From 0e3b631fcc18f4c147ee30067e20a5f8c22a5658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Thu, 19 Oct 2023 17:21:43 +0200 Subject: [PATCH] deps: patch V8 to 11.8.172.16 Refs: https://github.com/v8/v8/compare/11.8.172.15...11.8.172.16 --- deps/v8/include/v8-version.h | 2 +- deps/v8/src/objects/js-function.cc | 12 +++---- deps/v8/src/objects/map.cc | 24 ++------------ deps/v8/src/objects/map.h | 3 -- deps/v8/src/objects/transitions.cc | 6 ++-- deps/v8/src/objects/transitions.h | 19 ++++++------ .../regress/regress-reflect-construct.js | 31 ------------------- 7 files changed, 21 insertions(+), 76 deletions(-) delete mode 100644 deps/v8/test/mjsunit/regress/regress-reflect-construct.js diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index e34be9b283f45c..bdec4d8b73d549 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 11 #define V8_MINOR_VERSION 8 #define V8_BUILD_NUMBER 172 -#define V8_PATCH_LEVEL 15 +#define V8_PATCH_LEVEL 16 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/objects/js-function.cc b/deps/v8/src/objects/js-function.cc index 64cb8265b93ba1..8bb87b5d3d3df6 100644 --- a/deps/v8/src/objects/js-function.cc +++ b/deps/v8/src/objects/js-function.cc @@ -1083,13 +1083,13 @@ MaybeHandle JSFunction::GetDerivedMap(Isolate* isolate, isolate); prototype = handle(realm_constructor->prototype(), isolate); } - CHECK(IsJSReceiver(*prototype)); - DCHECK_EQ(constructor_initial_map->constructor_or_back_pointer(), - *constructor); - Handle map = Map::TransitionToDerivedMap( - isolate, constructor_initial_map, Handle::cast(prototype)); - DCHECK_EQ(map->constructor_or_back_pointer(), *constructor); + Handle map = Map::CopyInitialMap(isolate, constructor_initial_map); + map->set_new_target_is_base(false); + CHECK(IsJSReceiver(*prototype)); + if (map->prototype() != *prototype) + Map::SetPrototype(isolate, map, Handle::cast(prototype)); + map->SetConstructor(*constructor); return map; } diff --git a/deps/v8/src/objects/map.cc b/deps/v8/src/objects/map.cc index 798c9c595357d3..4909c9d46af4df 100644 --- a/deps/v8/src/objects/map.cc +++ b/deps/v8/src/objects/map.cc @@ -2344,31 +2344,13 @@ void Map::StartInobjectSlackTracking() { Handle Map::TransitionToPrototype(Isolate* isolate, Handle map, Handle prototype) { - Handle new_map = TransitionsAccessor::GetPrototypeTransition( - isolate, map, prototype, map->new_target_is_base()); + Handle new_map = + TransitionsAccessor::GetPrototypeTransition(isolate, map, prototype); if (new_map.is_null()) { new_map = Copy(isolate, map, "TransitionToPrototype"); TransitionsAccessor::PutPrototypeTransition(isolate, map, prototype, new_map); - if (*prototype != map->prototype()) { - Map::SetPrototype(isolate, new_map, prototype); - } - } - return new_map; -} - -Handle Map::TransitionToDerivedMap(Isolate* isolate, Handle map, - Handle prototype) { - Handle new_map = TransitionsAccessor::GetPrototypeTransition( - isolate, map, prototype, /* new_target_is_base */ false); - if (new_map.is_null()) { - new_map = CopyInitialMap(isolate, map); - TransitionsAccessor::PutPrototypeTransition(isolate, map, prototype, - new_map); - if (*prototype != map->prototype()) { - Map::SetPrototype(isolate, new_map, prototype); - } - new_map->set_new_target_is_base(false); + Map::SetPrototype(isolate, new_map, prototype); } return new_map; } diff --git a/deps/v8/src/objects/map.h b/deps/v8/src/objects/map.h index 2853bdc738fefd..07a1ff595a58b1 100644 --- a/deps/v8/src/objects/map.h +++ b/deps/v8/src/objects/map.h @@ -863,9 +863,6 @@ class Map : public TorqueGeneratedMap { V8_EXPORT_PRIVATE static Handle TransitionToPrototype( Isolate* isolate, Handle map, Handle prototype); - V8_EXPORT_PRIVATE static Handle TransitionToDerivedMap( - Isolate* isolate, Handle map, Handle prototype); - static Handle TransitionToImmutableProto(Isolate* isolate, Handle map); diff --git a/deps/v8/src/objects/transitions.cc b/deps/v8/src/objects/transitions.cc index a1bfb38c41438d..b0731161ab8936 100644 --- a/deps/v8/src/objects/transitions.cc +++ b/deps/v8/src/objects/transitions.cc @@ -443,8 +443,7 @@ void TransitionsAccessor::PutPrototypeTransition(Isolate* isolate, // static Handle TransitionsAccessor::GetPrototypeTransition( - Isolate* isolate, Handle map, Handle prototype_handle, - bool new_target_is_base) { + Isolate* isolate, Handle map, Handle prototype_handle) { DisallowGarbageCollection no_gc; Object prototype = *prototype_handle; Tagged cache = GetPrototypeTransitions(isolate, map); @@ -456,8 +455,7 @@ Handle TransitionsAccessor::GetPrototypeTransition( Tagged heap_object; if (target.GetHeapObjectIfWeak(&heap_object)) { Tagged target_map = Map::cast(heap_object); - if (target_map->prototype() == prototype && - target_map->new_target_is_base() == new_target_is_base) { + if (target_map->prototype() == prototype) { return handle(target_map, isolate); } } diff --git a/deps/v8/src/objects/transitions.h b/deps/v8/src/objects/transitions.h index 66e80f1704bccb..f86cdb41edfd3f 100644 --- a/deps/v8/src/objects/transitions.h +++ b/deps/v8/src/objects/transitions.h @@ -124,20 +124,19 @@ class V8_EXPORT_PRIVATE TransitionsAccessor { } // ===== PROTOTYPE TRANSITIONS ===== - // When you set the prototype of an object using the __proto__ accessor, or if - // an unrelated new.target is passed to a constructor you need a new map for - // the object (the prototype is stored in the map). In order not to multiply - // maps unnecessarily we store these as transitions in the original map. That - // way we can transition to the same map if the same prototype is set, rather - // than creating a new map every time. The transitions are in the form of a - // map where the keys are prototype objects and the values are the maps they - // transition to. PutPrototypeTransition can trigger GC. + // When you set the prototype of an object using the __proto__ accessor you + // need a new map for the object (the prototype is stored in the map). In + // order not to multiply maps unnecessarily we store these as transitions in + // the original map. That way we can transition to the same map if the same + // prototype is set, rather than creating a new map every time. The + // transitions are in the form of a map where the keys are prototype objects + // and the values are the maps they transition to. + // PutPrototypeTransition can trigger GC. static void PutPrototypeTransition(Isolate* isolate, Handle, Handle prototype, Handle target_map); static Handle GetPrototypeTransition(Isolate* isolate, Handle map, - Handle prototype, - bool new_target_is_base); + Handle prototype); // During the first-time Map::Update and Map::TryUpdate, the migration target // map could be cached in the raw_transitions slot of the old map that is diff --git a/deps/v8/test/mjsunit/regress/regress-reflect-construct.js b/deps/v8/test/mjsunit/regress/regress-reflect-construct.js deleted file mode 100644 index 35f1c47f592983..00000000000000 --- a/deps/v8/test/mjsunit/regress/regress-reflect-construct.js +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2023 the V8 project authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// Flags: --allow-natives-syntax - - -class A {}; -class B {}; -class C {}; -class D {}; -class E {}; -class V { constructor() { this.v = 1 } }; -class W { constructor() { this.w = 1 } }; -class X { constructor() { this.x = 1 } }; -class Y { constructor() { this.y = 1 } }; -class Z { constructor() { this.z = 1 } }; - -var ctrs = [ - function() {}, - A,B,C,D,E,V,W,X,Y,Z -]; - -for (var it = 0; it < 20; ++it) { - for (var i in ctrs) { - for (var j in ctrs) { - assertTrue(%HaveSameMap(Reflect.construct(ctrs[i],[],ctrs[j]), - Reflect.construct(ctrs[i],[],ctrs[j]))); - } - } -}