deps: update V8 to 7.5.288.22

PR-URL: https://github.com/nodejs/node/pull/27375
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>

4 files changed, 37 insertions, 15 deletions

diff --git a/deps/v8/src/asmjs/asm-js.cc b/deps/v8/src/asmjs/asm-js.cc
index a84c88546e..44a3f439f6 100644
--- a/deps/v8/src/asmjs/asm-js.cc
+++ b/deps/v8/src/asmjs/asm-js.cc
@@ -355,11 +355,11 @@ MaybeHandle<Object> AsmJs::InstantiateAsmWasm(Isolate* isolate,
   instantiate_timer.Start();
   Handle<HeapNumber> uses_bitset(wasm_data->uses_bitset(), isolate);
   Handle<Script> script(Script::cast(shared->script()), isolate);
+  const auto& wasm_engine = isolate->wasm_engine();
 
   // Allocate the WasmModuleObject.
   Handle<WasmModuleObject> module =
-      isolate->wasm_engine()->FinalizeTranslatedAsmJs(isolate, wasm_data,
-                                                      script);
+      wasm_engine->FinalizeTranslatedAsmJs(isolate, wasm_data, script);
 
   // TODO(mstarzinger): The position currently points to the module definition
   // but should instead point to the instantiation site (more intuitive).
@@ -387,7 +387,7 @@ MaybeHandle<Object> AsmJs::InstantiateAsmWasm(Isolate* isolate,
       ReportInstantiationFailure(script, position, "Requires heap buffer");
       return MaybeHandle<Object>();
     }
-    memory->set_is_growable(false);
+    wasm_engine->memory_tracker()->MarkWasmMemoryNotGrowable(memory);
     size_t size = memory->byte_length();
     // Check the asm.js heap size against the valid limits.
     if (!IsValidAsmjsMemorySize(size)) {
@@ -400,8 +400,7 @@ MaybeHandle<Object> AsmJs::InstantiateAsmWasm(Isolate* isolate,
 
   wasm::ErrorThrower thrower(isolate, "AsmJs::Instantiate");
   MaybeHandle<Object> maybe_module_object =
-      isolate->wasm_engine()->SyncInstantiate(isolate, &thrower, module,
-                                              foreign, memory);
+      wasm_engine->SyncInstantiate(isolate, &thrower, module, foreign, memory);
   if (maybe_module_object.is_null()) {
     // An exception caused by the module start function will be set as pending
     // and bypass the {ErrorThrower}, this happens in case of a stack overflow.
diff --git a/deps/v8/src/asmjs/asm-parser.cc b/deps/v8/src/asmjs/asm-parser.cc
index 8352ec02e2..b17fc9f8a7 100644
--- a/deps/v8/src/asmjs/asm-parser.cc
+++ b/deps/v8/src/asmjs/asm-parser.cc
@@ -13,6 +13,7 @@
 #include "src/asmjs/asm-types.h"
 #include "src/base/optional.h"
 #include "src/base/overflowing-math.h"
+#include "src/conversions-inl.h"
 #include "src/flags.h"
 #include "src/parsing/scanner.h"
 #include "src/wasm/wasm-limits.h"
@@ -319,6 +320,9 @@ int AsmJsParser::FindContinueLabelDepth(AsmJsScanner::token_t label) {
   int count = 0;
   for (auto it = block_stack_.rbegin(); it != block_stack_.rend();
        ++it, ++count) {
+    // A 'continue' statement targets ...
+    //  - The innermost {kLoop} block if no label is given.
+    //  - The matching {kLoop} block (when a label is provided).
     if (it->kind == BlockKind::kLoop &&
         (label == kTokenNone || it->label == label)) {
       return count;
@@ -331,8 +335,12 @@ int AsmJsParser::FindBreakLabelDepth(AsmJsScanner::token_t label) {
   int count = 0;
   for (auto it = block_stack_.rbegin(); it != block_stack_.rend();
        ++it, ++count) {
-    if (it->kind == BlockKind::kRegular &&
-        (label == kTokenNone || it->label == label)) {
+    // A 'break' statement targets ...
+    //  - The innermost {kRegular} block if no label is given.
+    //  - The matching {kRegular} or {kNamed} block (when a label is provided).
+    if ((it->kind == BlockKind::kRegular &&
+         (label == kTokenNone || it->label == label)) ||
+        (it->kind == BlockKind::kNamed && it->label == label)) {
       return count;
     }
   }
@@ -520,7 +528,7 @@ void AsmJsParser::ValidateModuleVarFromGlobal(VarInfo* info,
       dvalue = -dvalue;
     }
     DeclareGlobal(info, mutable_variable, AsmType::Float(), kWasmF32,
-                  WasmInitExpr(static_cast<float>(dvalue)));
+                  WasmInitExpr(DoubleToFloat32(dvalue)));
   } else if (CheckForUnsigned(&uvalue)) {
     dvalue = uvalue;
     if (negate) {
@@ -800,6 +808,9 @@ void AsmJsParser::ValidateFunction() {
   // End function
   current_function_builder_->Emit(kExprEnd);
 
+  if (current_function_builder_->GetPosition() > kV8MaxWasmFunctionSize) {
+    FAIL("Size of function body exceeds internal limit");
+  }
   // Record (or validate) function type.
   AsmType* function_type = AsmType::Function(zone(), return_type_);
   for (auto t : params) {
@@ -1041,7 +1052,8 @@ void AsmJsParser::ValidateStatement() {
 void AsmJsParser::Block() {
   bool can_break_to_block = pending_label_ != 0;
   if (can_break_to_block) {
-    Begin(pending_label_);
+    BareBegin(BlockKind::kNamed, pending_label_);
+    current_function_builder_->EmitWithU8(kExprBlock, kLocalVoid);
   }
   pending_label_ = 0;
   EXPECT_TOKEN('{');
@@ -1083,8 +1095,8 @@ void AsmJsParser::IfStatement() {
   EXPECT_TOKEN('(');
   RECURSE(Expression(AsmType::Int()));
   EXPECT_TOKEN(')');
+  BareBegin(BlockKind::kOther);
   current_function_builder_->EmitWithU8(kExprIf, kLocalVoid);
-  BareBegin();
   RECURSE(ValidateStatement());
   if (Check(TOK(else))) {
     current_function_builder_->Emit(kExprElse);
diff --git a/deps/v8/src/asmjs/asm-parser.h b/deps/v8/src/asmjs/asm-parser.h
index 202bac718b..42d0aa8d6e 100644
--- a/deps/v8/src/asmjs/asm-parser.h
+++ b/deps/v8/src/asmjs/asm-parser.h
@@ -107,8 +107,20 @@ class AsmJsParser {
     VarInfo* var_info;
   };
 
-  enum class BlockKind { kRegular, kLoop, kOther };
-
+  // Distinguish different kinds of blocks participating in {block_stack}. Each
+  // entry on that stack represents one block in the wasm code, and determines
+  // which block 'break' and 'continue' target in the current context:
+  //  - kRegular: The target of a 'break' (with & without identifier).
+  //              Pushed by an IterationStatement and a SwitchStatement.
+  //  - kLoop   : The target of a 'continue' (with & without identifier).
+  //              Pushed by an IterationStatement.
+  //  - kNamed  : The target of a 'break' with a specific identifier.
+  //              Pushed by a BlockStatement.
+  //  - kOther  : Only used for internal blocks, can never be targeted.
+  enum class BlockKind { kRegular, kLoop, kNamed, kOther };
+
+  // One entry in the {block_stack}, see {BlockKind} above for details. Blocks
+  // without a label have {kTokenNone} set as their label.
   struct BlockInfo {
     BlockKind kind;
     AsmJsScanner::token_t label;
@@ -312,8 +324,7 @@ class AsmJsParser {
 
   // Use to set up block stack layers (including synthetic ones for if-else).
   // Begin/Loop/End below are implemented with these plus code generation.
-  void BareBegin(BlockKind kind = BlockKind::kOther,
-                 AsmJsScanner::token_t label = 0);
+  void BareBegin(BlockKind kind, AsmJsScanner::token_t label = 0);
   void BareEnd();
   int FindContinueLabelDepth(AsmJsScanner::token_t label);
   int FindBreakLabelDepth(AsmJsScanner::token_t label);
diff --git a/deps/v8/src/asmjs/asm-scanner.cc b/deps/v8/src/asmjs/asm-scanner.cc
index f249f2c724..27d9eee6b4 100644
--- a/deps/v8/src/asmjs/asm-scanner.cc
+++ b/deps/v8/src/asmjs/asm-scanner.cc
@@ -271,7 +271,7 @@ void AsmJsScanner::ConsumeIdentifier(uc32 ch) {
 
 void AsmJsScanner::ConsumeNumber(uc32 ch) {
   std::string number;
-  number = ch;
+  number.assign(1, ch);
   bool has_dot = ch == '.';
   bool has_prefix = false;
   for (;;) {