From 5e1f213f3c454c98dc087231c825b21303a1f4d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Tue, 31 Jan 2023 16:54:40 +0100
Subject: [PATCH] deps: patch V8 to 10.2.154.26

Refs: https://github.com/v8/v8/compare/10.2.154.23...10.2.154.26
PR-URL: https://github.com/nodejs/node/pull/46446
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
---
 deps/v8/include/v8-version.h                  |  2 +-
 deps/v8/src/ast/scopes.cc                     |  1 +
 deps/v8/src/codegen/arm/assembler-arm.cc      | 19 +++++++++++++++----
 .../backend/x64/code-generator-x64.cc         | 17 ++++++++++++++++-
 .../mjsunit/regress/regress-crbug-1394973.js  |  7 +++++++
 5 files changed, 40 insertions(+), 6 deletions(-)
 create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-1394973.js

diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h
index 0f4681167b468a..ac1ebf050fc322 100644
--- a/deps/v8/include/v8-version.h
+++ b/deps/v8/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 10
 #define V8_MINOR_VERSION 2
 #define V8_BUILD_NUMBER 154
-#define V8_PATCH_LEVEL 23
+#define V8_PATCH_LEVEL 26
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
diff --git a/deps/v8/src/ast/scopes.cc b/deps/v8/src/ast/scopes.cc
index 54709de5b747f0..0d22a4ef4e677e 100644
--- a/deps/v8/src/ast/scopes.cc
+++ b/deps/v8/src/ast/scopes.cc
@@ -932,6 +932,7 @@ void Scope::Snapshot::Reparent(DeclarationScope* new_parent) {
   // Move eval calls since Snapshot's creation into new_parent.
   if (outer_scope_->calls_eval_) {
     new_parent->RecordEvalCall();
+    outer_scope_->calls_eval_ = false;
     declaration_scope_->sloppy_eval_can_extend_vars_ = false;
   }
 }
diff --git a/deps/v8/src/codegen/arm/assembler-arm.cc b/deps/v8/src/codegen/arm/assembler-arm.cc
index ff612406f62e02..857c551013dd94 100644
--- a/deps/v8/src/codegen/arm/assembler-arm.cc
+++ b/deps/v8/src/codegen/arm/assembler-arm.cc
@@ -1455,10 +1455,6 @@ int Assembler::branch_offset(Label* L) {
     L->link_to(pc_offset());
   }
 
-  // Block the emission of the constant pool, since the branch instruction must
-  // be emitted at the pc offset recorded by the label.
-  if (!is_const_pool_blocked()) BlockConstPoolFor(1);
-
   return target_pos - (pc_offset() + Instruction::kPcLoadDelta);
 }
 
@@ -1469,6 +1465,11 @@ void Assembler::b(int branch_offset, Condition cond, RelocInfo::Mode rmode) {
   int imm24 = branch_offset >> 2;
   const bool b_imm_check = is_int24(imm24);
   CHECK(b_imm_check);
+
+  // Block the emission of the constant pool before the next instruction.
+  // Otherwise the passed-in branch offset would be off.
+  BlockConstPoolFor(1);
+
   emit(cond | B27 | B25 | (imm24 & kImm24Mask));
 
   if (cond == al) {
@@ -1483,6 +1484,11 @@ void Assembler::bl(int branch_offset, Condition cond, RelocInfo::Mode rmode) {
   int imm24 = branch_offset >> 2;
   const bool bl_imm_check = is_int24(imm24);
   CHECK(bl_imm_check);
+
+  // Block the emission of the constant pool before the next instruction.
+  // Otherwise the passed-in branch offset would be off.
+  BlockConstPoolFor(1);
+
   emit(cond | B27 | B25 | B24 | (imm24 & kImm24Mask));
 }
 
@@ -1492,6 +1498,11 @@ void Assembler::blx(int branch_offset) {
   int imm24 = branch_offset >> 2;
   const bool blx_imm_check = is_int24(imm24);
   CHECK(blx_imm_check);
+
+  // Block the emission of the constant pool before the next instruction.
+  // Otherwise the passed-in branch offset would be off.
+  BlockConstPoolFor(1);
+
   emit(kSpecialCondition | B27 | B25 | h | (imm24 & kImm24Mask));
 }
 
diff --git a/deps/v8/src/compiler/backend/x64/code-generator-x64.cc b/deps/v8/src/compiler/backend/x64/code-generator-x64.cc
index 5ec6fb20404ba4..675f125cc100f5 100644
--- a/deps/v8/src/compiler/backend/x64/code-generator-x64.cc
+++ b/deps/v8/src/compiler/backend/x64/code-generator-x64.cc
@@ -5032,7 +5032,22 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
     case MoveType::kStackToRegister: {
       Operand src = g.ToOperand(source);
       if (source->IsStackSlot()) {
-        __ movq(g.ToRegister(destination), src);
+        MachineRepresentation mr =
+            LocationOperand::cast(source)->representation();
+        const bool is_32_bit = mr == MachineRepresentation::kWord32 ||
+                               mr == MachineRepresentation::kCompressed ||
+                               mr == MachineRepresentation::kCompressedPointer;
+        // TODO(13581): Fix this for other code kinds (see
+        // https://crbug.com/1356461).
+        if (code_kind() == CodeKind::WASM_FUNCTION && is_32_bit) {
+          // When we need only 32 bits, move only 32 bits. Benefits:
+          // - Save a byte here and there (depending on the destination
+          //   register; "movl eax, ..." is smaller than "movq rax, ...").
+          // - Safeguard against accidental decompression of compressed slots.
+          __ movl(g.ToRegister(destination), src);
+        } else {
+          __ movq(g.ToRegister(destination), src);
+        }
       } else {
         DCHECK(source->IsFPStackSlot());
         XMMRegister dst = g.ToDoubleRegister(destination);
diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-1394973.js b/deps/v8/test/mjsunit/regress/regress-crbug-1394973.js
new file mode 100644
index 00000000000000..c0b9ceebcc2278
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-crbug-1394973.js
@@ -0,0 +1,7 @@
+// Copyright 2022 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --stress-lazy-source-positions
+
+((__v_0 = ((__v_0 =eval()) => {})()) => {})()