diff options
Diffstat (limited to 'chromium/v8/src')
| -rw-r--r-- | chromium/v8/src/compiler/access-info.cc | 12 | ||||
| -rw-r--r-- | chromium/v8/src/compiler/compilation-dependencies.cc | 45 | ||||
| -rw-r--r-- | chromium/v8/src/compiler/compilation-dependencies.h | 4 | ||||
| -rw-r--r-- | chromium/v8/src/compiler/effect-control-linearizer.cc | 51 | ||||
| -rw-r--r-- | chromium/v8/src/compiler/js-call-reducer.cc | 49 | ||||
| -rw-r--r-- | chromium/v8/src/compiler/js-create-lowering.cc | 12 | ||||
| -rw-r--r-- | chromium/v8/src/objects/intl-objects.cc | 44 | ||||
| -rw-r--r-- | chromium/v8/src/objects/intl-objects.h | 9 | ||||
| -rw-r--r-- | chromium/v8/src/objects/js-date-time-format.cc | 35 | ||||
| -rw-r--r-- | chromium/v8/src/objects/js-date-time-format.h | 1 | ||||
| -rw-r--r-- | chromium/v8/src/objects/js-temporal-objects.cc | 2 | ||||
| -rw-r--r-- | chromium/v8/src/wasm/graph-builder-interface.cc | 8 |
12 files changed, 180 insertions, 92 deletions
diff --git a/chromium/v8/src/compiler/access-info.cc b/chromium/v8/src/compiler/access-info.cc index 024a8031cbe..4c8923325b4 100644 --- a/chromium/v8/src/compiler/access-info.cc +++ b/chromium/v8/src/compiler/access-info.cc @@ -451,9 +451,15 @@ PropertyAccessInfo AccessInfoFactory::ComputeDataFieldAccessInfo( map, descriptor, details_representation)); } else if (details_representation.IsHeapObject()) { if (descriptors_field_type->IsNone()) { - // Store is not safe if the field type was cleared. - if (access_mode == AccessMode::kStore) { - return Invalid(); + switch (access_mode) { + case AccessMode::kStore: + case AccessMode::kStoreInLiteral: + case AccessMode::kDefine: + // Store is not safe if the field type was cleared. + return Invalid(); + case AccessMode::kLoad: + case AccessMode::kHas: + break; } // The field type was cleared by the GC, so we don't know anything diff --git a/chromium/v8/src/compiler/compilation-dependencies.cc b/chromium/v8/src/compiler/compilation-dependencies.cc index 761e6731f38..c356f3b9ac4 100644 --- a/chromium/v8/src/compiler/compilation-dependencies.cc +++ b/chromium/v8/src/compiler/compilation-dependencies.cc @@ -34,7 +34,8 @@ namespace compiler { V(Protector) \ V(PrototypeProperty) \ V(StableMap) \ - V(Transition) + V(Transition) \ + V(ObjectSlotValue) CompilationDependencies::CompilationDependencies(JSHeapBroker* broker, Zone* zone) @@ -868,6 +869,42 @@ class ProtectorDependency final : public CompilationDependency { const PropertyCellRef cell_; }; +// Check that an object slot will not change during compilation. +class ObjectSlotValueDependency final : public CompilationDependency { + public: + explicit ObjectSlotValueDependency(const HeapObjectRef& object, int offset, + const ObjectRef& value) + : CompilationDependency(kObjectSlotValue), + object_(object.object()), + offset_(offset), + value_(value.object()) {} + + bool IsValid() const override { + PtrComprCageBase cage_base = GetPtrComprCageBase(*object_); + Object current_value = + offset_ == HeapObject::kMapOffset + ? object_->map() + : TaggedField<Object>::Relaxed_Load(cage_base, *object_, offset_); + return *value_ == current_value; + } + void Install(PendingDependencies* deps) const override {} + + private: + size_t Hash() const override { + return base::hash_combine(object_.address(), offset_, value_.address()); + } + + bool Equals(const CompilationDependency* that) const override { + const ObjectSlotValueDependency* const zat = that->AsObjectSlotValue(); + return object_->address() == zat->object_->address() && + offset_ == zat->offset_ && value_.address() == zat->value_.address(); + } + + Handle<HeapObject> object_; + int offset_; + Handle<Object> value_; +}; + class ElementsKindDependency final : public CompilationDependency { public: ElementsKindDependency(const AllocationSiteRef& site, ElementsKind kind) @@ -1120,6 +1157,12 @@ void CompilationDependencies::DependOnElementsKind( } } +void CompilationDependencies::DependOnObjectSlotValue( + const HeapObjectRef& object, int offset, const ObjectRef& value) { + RecordDependency( + zone_->New<ObjectSlotValueDependency>(object, offset, value)); +} + void CompilationDependencies::DependOnOwnConstantElement( const JSObjectRef& holder, uint32_t index, const ObjectRef& element) { RecordDependency( diff --git a/chromium/v8/src/compiler/compilation-dependencies.h b/chromium/v8/src/compiler/compilation-dependencies.h index 52c07ec8196..b6799342d3a 100644 --- a/chromium/v8/src/compiler/compilation-dependencies.h +++ b/chromium/v8/src/compiler/compilation-dependencies.h @@ -93,6 +93,10 @@ class V8_EXPORT_PRIVATE CompilationDependencies : public ZoneObject { // Record the assumption that {site}'s {ElementsKind} doesn't change. void DependOnElementsKind(const AllocationSiteRef& site); + // Check that an object slot will not change during compilation. + void DependOnObjectSlotValue(const HeapObjectRef& object, int offset, + const ObjectRef& value); + void DependOnOwnConstantElement(const JSObjectRef& holder, uint32_t index, const ObjectRef& element); diff --git a/chromium/v8/src/compiler/effect-control-linearizer.cc b/chromium/v8/src/compiler/effect-control-linearizer.cc index a887771cabc..cddd956b576 100644 --- a/chromium/v8/src/compiler/effect-control-linearizer.cc +++ b/chromium/v8/src/compiler/effect-control-linearizer.cc @@ -5221,6 +5221,8 @@ Node* EffectControlLinearizer::LowerLoadFieldByIndex(Node* node) { auto if_double = __ MakeDeferredLabel(); auto done = __ MakeLabel(MachineRepresentation::kTagged); + auto loaded_field = __ MakeLabel(MachineRepresentation::kTagged); + auto done_double = __ MakeLabel(MachineRepresentation::kFloat64); // Check if field is a mutable double field. __ GotoIfNot(__ IntPtrEqual(__ WordAnd(index, one), zero), &if_double); @@ -5237,8 +5239,8 @@ Node* EffectControlLinearizer::LowerLoadFieldByIndex(Node* node) { Node* offset = __ IntAdd(__ WordShl(index, __ IntPtrConstant(kTaggedSizeLog2 - 1)), __ IntPtrConstant(JSObject::kHeaderSize - kHeapObjectTag)); - Node* result = __ Load(MachineType::AnyTagged(), object, offset); - __ Goto(&done, result); + Node* field = __ Load(MachineType::AnyTagged(), object, offset); + __ Goto(&loaded_field, field); } // The field is located in the properties backing store of {object}. @@ -5252,8 +5254,8 @@ Node* EffectControlLinearizer::LowerLoadFieldByIndex(Node* node) { __ IntPtrConstant(kTaggedSizeLog2 - 1)), __ IntPtrConstant((FixedArray::kHeaderSize - kTaggedSize) - kHeapObjectTag)); - Node* result = __ Load(MachineType::AnyTagged(), properties, offset); - __ Goto(&done, result); + Node* field = __ Load(MachineType::AnyTagged(), properties, offset); + __ Goto(&loaded_field, field); } } @@ -5261,9 +5263,6 @@ Node* EffectControlLinearizer::LowerLoadFieldByIndex(Node* node) { // architectures, or a mutable HeapNumber. __ Bind(&if_double); { - auto loaded_field = __ MakeLabel(MachineRepresentation::kTagged); - auto done_double = __ MakeLabel(MachineRepresentation::kFloat64); - index = __ WordSar(index, one); // Check if field is in-object or out-of-object. @@ -5291,27 +5290,27 @@ Node* EffectControlLinearizer::LowerLoadFieldByIndex(Node* node) { Node* field = __ Load(MachineType::AnyTagged(), properties, offset); __ Goto(&loaded_field, field); } + } - __ Bind(&loaded_field); - { - Node* field = loaded_field.PhiAt(0); - // We may have transitioned in-place away from double, so check that - // this is a HeapNumber -- otherwise the load is fine and we don't need - // to copy anything anyway. - __ GotoIf(ObjectIsSmi(field), &done, field); - Node* field_map = __ LoadField(AccessBuilder::ForMap(), field); - __ GotoIfNot(__ TaggedEqual(field_map, __ HeapNumberMapConstant()), &done, - field); - - Node* value = __ LoadField(AccessBuilder::ForHeapNumberValue(), field); - __ Goto(&done_double, value); - } + __ Bind(&loaded_field); + { + Node* field = loaded_field.PhiAt(0); + // We may have transitioned in-place away from double, so check that + // this is a HeapNumber -- otherwise the load is fine and we don't need + // to copy anything anyway. + __ GotoIf(ObjectIsSmi(field), &done, field); + Node* field_map = __ LoadField(AccessBuilder::ForMap(), field); + __ GotoIfNot(__ TaggedEqual(field_map, __ HeapNumberMapConstant()), &done, + field); - __ Bind(&done_double); - { - Node* result = AllocateHeapNumberWithValue(done_double.PhiAt(0)); - __ Goto(&done, result); - } + Node* value = __ LoadField(AccessBuilder::ForHeapNumberValue(), field); + __ Goto(&done_double, value); + } + + __ Bind(&done_double); + { + Node* result = AllocateHeapNumberWithValue(done_double.PhiAt(0)); + __ Goto(&done, result); } __ Bind(&done); diff --git a/chromium/v8/src/compiler/js-call-reducer.cc b/chromium/v8/src/compiler/js-call-reducer.cc index 82c3b1a6d42..85b3689f913 100644 --- a/chromium/v8/src/compiler/js-call-reducer.cc +++ b/chromium/v8/src/compiler/js-call-reducer.cc @@ -710,9 +710,8 @@ class IteratingArrayBuiltinReducerAssembler : public JSCallReducerAssembler { MapInference* inference, const bool has_stability_dependency, ElementsKind kind, const SharedFunctionInfoRef& shared, const NativeContextRef& native_context, ArrayEverySomeVariant variant); - TNode<Object> ReduceArrayPrototypeAt(ZoneVector<ElementsKind> kinds, - bool needs_fallback_builtin_call, - Node* receiver_kind); + TNode<Object> ReduceArrayPrototypeAt(ZoneVector<const MapRef*> kinds, + bool needs_fallback_builtin_call); TNode<Object> ReduceArrayPrototypeIndexOfIncludes( ElementsKind kind, ArrayIndexOfIncludesVariant variant); @@ -1322,24 +1321,26 @@ TNode<String> JSCallReducerAssembler::ReduceStringPrototypeSlice() { } TNode<Object> IteratingArrayBuiltinReducerAssembler::ReduceArrayPrototypeAt( - ZoneVector<ElementsKind> kinds, bool needs_fallback_builtin_call, - Node* receiver_kind) { + ZoneVector<const MapRef*> maps, bool needs_fallback_builtin_call) { TNode<JSArray> receiver = ReceiverInputAs<JSArray>(); TNode<Object> index = ArgumentOrZero(0); TNode<Number> index_num = CheckSmi(index); TNode<FixedArrayBase> elements = LoadElements(receiver); + TNode<Map> receiver_map = + TNode<Map>::UncheckedCast(LoadField(AccessBuilder::ForMap(), receiver)); + auto out = MakeLabel(MachineRepresentation::kTagged); - for (ElementsKind kind : kinds) { + for (const MapRef* map : maps) { + DCHECK(map->supports_fast_array_iteration()); auto correct_map_label = MakeLabel(), wrong_map_label = MakeLabel(); - Branch(NumberEqual(TNode<Number>::UncheckedCast(receiver_kind), - NumberConstant(kind)), - &correct_map_label, &wrong_map_label); + TNode<Boolean> is_map_equal = ReferenceEqual(receiver_map, Constant(*map)); + Branch(is_map_equal, &correct_map_label, &wrong_map_label); Bind(&correct_map_label); - TNode<Number> length = LoadJSArrayLength(receiver, kind); + TNode<Number> length = LoadJSArrayLength(receiver, map->elements_kind()); // If index is less than 0, then subtract from length. TNode<Boolean> cond = NumberLessThan(index_num, ZeroConstant()); @@ -1358,15 +1359,16 @@ TNode<Object> IteratingArrayBuiltinReducerAssembler::ReduceArrayPrototypeAt( // Retrieving element at index. TNode<Object> element = LoadElement<Object>( - AccessBuilder::ForFixedArrayElement(kind), elements, real_index_num); - if (IsHoleyElementsKind(kind)) { + AccessBuilder::ForFixedArrayElement(map->elements_kind()), elements, + real_index_num); + if (IsHoleyElementsKind(map->elements_kind())) { // This case is needed in particular for HOLEY_DOUBLE_ELEMENTS: raw // doubles are stored in the FixedDoubleArray, and need to be converted to // HeapNumber or to Smi so that this function can return an Object. The // automatic converstion performed by // RepresentationChanger::GetTaggedRepresentationFor does not handle // holes, so we convert manually a potential hole here. - element = TryConvertHoleToUndefined(element, kind); + element = TryConvertHoleToUndefined(element, map->elements_kind()); } Goto(&out, element); @@ -5632,25 +5634,22 @@ Reduction JSCallReducer::ReduceArrayPrototypeAt(Node* node) { MapInference inference(broker(), receiver, effect); if (!inference.HaveMaps()) return NoChange(); - // Collecting kinds - ZoneVector<ElementsKind> kinds(broker()->zone()); + // Collecting maps, and checking if a fallback builtin call will be required + // (it is required if at least one map doesn't support fast array iteration). + ZoneVector<const MapRef*> maps(broker()->zone()); bool needs_fallback_builtin_call = false; for (const MapRef& map : inference.GetMaps()) { if (map.supports_fast_array_iteration()) { - ElementsKind kind = map.elements_kind(); - // Checking that |kind| isn't already in |kinds|. Using std::find should - // be fast enough since |kinds| can contain at most 4 items. - if (std::find(kinds.begin(), kinds.end(), kind) == kinds.end()) { - kinds.push_back(kind); - } + maps.push_back(&map); } else { needs_fallback_builtin_call = true; } } + inference.RelyOnMapsPreferStability(dependencies(), jsgraph(), &effect, control, p.feedback()); - if (kinds.empty()) { + if (maps.empty()) { // No map in the feedback supports fast iteration. Keeping the builtin call. return NoChange(); } @@ -5659,13 +5658,11 @@ Reduction JSCallReducer::ReduceArrayPrototypeAt(Node* node) { return NoChange(); } - Node* receiver_kind = LoadReceiverElementsKind(receiver, &effect, control); - IteratingArrayBuiltinReducerAssembler a(this, node); a.InitializeEffectControl(effect, control); - TNode<Object> subgraph = a.ReduceArrayPrototypeAt( - kinds, needs_fallback_builtin_call, receiver_kind); + TNode<Object> subgraph = + a.ReduceArrayPrototypeAt(maps, needs_fallback_builtin_call); return ReplaceWithSubgraph(&a, subgraph); } diff --git a/chromium/v8/src/compiler/js-create-lowering.cc b/chromium/v8/src/compiler/js-create-lowering.cc index 4cc0a9a3af4..100ec334fdb 100644 --- a/chromium/v8/src/compiler/js-create-lowering.cc +++ b/chromium/v8/src/compiler/js-create-lowering.cc @@ -1673,6 +1673,10 @@ base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteral( // Now that we hold the migration lock, get the current map. MapRef boilerplate_map = boilerplate.map(); + // Protect against concurrent changes to the boilerplate object by checking + // for an identical value at the end of the compilation. + dependencies()->DependOnObjectSlotValue(boilerplate, HeapObject::kMapOffset, + boilerplate_map); { base::Optional<MapRef> current_boilerplate_map = boilerplate.map_direct_read(); @@ -1837,10 +1841,18 @@ base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteralElements( boilerplate.elements(kRelaxedLoad); if (!maybe_boilerplate_elements.has_value()) return {}; FixedArrayBaseRef boilerplate_elements = maybe_boilerplate_elements.value(); + // Protect against concurrent changes to the boilerplate object by checking + // for an identical value at the end of the compilation. + dependencies()->DependOnObjectSlotValue( + boilerplate, JSObject::kElementsOffset, boilerplate_elements); // Empty or copy-on-write elements just store a constant. int const elements_length = boilerplate_elements.length(); MapRef elements_map = boilerplate_elements.map(); + // Protect against concurrent changes to the boilerplate object by checking + // for an identical value at the end of the compilation. + dependencies()->DependOnObjectSlotValue(boilerplate_elements, + HeapObject::kMapOffset, elements_map); if (boilerplate_elements.length() == 0 || elements_map.IsFixedCowArrayMap()) { if (allocation == AllocationType::kOld && !boilerplate.IsElementsTenured(boilerplate_elements)) { diff --git a/chromium/v8/src/objects/intl-objects.cc b/chromium/v8/src/objects/intl-objects.cc index 4623dc19c3e..cb033847199 100644 --- a/chromium/v8/src/objects/intl-objects.cc +++ b/chromium/v8/src/objects/intl-objects.cc @@ -2822,37 +2822,21 @@ bool IsUnicodeStringValidTimeZoneName(const icu::UnicodeString& id) { } } // namespace -Handle<String> Intl::CanonicalizeTimeZoneID(Isolate* isolate, - const icu::UnicodeString& id) { +MaybeHandle<String> Intl::CanonicalizeTimeZoneName(Isolate* isolate, + Handle<String> identifier) { UErrorCode status = U_ZERO_ERROR; + std::string time_zone = + JSDateTimeFormat::CanonicalizeTimeZoneID(identifier->ToCString().get()); + icu::UnicodeString time_zone_ustring = + icu::UnicodeString(time_zone.c_str(), -1, US_INV); icu::UnicodeString canonical; - icu::TimeZone::getCanonicalID(id, canonical, status); + icu::TimeZone::getCanonicalID(time_zone_ustring, canonical, status); CHECK(U_SUCCESS(status)); - // In CLDR (http://unicode.org/cldr/trac/ticket/9943), Etc/UTC is made - // a separate timezone ID from Etc/GMT even though they're still the same - // timezone. We have Etc/UTC because 'UTC', 'Etc/Universal', - // 'Etc/Zulu' and others are turned to 'Etc/UTC' by ICU. Etc/GMT comes - // from Etc/GMT0, Etc/GMT+0, Etc/GMT-0, Etc/Greenwich. - // ecma402#sec-canonicalizetimezonename step 3 if (canonical == UNICODE_STRING_SIMPLE("Etc/UTC") || canonical == UNICODE_STRING_SIMPLE("Etc/GMT")) { return isolate->factory()->UTC_string(); } - return Intl::ToString(isolate, canonical).ToHandleChecked(); -} - -Handle<String> Intl::CanonicalizeTimeZoneName(Isolate* isolate, - Handle<String> identifier) { - std::string time_zone = - JSDateTimeFormat::CanonicalizeTimeZoneID(identifier->ToCString().get()); - return CanonicalizeTimeZoneID( - isolate, icu::UnicodeString(time_zone.c_str(), -1, US_INV)); -} - -Handle<String> Intl::TimeZoneId(Isolate* isolate, const icu::TimeZone& tz) { - icu::UnicodeString time_zone; - tz.getID(time_zone); - return Intl::CanonicalizeTimeZoneID(isolate, time_zone); + return Intl::ToString(isolate, canonical); } bool Intl::IsValidTimeZoneName(Isolate* isolate, Handle<String> id) { @@ -2961,8 +2945,16 @@ Handle<String> Intl::SourceString(Isolate* isolate, FormatRangeSource source) { } Handle<String> Intl::DefaultTimeZone(Isolate* isolate) { - std::unique_ptr<icu::TimeZone> tz(icu::TimeZone::createDefault()); - return TimeZoneId(isolate, *tz); + icu::UnicodeString id; + { + std::unique_ptr<icu::TimeZone> tz(icu::TimeZone::createDefault()); + tz->getID(id); + } + UErrorCode status = U_ZERO_ERROR; + icu::UnicodeString canonical; + icu::TimeZone::getCanonicalID(id, canonical, status); + DCHECK(U_SUCCESS(status)); + return Intl::ToString(isolate, canonical).ToHandleChecked(); } namespace { diff --git a/chromium/v8/src/objects/intl-objects.h b/chromium/v8/src/objects/intl-objects.h index 7f4b66b0fa7..0ac4b14096c 100644 --- a/chromium/v8/src/objects/intl-objects.h +++ b/chromium/v8/src/objects/intl-objects.h @@ -390,13 +390,8 @@ class Intl { static std::vector<int64_t> GetTimeZonePossibleOffsetMilliseconds( Isolate* isolate, int32_t time_zone_index, int64_t time_ms); - static Handle<String> CanonicalizeTimeZoneName(Isolate* isolate, - Handle<String> identifier); - - static Handle<String> CanonicalizeTimeZoneID( - Isolate* isolate, const icu::UnicodeString& identifier); - - static Handle<String> TimeZoneId(Isolate* isolate, const icu::TimeZone& tz); + V8_WARN_UNUSED_RESULT static MaybeHandle<String> CanonicalizeTimeZoneName( + Isolate* isolate, Handle<String> identifier); // ecma402/#sec-coerceoptionstoobject V8_WARN_UNUSED_RESULT static MaybeHandle<JSReceiver> CoerceOptionsToObject( diff --git a/chromium/v8/src/objects/js-date-time-format.cc b/chromium/v8/src/objects/js-date-time-format.cc index 82d6d067e2b..a32c2afe54b 100644 --- a/chromium/v8/src/objects/js-date-time-format.cc +++ b/chromium/v8/src/objects/js-date-time-format.cc @@ -495,6 +495,37 @@ int FractionalSecondDigitsFromPattern(const std::string& pattern) { } // namespace +Handle<Object> JSDateTimeFormat::TimeZoneId(Isolate* isolate, + const icu::TimeZone& tz) { + Factory* factory = isolate->factory(); + icu::UnicodeString time_zone; + tz.getID(time_zone); + UErrorCode status = U_ZERO_ERROR; + icu::UnicodeString canonical_time_zone; + icu::TimeZone::getCanonicalID(time_zone, canonical_time_zone, status); + Handle<Object> timezone_value; + if (U_SUCCESS(status)) { + // In CLDR (http://unicode.org/cldr/trac/ticket/9943), Etc/UTC is made + // a separate timezone ID from Etc/GMT even though they're still the same + // timezone. We have Etc/UTC because 'UTC', 'Etc/Universal', + // 'Etc/Zulu' and others are turned to 'Etc/UTC' by ICU. Etc/GMT comes + // from Etc/GMT0, Etc/GMT+0, Etc/GMT-0, Etc/Greenwich. + // ecma402#sec-canonicalizetimezonename step 3 + if (canonical_time_zone == UNICODE_STRING_SIMPLE("Etc/UTC") || + canonical_time_zone == UNICODE_STRING_SIMPLE("Etc/GMT")) { + timezone_value = factory->UTC_string(); + } else { + ASSIGN_RETURN_ON_EXCEPTION_VALUE( + isolate, timezone_value, Intl::ToString(isolate, canonical_time_zone), + Handle<Object>()); + } + } else { + // Somehow on Windows we will reach here. + timezone_value = factory->undefined_value(); + } + return timezone_value; +} + namespace { Handle<String> GetCalendar(Isolate* isolate, const icu::SimpleDateFormat& simple_date_format, @@ -526,8 +557,8 @@ Handle<String> GetCalendar(Isolate* isolate, Handle<Object> GetTimeZone(Isolate* isolate, const icu::SimpleDateFormat& simple_date_format) { - return Intl::TimeZoneId(isolate, - simple_date_format.getCalendar()->getTimeZone()); + return JSDateTimeFormat::TimeZoneId( + isolate, simple_date_format.getCalendar()->getTimeZone()); } } // namespace diff --git a/chromium/v8/src/objects/js-date-time-format.h b/chromium/v8/src/objects/js-date-time-format.h index 44050caf191..88a6b61b50c 100644 --- a/chromium/v8/src/objects/js-date-time-format.h +++ b/chromium/v8/src/objects/js-date-time-format.h @@ -99,6 +99,7 @@ class JSDateTimeFormat V8_EXPORT_PRIVATE static const std::set<std::string>& GetAvailableLocales(); + Handle<Object> static TimeZoneId(Isolate* isolate, const icu::TimeZone& tz); std::unique_ptr<icu::TimeZone> static CreateTimeZone(const char* timezone); V8_EXPORT_PRIVATE static std::string CanonicalizeTimeZoneID( diff --git a/chromium/v8/src/objects/js-temporal-objects.cc b/chromium/v8/src/objects/js-temporal-objects.cc index 4e6385d6235..89b7b7a2c85 100644 --- a/chromium/v8/src/objects/js-temporal-objects.cc +++ b/chromium/v8/src/objects/js-temporal-objects.cc @@ -4556,7 +4556,7 @@ bool IsValidTimeZoneName(Isolate* isolate, Handle<String> time_zone) { Handle<String> CanonicalizeTimeZoneName(Isolate* isolate, Handle<String> identifier) { - return Intl::CanonicalizeTimeZoneName(isolate, identifier); + return Intl::CanonicalizeTimeZoneName(isolate, identifier).ToHandleChecked(); } #else // V8_INTL_SUPPORT diff --git a/chromium/v8/src/wasm/graph-builder-interface.cc b/chromium/v8/src/wasm/graph-builder-interface.cc index 760e9669795..31a06d5a138 100644 --- a/chromium/v8/src/wasm/graph-builder-interface.cc +++ b/chromium/v8/src/wasm/graph-builder-interface.cc @@ -88,6 +88,7 @@ class WasmGraphBuildingInterface { struct TryInfo : public ZoneObject { SsaEnv* catch_env; TFNode* exception = nullptr; + bool first_catch = true; bool might_throw() const { return exception != nullptr; } @@ -924,6 +925,10 @@ class WasmGraphBuildingInterface { TFNode* exception = block->try_info->exception; SetEnv(block->try_info->catch_env); + if (block->try_info->first_catch) { + LoadContextIntoSsa(ssa_env_, decoder); + block->try_info->first_catch = false; + } TFNode* if_catch = nullptr; TFNode* if_no_catch = nullptr; @@ -1001,6 +1006,9 @@ class WasmGraphBuildingInterface { } SetEnv(block->try_info->catch_env); + if (block->try_info->first_catch) { + LoadContextIntoSsa(ssa_env_, decoder); + } } void AtomicOp(FullDecoder* decoder, WasmOpcode opcode, |