void RemoveTraceStateObserver(TraceStateObserver*) {} }; +// Opaque type representing a handle to a shared memory region. +class SharedMemoryHandle { + public: + // For the handle itself, we use the underlying type (e.g. unsigned int) + // instead of e.g. mach_port_t to avoid pulling in large OS header files into + // this header file. Instead, the users of these routines are expected to + // include the respective OS headers in addition to this one. + +#if V8_OS_DARWIN + // A mach_port_t referencing a memory entry object. + using PlatformHandle = unsigned int; +#elif V8_OS_FUCHSIA + // A zx_handle_t to a VMO. + using PlatformHandle = uint32_t; +#elif V8_OS_WIN + // A Windows HANDLE to a file mapping object. + using PlatformHandle = void*; +#else + // A file descriptor. + using PlatformHandle = int; +#endif + + static constexpr SharedMemoryHandle FromPlatformHandle( + PlatformHandle handle) { + return SharedMemoryHandle(handle); + } + + PlatformHandle GetPlatformHandle() const { return handle_; } + + private: + SharedMemoryHandle() = delete; + explicit constexpr SharedMemoryHandle(PlatformHandle handle) + : handle_(handle) {} + + PlatformHandle handle_; +}; + +#define DEFINE_SHARED_MEMORY_HANDLE_WRAPPERS(Wrap, Unwrap) \ + V8_DEPRECATE_SOON("Use SharedMemoryHandle::FromPlatformHandle instead") \ + inline SharedMemoryHandle Wrap(SharedMemoryHandle::PlatformHandle handle) { \ + return SharedMemoryHandle::FromPlatformHandle(handle); \ + } \ + V8_DEPRECATE_SOON("Use SharedMemoryHandle::GetPlatformHandle instead") \ + inline SharedMemoryHandle::PlatformHandle Unwrap( \ + SharedMemoryHandle handle) { \ + return handle.GetPlatformHandle(); \ + } + +#if V8_OS_DARWIN +DEFINE_SHARED_MEMORY_HANDLE_WRAPPERS(SharedMemoryHandleFromMachMemoryEntry, + MachMemoryEntryFromSharedMemoryHandle) +#elif V8_OS_FUCHSIA +DEFINE_SHARED_MEMORY_HANDLE_WRAPPERS(SharedMemoryHandleFromVMO, + VMOFromSharedMemoryHandle) +#elif V8_OS_WIN +DEFINE_SHARED_MEMORY_HANDLE_WRAPPERS(SharedMemoryHandleFromFileMapping, + FileMappingFromSharedMemoryHandle) +#else +DEFINE_SHARED_MEMORY_HANDLE_WRAPPERS(SharedMemoryHandleFromFileDescriptor, + FileDescriptorFromSharedMemoryHandle) +#endif + +#undef DEFINE_SHARED_MEMORY_HANDLE_WRAPPERS + +// TODO(https://crbug.com/463925491): Remove this type alias once Chromium's +// "gin" V8 binding migrates off it. +using PlatformSharedMemoryHandle = std::optional; +V8_DEPRECATE_SOON("Use std::nullopt instead") +static constexpr PlatformSharedMemoryHandle kInvalidSharedMemoryHandle = + std::nullopt; + /** * A V8 memory page allocator. * @@ -703,67 +797,44 @@ class ThreadIsolatedAllocator { virtual int Pkey() const { return -1; } }; -// Opaque type representing a handle to a shared memory region. -using PlatformSharedMemoryHandle = intptr_t; -static constexpr PlatformSharedMemoryHandle kInvalidSharedMemoryHandle = -1; - -// Conversion routines from the platform-dependent shared memory identifiers -// into the opaque PlatformSharedMemoryHandle type. These use the underlying -// types (e.g. unsigned int) instead of the typedef'd ones (e.g. mach_port_t) -// to avoid pulling in large OS header files into this header file. Instead, -// the users of these routines are expected to include the respecitve OS -// headers in addition to this one. -#if V8_OS_DARWIN -// Convert between a shared memory handle and a mach_port_t referencing a memory -// entry object. -inline PlatformSharedMemoryHandle SharedMemoryHandleFromMachMemoryEntry( - unsigned int port) { - return static_cast(port); -} -inline unsigned int MachMemoryEntryFromSharedMemoryHandle( - PlatformSharedMemoryHandle handle) { - return static_cast(handle); -} -#elif V8_OS_FUCHSIA -// Convert between a shared memory handle and a zx_handle_t to a VMO. -inline PlatformSharedMemoryHandle SharedMemoryHandleFromVMO(uint32_t handle) { - return static_cast(handle); -} -inline uint32_t VMOFromSharedMemoryHandle(PlatformSharedMemoryHandle handle) { - return static_cast(handle); -} -#elif V8_OS_WIN -// Convert between a shared memory handle and a Windows HANDLE to a file mapping -// object. -inline PlatformSharedMemoryHandle SharedMemoryHandleFromFileMapping( - void* handle) { - return reinterpret_cast(handle); -} -inline void* FileMappingFromSharedMemoryHandle( - PlatformSharedMemoryHandle handle) { - return reinterpret_cast(handle); +/** + * Possible permissions for memory pages. + */ +enum class PagePermissions { + kNoAccess = 0, + kRead = 1, + kWrite = 2, + kExecute = 4, + kReadWrite = kRead | kWrite, + kReadExecute = kRead | kExecute, + kWriteExecute = kWrite | kExecute, + kReadWriteExecute = kRead | kWrite | kExecute, +}; + +inline constexpr PagePermissions operator|(PagePermissions lhs, + PagePermissions rhs) { + return static_cast(static_cast(lhs) | + static_cast(rhs)); } -#else -// Convert between a shared memory handle and a file descriptor. -inline PlatformSharedMemoryHandle SharedMemoryHandleFromFileDescriptor(int fd) { - return static_cast(fd); + +inline constexpr PagePermissions operator&(PagePermissions lhs, + PagePermissions rhs) { + return static_cast(static_cast(lhs) & + static_cast(rhs)); } -inline int FileDescriptorFromSharedMemoryHandle( - PlatformSharedMemoryHandle handle) { - return static_cast(handle); + +inline PagePermissions& operator|=(PagePermissions& lhs, PagePermissions rhs) { + lhs = lhs | rhs; + return lhs; } -#endif /** - * Possible permissions for memory pages. + * Helper routine to determine whether one set of page permissions (the lhs) is + * a subset of another one (the rhs). */ -enum class PagePermissions { - kNoAccess, - kRead, - kReadWrite, - kReadWriteExecute, - kReadExecute, -}; +inline constexpr bool IsSubset(PagePermissions lhs, PagePermissions rhs) { + return (lhs & rhs) == lhs; +} /** * Class to manage a virtual memory address space. @@ -970,7 +1041,16 @@ class VirtualAddressSpace { */ virtual V8_WARN_UNUSED_RESULT Address AllocateSharedPages(Address hint, size_t size, PagePermissions permissions, - PlatformSharedMemoryHandle handle, uint64_t offset) = 0; + SharedMemoryHandle handle, uint64_t offset) = 0; + + // TODO(https://crbug.com/463925491): Remove me once API users change from + // PlatformSharedMemoryHandle to SharedMemoryHandle. + V8_DEPRECATE_SOON("Use AllocateSharedPages() with SharedMemoryHandle") + V8_WARN_UNUSED_RESULT Address AllocateSharedPages( + Address hint, size_t size, PagePermissions permissions, + std::optional handle, uint64_t offset) { + return AllocateSharedPages(hint, size, permissions, *handle, offset); + } /** * Frees previously allocated shared pages. @@ -1048,7 +1128,7 @@ class VirtualAddressSpace { Address hint, size_t size, size_t alignment, PagePermissions max_page_permissions, std::optional key = std::nullopt, - PlatformSharedMemoryHandle handle = kInvalidSharedMemoryHandle) = 0; + std::optional handle = std::nullopt) = 0; // // TODO(v8) maybe refactor the methods below before stabilizing the API. For @@ -1101,6 +1181,22 @@ class VirtualAddressSpace { virtual V8_WARN_UNUSED_RESULT bool DecommitPages(Address address, size_t size) = 0; + /** + * Sets a name for the address space. + * + * This is mostly useful for debugging tools. If supported by the system, the + * name will for example show up in /proc/$pid/maps next to the virtual + * address reservation: + * + * 2ae700000000-2ae700010000 r--p 00000000 00:00 0 [anon:foo-bar] + * + * \param name The name of the address space. The name must only contain + * alphanumeric characters or dashes. + * + * \returns true on success, false otherwise. + */ + virtual bool SetName(const std::string& name) { return false; } + private: const size_t page_size_; const size_t allocation_granularity_; @@ -1343,6 +1439,14 @@ class Platform { return CreateJobImpl(priority, std::move(job_task), location); } + /** + * Instantiates a ScopedBoostablePriority to boost a thread's priority. + */ + virtual std::unique_ptr + CreateBoostablePriorityScope() { + return nullptr; + } + /** * Instantiates a ScopedBlockingCall to annotate a scope that may/will block. */ diff --git a/deps/v8/include/v8-primitive-object.h b/deps/v8/include/v8-primitive-object.h index 573932d0789cf0..109cfac0dc717d 100644 --- a/deps/v8/include/v8-primitive-object.h +++ b/deps/v8/include/v8-primitive-object.h @@ -34,7 +34,7 @@ class V8_EXPORT NumberObject : public Object { }; /** - * A BigInt object (https://tc39.github.io/proposal-bigint) + * A BigInt object (https://tc39.es/proposal-bigint) */ class V8_EXPORT BigIntObject : public Object { public: diff --git a/deps/v8/include/v8-primitive.h b/deps/v8/include/v8-primitive.h index 87215cf6ece31d..2b443d97d34fc6 100644 --- a/deps/v8/include/v8-primitive.h +++ b/deps/v8/include/v8-primitive.h @@ -199,7 +199,7 @@ class V8_EXPORT String : public Name { * the end of the buffer. If null termination is requested, the output buffer * will always be null terminated even if not all characters fit. In that * case, the capacity must be at least one. The required size of the output - * buffer can be determined using Utf8Length(). + * buffer can be determined using Utf8LengthV2(). * * \param buffer The buffer into which the string will be written. * \param capacity The number of bytes available in the output buffer. @@ -446,13 +446,15 @@ class V8_EXPORT String : public Name { * Get the ExternalStringResource for an external string. Returns * NULL if IsExternal() doesn't return true. */ + // TODO(pthier): Change return type to const ExternalStringResource*. V8_INLINE ExternalStringResource* GetExternalStringResource() const; /** * Get the ExternalOneByteStringResource for an external one-byte string. * Returns NULL if IsExternalOneByte() doesn't return true. */ - const ExternalOneByteStringResource* GetExternalOneByteStringResource() const; + V8_INLINE const ExternalOneByteStringResource* + GetExternalOneByteStringResource() const; V8_INLINE static String* Cast(v8::Data* data) { #ifdef V8_ENABLE_CHECKS @@ -619,9 +621,11 @@ class V8_EXPORT String : public Name { * WARNING: This will unconditionally copy the contents of the JavaScript * string, and should be avoided in situations where performance is a concern. */ - class V8_EXPORT Value { + class V8_DEPRECATE_SOON( + "Prefer using String::ValueView if you can, or string->Write to a " + "buffer if you cannot.") V8_EXPORT Value { public: - V8_DEPRECATE_SOON( + V8_DEPRECATED( "Prefer using String::ValueView if you can, or string->Write to a " "buffer if you cannot.") Value(Isolate* isolate, Local obj); @@ -689,10 +693,11 @@ class V8_EXPORT String : public Name { }; private: - void VerifyExternalStringResourceBase(ExternalStringResourceBase* v, + void VerifyExternalStringResourceBase(const ExternalStringResourceBase* v, Encoding encoding) const; - void VerifyExternalStringResource(ExternalStringResource* val) const; ExternalStringResource* GetExternalStringResourceSlow() const; + const ExternalOneByteStringResource* GetExternalOneByteStringResourceSlow() + const; ExternalStringResourceBase* GetExternalStringResourceBaseSlow( String::Encoding* encoding_out) const; @@ -881,7 +886,7 @@ class V8_EXPORT Uint32 : public Integer { }; /** - * A JavaScript BigInt value (https://tc39.github.io/proposal-bigint) + * A JavaScript BigInt value (https://tc39.es/proposal-bigint) */ class V8_EXPORT BigInt : public Numeric { public: @@ -963,35 +968,33 @@ String::ExternalStringResource* String::GetExternalStringResource() const { result = GetExternalStringResourceSlow(); } #ifdef V8_ENABLE_CHECKS - VerifyExternalStringResource(result); + VerifyExternalStringResourceBase(result, Encoding::TWO_BYTE_ENCODING); #endif return result; } -String::ExternalStringResourceBase* String::GetExternalStringResourceBase( - v8::Isolate* isolate, String::Encoding* encoding_out) const { +const String::ExternalOneByteStringResource* +String::GetExternalOneByteStringResource() const { using A = internal::Address; using I = internal::Internals; A obj = internal::ValueHelper::ValueAsAddress(this); - int type = I::GetInstanceType(obj) & I::kStringRepresentationAndEncodingMask; - *encoding_out = static_cast(type & I::kStringEncodingMask); - ExternalStringResourceBase* resource; - if (type == I::kExternalOneByteRepresentationTag || - type == I::kExternalTwoByteRepresentationTag) { + const ExternalOneByteStringResource* result; + if (I::IsExternalOneByteString(I::GetInstanceType(obj))) { + Isolate* isolate = I::GetCurrentIsolateForSandbox(); A value = I::ReadExternalPointerField( isolate, obj, I::kStringResourceOffset); - resource = reinterpret_cast(value); + result = reinterpret_cast(value); } else { - resource = GetExternalStringResourceBaseSlow(encoding_out); + result = GetExternalOneByteStringResourceSlow(); } #ifdef V8_ENABLE_CHECKS - VerifyExternalStringResourceBase(resource, *encoding_out); + VerifyExternalStringResourceBase(result, Encoding::ONE_BYTE_ENCODING); #endif - return resource; + return result; } String::ExternalStringResourceBase* String::GetExternalStringResourceBase( - String::Encoding* encoding_out) const { + v8::Isolate* isolate, String::Encoding* encoding_out) const { using A = internal::Address; using I = internal::Internals; A obj = internal::ValueHelper::ValueAsAddress(this); @@ -1000,7 +1003,6 @@ String::ExternalStringResourceBase* String::GetExternalStringResourceBase( ExternalStringResourceBase* resource; if (type == I::kExternalOneByteRepresentationTag || type == I::kExternalTwoByteRepresentationTag) { - Isolate* isolate = I::GetCurrentIsolateForSandbox(); A value = I::ReadExternalPointerField( isolate, obj, I::kStringResourceOffset); resource = reinterpret_cast(value); @@ -1013,6 +1015,12 @@ String::ExternalStringResourceBase* String::GetExternalStringResourceBase( return resource; } +String::ExternalStringResourceBase* String::GetExternalStringResourceBase( + String::Encoding* encoding_out) const { + Isolate* isolate = internal::Internals::GetCurrentIsolateForSandbox(); + return GetExternalStringResourceBase(isolate, encoding_out); +} + // --- Statics --- V8_INLINE Local Undefined(Isolate* isolate) { diff --git a/deps/v8/include/v8-profiler.h b/deps/v8/include/v8-profiler.h index 61f427ea47c691..c8874db078ad52 100644 --- a/deps/v8/include/v8-profiler.h +++ b/deps/v8/include/v8-profiler.h @@ -48,6 +48,21 @@ template class V8_EXPORT std::vector; namespace v8 { +/** + * Identifies which component initiated CPU profiling for proper attribution. + */ +enum class CpuProfileSource : uint8_t { + /** Default value when no explicit source is specified. */ + kUnspecified = 0, + /** Profiling initiated via the DevTools Inspector protocol. */ + kInspector = 1, + /** Profiling initiated by the embedder (e.g., Blink) via self-profiling API. + */ + kSelfProfiling = 2, + /** Profiling initiated internally by V8 (e.g., tracing CPU profiler). */ + kInternal = 3, +}; + struct V8_EXPORT CpuProfileDeoptInfo { /** A pointer to a static string owned by v8. */ const char* deopt_reason; @@ -378,11 +393,13 @@ class V8_EXPORT CpuProfilingOptions { * the profiler's sampling interval. * \param filter_context If specified, profiles will only contain frames * using this context. Other frames will be elided. + * \param profile_source Identifies the source of this CPU profile. */ CpuProfilingOptions( CpuProfilingMode mode = kLeafNodeLineNumbers, unsigned max_samples = kNoSampleLimit, int sampling_interval_us = 0, - MaybeLocal filter_context = MaybeLocal()); + MaybeLocal filter_context = MaybeLocal(), + CpuProfileSource profile_source = CpuProfileSource::kUnspecified); CpuProfilingOptions(CpuProfilingOptions&&) = default; CpuProfilingOptions& operator=(CpuProfilingOptions&&) = default; @@ -390,6 +407,7 @@ class V8_EXPORT CpuProfilingOptions { CpuProfilingMode mode() const { return mode_; } unsigned max_samples() const { return max_samples_; } int sampling_interval_us() const { return sampling_interval_us_; } + CpuProfileSource profile_source() const { return profile_source_; } private: friend class internal::CpuProfile; @@ -401,6 +419,7 @@ class V8_EXPORT CpuProfilingOptions { unsigned max_samples_; int sampling_interval_us_; Global filter_context_; + CpuProfileSource profile_source_; }; /** @@ -811,6 +830,12 @@ class V8_EXPORT AllocationProfile { * what samples were added or removed between two snapshots. */ uint64_t sample_id; + + /** + * Indicates whether the sampled allocation is still live or has already + * been collected by GC. + */ + bool is_live; }; /** @@ -1044,7 +1069,8 @@ class V8_EXPORT HeapProfiler { * * This interface will soon be deprecated in favour of ContextNameResolver. */ - class ObjectNameResolver { + class V8_DEPRECATE_SOON("Use ContextNameResolver instead.") + ObjectNameResolver { public: /** * Returns name to be used in the heap snapshot for given node. Returned @@ -1102,24 +1128,13 @@ class V8_EXPORT HeapProfiler { // NOLINTNEXTLINE HeapSnapshotOptions() {} - // TODO(https://crbug.com/333672197): remove once ObjectNameResolver is - // removed. - ALLOW_COPY_AND_MOVE_WITH_DEPRECATED_FIELDS(HeapSnapshotOptions) - /** * The control used to report intermediate progress to. */ ActivityControl* control = nullptr; - /** - * The resolver used by the snapshot generator to get names for V8 objects. - */ - V8_DEPRECATE_SOON("Use context_name_resolver callback instead.") - ObjectNameResolver* global_object_name_resolver = nullptr; /** * The resolver used by the snapshot generator to get names for v8::Context * objects. - * In case both this and |global_object_name_resolver| callbacks are - * provided, this one will be used. */ ContextNameResolver* context_name_resolver = nullptr; /** @@ -1151,18 +1166,8 @@ class V8_EXPORT HeapProfiler { * * \returns the snapshot. */ - V8_DEPRECATE_SOON("Use overload with ContextNameResolver* resolver instead.") - const HeapSnapshot* TakeHeapSnapshot( - ActivityControl* control, ObjectNameResolver* global_object_name_resolver, - bool hide_internals = true, bool capture_numeric_value = false); - const HeapSnapshot* TakeHeapSnapshot(ActivityControl* control, - ContextNameResolver* resolver, - bool hide_internals = true, - bool capture_numeric_value = false); - // TODO(333672197): remove this version once ObjectNameResolver* overload - // is removed. const HeapSnapshot* TakeHeapSnapshot(ActivityControl* control, - std::nullptr_t resolver = nullptr, + ContextNameResolver* resolver = nullptr, bool hide_internals = true, bool capture_numeric_value = false); diff --git a/deps/v8/include/v8-promise.h b/deps/v8/include/v8-promise.h index 8c127c8122a2ec..36412c774d1b51 100644 --- a/deps/v8/include/v8-promise.h +++ b/deps/v8/include/v8-promise.h @@ -19,7 +19,7 @@ class Context; #endif /** - * An instance of the built-in Promise constructor (ES6 draft). + * An instance of the built-in Promise constructor. */ class V8_EXPORT Promise : public Object { public: @@ -65,10 +65,21 @@ class V8_EXPORT Promise : public Object { }; /** - * Register a resolution/rejection handler with a promise. - * The handler is given the respective resolution/rejection value as - * an argument. If the promise is already resolved/rejected, the handler is - * invoked at the end of turn. + * Register a resolution/rejection handler with a promise. The handler is + * given the respective resolution/rejection value as an argument. If the + * promise is already resolved/rejected, the handler is invoked at the end of + * turn. + * + * This performs the PerformPromiseThen abstract operation with a fresh native + * promise as result, rather than the similar Promise.prototype.then + * operation. In particular, it does not do species lookup on the Promise + * constructor, and is therefore guaranteed to return a Promise. + * + * https://tc39.es/ecma262/#sec-performpromisethen + * + * This is consistent with Promise reactions in WebIDL: + * + * https://webidl.spec.whatwg.org/#dfn-perform-steps-once-promise-is-settled */ V8_WARN_UNUSED_RESULT MaybeLocal Catch(Local context, Local handler); diff --git a/deps/v8/include/v8-sandbox.h b/deps/v8/include/v8-sandbox.h index 06d01761798582..1fc79ed5409e91 100644 --- a/deps/v8/include/v8-sandbox.h +++ b/deps/v8/include/v8-sandbox.h @@ -62,41 +62,7 @@ enum class CppHeapPointerTag : uint16_t { kLastTag = 0x7fff, }; -// Convenience struct to represent tag ranges. This is used for type checks -// against supertypes, which cover a range of types (their subtypes). -// Both the lower- and the upper bound are inclusive. In other words, this -// struct represents the range [lower_bound, upper_bound]. -// TODO(saelo): reuse internal::TagRange here. -struct CppHeapPointerTagRange { - constexpr CppHeapPointerTagRange(CppHeapPointerTag lower, - CppHeapPointerTag upper) - : lower_bound(lower), upper_bound(upper) {} - CppHeapPointerTag lower_bound; - CppHeapPointerTag upper_bound; - - // Check whether the tag of the given CppHeapPointerTable entry is within - // this range. This method encodes implementation details of the - // CppHeapPointerTable, which is necessary as it is used by - // ReadCppHeapPointerField below. - // Returns true if the check is successful and the tag of the given entry is - // within this range, false otherwise. - bool CheckTagOf(uint64_t entry) { - // Note: the cast to uint32_t is important here. Otherwise, the uint16_t's - // would be promoted to int in the range check below, which would result in - // undefined behavior (signed integer undeflow) if the actual value is less - // than the lower bound. Then, the compiler would take advantage of the - // undefined behavior and turn the range check into a simple - // `actual_tag <= last_tag` comparison, which is incorrect. - uint32_t actual_tag = static_cast(entry); - // The actual_tag is shifted to the left by one and contains the marking - // bit in the LSB. To ignore that during the type check, simply add one to - // the (shifted) range. - constexpr int kTagShift = internal::kCppHeapPointerTagShift; - uint32_t first_tag = static_cast(lower_bound) << kTagShift; - uint32_t last_tag = (static_cast(upper_bound) << kTagShift) + 1; - return actual_tag >= first_tag && actual_tag <= last_tag; - } -}; +using CppHeapPointerTagRange = internal::TagRange; constexpr CppHeapPointerTagRange kAnyCppHeapPointer( CppHeapPointerTag::kFirstTag, CppHeapPointerTag::kLastTag); @@ -115,16 +81,6 @@ class SandboxHardwareSupport { * hardware permissions to the memory that will be inherited on clone. */ V8_EXPORT static void InitializeBeforeThreadCreation(); - - /** - * Prepares the current thread for executing sandboxed code. - * - * This must be called on newly created threads before they execute any - * sandboxed code (in particular any JavaScript or WebAssembly code). It - * should not be invoked on threads that never execute sandboxed code, - * although it is fine to do so from a security point of view. - */ - V8_EXPORT static void PrepareCurrentThreadForHardwareSandboxing(); }; namespace internal { @@ -133,7 +89,7 @@ namespace internal { V8_INLINE static Address* GetCppHeapPointerTableBase(v8::Isolate* isolate) { Address addr = reinterpret_cast
(isolate) + Internals::kIsolateCppHeapPointerTableOffset + - Internals::kExternalPointerTableBasePointerOffset; + Internals::kExternalEntityTableBasePointerOffset; return *reinterpret_cast(addr); } #endif // V8_COMPRESS_POINTERS @@ -142,9 +98,12 @@ template V8_INLINE static T* ReadCppHeapPointerField(v8::Isolate* isolate, Address heap_object_ptr, int offset, CppHeapPointerTagRange tag_range) { + // This is a specialized version of the the CppHeapPointerTable accessors + // which (1) allows the code to be inlined into the callers for performance + // and (2) is optimized for code size as there are a huge number of callers + // from auto-generated bindings code. + #ifdef V8_COMPRESS_POINTERS - // See src/sandbox/cppheap-pointer-table-inl.h. Logic duplicated here so - // it can be inlined and doesn't require an additional call. const CppHeapPointerHandle handle = Internals::ReadRawField(heap_object_ptr, offset); const uint32_t index = handle >> kExternalPointerIndexShift; @@ -153,9 +112,21 @@ V8_INLINE static T* ReadCppHeapPointerField(v8::Isolate* isolate, reinterpret_cast*>(&table[index]); Address entry = std::atomic_load_explicit(ptr, std::memory_order_relaxed); - Address pointer = entry; - if (V8_LIKELY(tag_range.CheckTagOf(entry))) { - pointer = entry >> kCppHeapPointerPayloadShift; + // Note: the cast to uint32_t is important here. Otherwise, the uint16_t's + // would be promoted to int in the range check below, which would result in + // undefined behavior (signed integer underflow) if the actual value is less + // than the lower bound. Then, the compiler would take advantage of the + // undefined behavior and turn the range check into a simple + // `actual_tag <= last_tag` comparison, which is incorrect. + uint32_t actual_tag = static_cast(entry); + // The actual_tag is shifted to the left by one and contains the marking + // bit in the LSB. To ignore that during the type check, simply add one to + // the (shifted) range. + constexpr int kTagShift = internal::kCppHeapPointerTagShift; + uint32_t first_tag = static_cast(tag_range.first) << kTagShift; + uint32_t last_tag = (static_cast(tag_range.last) << kTagShift) + 1; + if (V8_LIKELY(actual_tag >= first_tag && actual_tag <= last_tag)) { + entry = entry >> kCppHeapPointerPayloadShift; } else { // If the type check failed, we simply return nullptr here. That way: // 1. The null handle always results in nullptr being returned here, which @@ -174,15 +145,25 @@ V8_INLINE static T* ReadCppHeapPointerField(v8::Isolate* isolate, // between returning nullptr or the original entry, since it will // simply compile to a `csel x0, x8, xzr, lo` instead of a // `csel x0, x10, x8, lo` instruction. - pointer = 0; + // 3. The machine code sequence ends up being pretty short, which is + // important here as this code will be inlined into a lot of functions. + entry = 0; } - return reinterpret_cast(pointer); + return reinterpret_cast(entry); #else // !V8_COMPRESS_POINTERS return reinterpret_cast( Internals::ReadRawField
(heap_object_ptr, offset)); #endif // !V8_COMPRESS_POINTERS } +// TODO(saelo): temporary workaround needed to introduce range-based type +// checks for the external pointer table. See comment above +// ExternalPointerCanBeEmpty(ExternalPointerTagRange) function for details. +V8_INLINE static constexpr bool ExternalPointerCanBeEmpty( + CppHeapPointerTagRange tag_range) { + return true; +} + } // namespace internal } // namespace v8 diff --git a/deps/v8/include/v8-script.h b/deps/v8/include/v8-script.h index debe89b50847ea..c008953841be04 100644 --- a/deps/v8/include/v8-script.h +++ b/deps/v8/include/v8-script.h @@ -64,7 +64,13 @@ class V8_EXPORT UnboundScript : public Data { */ Local