[v18.x] deps: cherry-pick 27fa951 from V8 upstream #45984
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
According to https://html.spec.whatwg.org/#environment-settings-object, the timeOrigin is a per-environment value. Worker's timeOrigin is the time when the worker is created. PR-URL: nodejs#43781 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Joyee Cheung <[email protected]>
This patch updates the layout of the BaseObjects to make sure that the first embedder field of them is a "type" pointer, the first 16 bits of which are the Node.js embedder ID, so that cppgc will always skip over them. In addition we now use this field to determine if the native object should be interpreted as a Node.js embedder object in the serialization and deserialization callbacks for the startup snapshot to improve the reliability. Co-authored-by: Joyee Cheung <[email protected]> PR-URL: nodejs#43521 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Darshan Sen <[email protected]>
This patch stores the metadata about the Node.js binary into the SnapshotData and adds fields denoting how the snapshot was generated, on what platform it was generated as well as the V8 cached data version flag. Instead of simply crashing when the metadata doesn't match, Node.js now prints an error message and exit with 1 for the customized snapshot, or ignore the snapshot and start from scratch if it's the default one. PR-URL: nodejs#44132 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]>
Instead of iterating over the bindings, iterate over the base
objects that are snapshottable. This allows us to snapshot
base objects that are not bindings. In addition this refactors
the InternalFieldInfo class to eliminate potential undefined
behaviors, and renames it to InternalFieldInfoBase.
The {de}serialize callbacks now expect a InternalFieldInfo struct
nested in Snapshotable classes that can be used to carry
serialization data around. This allows us to create structs
inheriting from InternalFieldInfo for Snapshotable objects
that need custom fields.
PR-URL: nodejs#44192
Refs: nodejs#37476
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Chengzhong Wu <[email protected]>
Move util::WeakReference to a separate header and implement
{de}serialization for it to be snapshotable.
PR-URL: nodejs#44193
Refs: nodejs#44014
Refs: nodejs#37476
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Chengzhong Wu <[email protected]>
To distinguish per-context values from the node::Environment, split those values to a new node::Realm structure and consolidate bootstrapping methods with it. PR-URL: nodejs#44179 Refs: nodejs#42528 Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: James M Snell <[email protected]>
BaseObject is a wrapper around JS objects. These objects should be created in a node::Realm and destroyed when their associated realm is cleaning up. PR-URL: nodejs#44348 Refs: nodejs#42528 Reviewed-By: Joyee Cheung <[email protected]>
- Wrap the initialization of the kSlot and kEmbedderType fields into a BaseObject::SetInternalFields() method. - Move the tagging of kEmbedderType field into BaseObject::TagNodeObject() - Add a variant of BaseObject::MakeLazilyInitializedJSTemplate() that only needs IsolateData. This makes it easier to create BaseObject subclasses. PR-URL: nodejs#44796 Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: James M Snell <[email protected]>
Instead of adding a reference to the ContextifyContext by using a v8::External, we make ContextifyContext a weak BaseObject that whose wrapper is referenced by the sandbox via a private symbol. This makes it easier to snapshot the contexts, in addition to reusing the BaseObject lifetime management for ContextifyContexts. PR-URL: nodejs#44796 Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: v8/v8@10.2.154.15...10.2.154.19 PR-URL: nodejs#45229 Reviewed-By: Jiawen Geng <[email protected]>
PR-URL: nodejs#44950 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tierney Cyren <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
Refs: https://github.com/unicode-org/icu/releases/tag/release-72-1 PR-URL: nodejs#45068 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Steven R Loomis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
Currently, there's no way to know if a timezone upgrade PR is correct without building and testing the change locally. This change provides a solution for that. Tested in RaisinTen#4. Signed-off-by: Darshan Sen <[email protected]> PR-URL: nodejs#45299 Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: nodejs#45289 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
Original commit message:
[intl] Enhance Date parser to take Unicode SPACE
This is needed to prepare for the landing of ICU72.
Allow U+202F in the Date String, which the toLocaleString("en-US")
will generate w/ ICU72.
Bug: v8:13494
Change-Id: I41b83c4094ce3d0737a72dcd6310b52c68fdcdca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027341
Reviewed-by: Yang Guo <[email protected]>
Reviewed-by: Jungshik Shin <[email protected]>
Commit-Queue: Frank Tang <[email protected]>
Cr-Commit-Position: refs/heads/main@{#84308}
Refs: v8/v8@2ada52c
Fixes: nodejs#45171
PR-URL: nodejs#45573
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Yagiz Nizipli <[email protected]>
PR-URL: nodejs#45581 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
The `Shift_JIS` encoding may not be available, e.g. when Node.js is configured with `--with-intl=small-icu`. PR-URL: nodejs#45225 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Kohei Ueno <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Steven R Loomis <[email protected]>
PR-URL: nodejs#45191 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Christian Clauss <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
PR-URL: nodejs#45191 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Christian Clauss <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
PR-URL: nodejs#45240 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Minwoo Jung <[email protected]>
[parser] Fix eval tracking
Due to mismatch in strictness we otherwise invalidly mark scopes as
calling sloppy eval.
Bug: chromium:1394403
Change-Id: Iece45df87f171616a2917c2aba5540636880a7c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4066044
Reviewed-by: Igor Sheludko <[email protected]>
Commit-Queue: Toon Verwaest <[email protected]>
Cr-Commit-Position: refs/heads/main@{#84575}
Refs: https://chromium-review.googlesource.com/c/v8/v8/+/4066044
|
Review requested:
|
nodejs-github-bot
added
needs-ci
|
Due to the V8 bug is not public (https://bugs.chromium.org/p/chromium/issues/detail?id=1394403), I think we should cherry-pick this PR to any influenced versions of Node.js, not only for v18.x. |
bnoordhuis
approved these changes
Dec 27, 2022
|
I don't think I'm spilling state secrets when I say it's the fix for CVE-2022-4262. That was a high prio bug for chromium but for us, not so much; different threat model. |
|
LGTM, but I propose an alternative, which contains the official V8 cherry-pick (v8/v8@45e33e2): #45997 |
|
Since #45997 was landed in v18.x, should this be closed? |
danielleadams
force-pushed
the
v18.x-staging
branch
2 times, most recently
from
2098d7a to
bac6b7d
Compare
juanarbol
force-pushed
the
v18.x-staging
branch
from
7351221 to
fcfde34
Compare
|
I'll go ahead and close this one since the alternative from @targos have already landed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs: https://chromium-review.googlesource.com/c/v8/v8/+/4066044