BASELINE: Update Chromium to 94.0.4606.111

Change-Id: I924781584def20fc800bedf6ff41fdb96c438193
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 69 insertions, 26 deletions

diff --git a/chromium/v8/src/runtime/runtime-wasm.cc b/chromium/v8/src/runtime/runtime-wasm.cc
index 40af2938351..df4ea141648 100644
--- a/chromium/v8/src/runtime/runtime-wasm.cc
+++ b/chromium/v8/src/runtime/runtime-wasm.cc
@@ -85,7 +85,6 @@ class V8_NODISCARD ClearThreadInWasmScope {
 };
 
 Object ThrowWasmError(Isolate* isolate, MessageTemplate message) {
-  HandleScope scope(isolate);
   Handle<JSObject> error_obj = isolate->factory()->NewWasmRuntimeError(message);
   JSObject::AddProperty(isolate, error_obj,
                         isolate->factory()->wasm_uncatchable_symbol(),
@@ -133,6 +132,7 @@ RUNTIME_FUNCTION(Runtime_WasmMemoryGrow) {
 
 RUNTIME_FUNCTION(Runtime_ThrowWasmError) {
   ClearThreadInWasmScope flag_scope(isolate);
+  HandleScope scope(isolate);
   DCHECK_EQ(1, args.length());
   CONVERT_SMI_ARG_CHECKED(message_id, 0);
   return ThrowWasmError(isolate, MessageTemplateFromInt(message_id));
@@ -168,19 +168,9 @@ RUNTIME_FUNCTION(Runtime_WasmThrow) {
   // TODO(wasm): Manually box because parameters are not visited yet.
   Handle<WasmExceptionTag> tag(tag_raw, isolate);
   Handle<FixedArray> values(values_raw, isolate);
-
-  Handle<Object> exception = isolate->factory()->NewWasmRuntimeError(
-      MessageTemplate::kWasmExceptionError);
-  Object::SetProperty(
-      isolate, exception, isolate->factory()->wasm_exception_tag_symbol(), tag,
-      StoreOrigin::kMaybeKeyed, Just(ShouldThrow::kThrowOnError))
-      .Check();
-  Object::SetProperty(
-      isolate, exception, isolate->factory()->wasm_exception_values_symbol(),
-      values, StoreOrigin::kMaybeKeyed, Just(ShouldThrow::kThrowOnError))
-      .Check();
-
-  isolate->wasm_engine()->SampleThrowEvent(isolate);
+  Handle<WasmExceptionPackage> exception =
+      WasmExceptionPackage::New(isolate, tag, values);
+  wasm::GetWasmEngine()->SampleThrowEvent(isolate);
   return isolate->Throw(*exception);
 }
 
@@ -188,7 +178,7 @@ RUNTIME_FUNCTION(Runtime_WasmReThrow) {
   ClearThreadInWasmScope clear_wasm_flag(isolate);
   HandleScope scope(isolate);
   DCHECK_EQ(1, args.length());
-  isolate->wasm_engine()->SampleRethrowEvent(isolate);
+  wasm::GetWasmEngine()->SampleRethrowEvent(isolate);
   return isolate->ReThrow(args[0]);
 }
 
@@ -238,7 +228,7 @@ void ReplaceWrapper(Isolate* isolate, Handle<WasmInstanceObject> instance,
       WasmInstanceObject::GetWasmExternalFunction(isolate, instance,
                                                   function_index)
           .ToHandleChecked();
-  exported_function->set_code(*wrapper_code);
+  exported_function->set_code(*wrapper_code, kReleaseStore);
   WasmExportedFunctionData function_data =
       exported_function->shared().wasm_exported_function_data();
   function_data.set_wrapper_code(*wrapper_code);
@@ -341,8 +331,8 @@ RUNTIME_FUNCTION(Runtime_WasmI32AtomicWait) {
   // Should have trapped if address was OOB.
   DCHECK_LT(offset, array_buffer->byte_length());
 
-  // Trap if memory is not shared.
-  if (!array_buffer->is_shared()) {
+  // Trap if memory is not shared, or wait is not allowed on the isolate
+  if (!array_buffer->is_shared() || !isolate->allow_atomics_wait()) {
     return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed);
   }
   return FutexEmulation::WaitWasm32(isolate, array_buffer, offset,
@@ -364,8 +354,8 @@ RUNTIME_FUNCTION(Runtime_WasmI64AtomicWait) {
   // Should have trapped if address was OOB.
   DCHECK_LT(offset, array_buffer->byte_length());
 
-  // Trap if memory is not shared.
-  if (!array_buffer->is_shared()) {
+  // Trap if memory is not shared, or if wait is not allowed on the isolate
+  if (!array_buffer->is_shared() || !isolate->allow_atomics_wait()) {
     return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed);
   }
   return FutexEmulation::WaitWasm64(isolate, array_buffer, offset,
@@ -381,9 +371,7 @@ Object ThrowTableOutOfBounds(Isolate* isolate,
   if (isolate->context().is_null()) {
     isolate->set_context(instance->native_context());
   }
-  Handle<Object> error_obj = isolate->factory()->NewWasmRuntimeError(
-      MessageTemplate::kWasmTrapTableOutOfBounds);
-  return isolate->Throw(*error_obj);
+  return ThrowWasmError(isolate, MessageTemplate::kWasmTrapTableOutOfBounds);
 }
 }  // namespace
 
@@ -561,7 +549,13 @@ RUNTIME_FUNCTION(Runtime_WasmDebugBreak) {
   // Stepping can repeatedly create code, and code GC requires stack guards to
   // be executed on all involved isolates. Proactively do this here.
   StackLimitCheck check(isolate);
-  if (check.InterruptRequested()) isolate->stack_guard()->HandleInterrupts();
+  if (check.InterruptRequested()) {
+    Object interrupt_object = isolate->stack_guard()->HandleInterrupts();
+    // Interrupt handling can create an exception, including the
+    // termination exception.
+    if (interrupt_object.IsException(isolate)) return interrupt_object;
+    DCHECK(interrupt_object.IsUndefined(isolate));
+  }
 
   // Enter the debugger.
   DebugScope debug_scope(isolate->debug());
@@ -629,12 +623,61 @@ RUNTIME_FUNCTION(Runtime_WasmDebugBreak) {
 RUNTIME_FUNCTION(Runtime_WasmAllocateRtt) {
   ClearThreadInWasmScope flag_scope(isolate);
   HandleScope scope(isolate);
-  DCHECK_EQ(2, args.length());
+  DCHECK_EQ(3, args.length());
   CONVERT_UINT32_ARG_CHECKED(type_index, 0);
   CONVERT_ARG_HANDLE_CHECKED(Map, parent, 1);
+  CONVERT_SMI_ARG_CHECKED(raw_mode, 2);
   Handle<WasmInstanceObject> instance(GetWasmInstanceOnStackTop(isolate),
                                       isolate);
-  return *wasm::AllocateSubRtt(isolate, instance, type_index, parent);
+  return *wasm::AllocateSubRtt(isolate, instance, type_index, parent,
+                               static_cast<WasmRttSubMode>(raw_mode));
+}
+
+namespace {
+inline void* ArrayElementAddress(Handle<WasmArray> array, uint32_t index,
+                                 int element_size_bytes) {
+  return reinterpret_cast<void*>(array->ptr() + WasmArray::kHeaderSize -
+                                 kHeapObjectTag + index * element_size_bytes);
+}
+}  // namespace
+
+// Assumes copy ranges are in-bounds.
+RUNTIME_FUNCTION(Runtime_WasmArrayCopy) {
+  ClearThreadInWasmScope flag_scope(isolate);
+  HandleScope scope(isolate);
+  DCHECK_EQ(5, args.length());
+  CONVERT_ARG_HANDLE_CHECKED(WasmArray, dst_array, 0);
+  CONVERT_UINT32_ARG_CHECKED(dst_index, 1);
+  CONVERT_ARG_HANDLE_CHECKED(WasmArray, src_array, 2);
+  CONVERT_UINT32_ARG_CHECKED(src_index, 3);
+  CONVERT_UINT32_ARG_CHECKED(length, 4);
+  bool overlapping_ranges =
+      dst_array->ptr() == src_array->ptr() &&
+      (dst_index < src_index ? dst_index + length > src_index
+                             : src_index + length > dst_index);
+  wasm::ValueType element_type = src_array->type()->element_type();
+  if (element_type.is_reference()) {
+    ObjectSlot dst_slot = dst_array->ElementSlot(dst_index);
+    ObjectSlot src_slot = src_array->ElementSlot(src_index);
+    if (overlapping_ranges) {
+      isolate->heap()->MoveRange(*dst_array, dst_slot, src_slot, length,
+                                 UPDATE_WRITE_BARRIER);
+    } else {
+      isolate->heap()->CopyRange(*dst_array, dst_slot, src_slot, length,
+                                 UPDATE_WRITE_BARRIER);
+    }
+  } else {
+    int element_size_bytes = element_type.element_size_bytes();
+    void* dst = ArrayElementAddress(dst_array, dst_index, element_size_bytes);
+    void* src = ArrayElementAddress(src_array, src_index, element_size_bytes);
+    size_t copy_size = length * element_size_bytes;
+    if (overlapping_ranges) {
+      MemMove(dst, src, copy_size);
+    } else {
+      MemCopy(dst, src, copy_size);
+    }
+  }
+  return ReadOnlyRoots(isolate).undefined_value();
 }
 
 }  // namespace internal