chore: cherry-pick b3c01ac1e60a from v8 (#42172)

* chore: cherry-pick b3c01ac1e60a from v8

* chore: update patches

---------

Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
This commit is contained in:
Keeley Hammond 2024-05-14 15:02:24 -07:00 committed by GitHub
parent f2af35182c
commit d7099b0ad4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 77 additions and 0 deletions

View file

@ -2,3 +2,4 @@ chore_allow_customizing_microtask_policy_per_context.patch
deps_add_v8_object_setinternalfieldfornodecore.patch deps_add_v8_object_setinternalfieldfornodecore.patch
revert_heap_add_checks_position_info.patch revert_heap_add_checks_position_info.patch
cherry-pick-f320600cd1f4.patch cherry-pick-f320600cd1f4.patch
cherry-pick-b3c01ac1e60a.patch

View file

@ -0,0 +1,76 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shu-yu Guo <syg@chromium.org>
Date: Mon, 13 May 2024 11:23:20 -0700
Subject: Don't build AccessInfo for storing to module exports
Bug: 340221135
Change-Id: I5af35be6ebf6a69db1c4687107503575b23973c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5534518
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#93872}
diff --git a/src/compiler/access-info.cc b/src/compiler/access-info.cc
index 7cff878839c85cd9c6571ee48f1a0fce081f4471..9d022ba402d7bfdd5ca745a4193ee0de0e3d755e 100644
--- a/src/compiler/access-info.cc
+++ b/src/compiler/access-info.cc
@@ -526,6 +526,14 @@ PropertyAccessInfo AccessorAccessInfoHelper(
Cell::cast(module_namespace->module()->exports()->Lookup(
isolate, name.object(),
Smi::ToInt(Object::GetHash(*name.object())))));
+ if (IsAnyStore(access_mode)) {
+ // ES#sec-module-namespace-exotic-objects-set-p-v-receiver
+ // ES#sec-module-namespace-exotic-objects-defineownproperty-p-desc
+ //
+ // Storing to a module namespace object is always an error or a no-op in
+ // JS.
+ return PropertyAccessInfo::Invalid(zone);
+ }
if (IsTheHole(cell->value(kRelaxedLoad), isolate)) {
// This module has not been fully initialized yet.
return PropertyAccessInfo::Invalid(zone);
diff --git a/src/maglev/maglev-graph-builder.cc b/src/maglev/maglev-graph-builder.cc
index c5587be1e0b5d944d4b4b6f8d4f48f62c41db183..2a79c2bf27d18ee60b130bd0f8d6ff00493cab1e 100644
--- a/src/maglev/maglev-graph-builder.cc
+++ b/src/maglev/maglev-graph-builder.cc
@@ -4116,19 +4116,28 @@ ReduceResult MaglevGraphBuilder::TryBuildPropertyStore(
access_info.holder().value());
}
- if (access_info.IsFastAccessorConstant()) {
- return TryBuildPropertySetterCall(access_info, receiver,
- GetAccumulatorTagged());
- } else {
- DCHECK(access_info.IsDataField() || access_info.IsFastDataConstant());
- ReduceResult res = TryBuildStoreField(access_info, receiver, access_mode);
- if (res.IsDone()) {
- RecordKnownProperty(receiver, name,
- current_interpreter_frame_.accumulator(),
- AccessInfoGuaranteedConst(access_info), access_mode);
- return res;
+ switch (access_info.kind()) {
+ case compiler::PropertyAccessInfo::kFastAccessorConstant:
+ return TryBuildPropertySetterCall(access_info, receiver,
+ GetAccumulatorTagged());
+ case compiler::PropertyAccessInfo::kDataField:
+ case compiler::PropertyAccessInfo::kFastDataConstant: {
+ ReduceResult res = TryBuildStoreField(access_info, receiver, access_mode);
+ if (res.IsDone()) {
+ RecordKnownProperty(
+ receiver, name, current_interpreter_frame_.accumulator(),
+ AccessInfoGuaranteedConst(access_info), access_mode);
+ return res;
+ }
+ return ReduceResult::Fail();
}
- return ReduceResult::Fail();
+ case compiler::PropertyAccessInfo::kInvalid:
+ case compiler::PropertyAccessInfo::kNotFound:
+ case compiler::PropertyAccessInfo::kDictionaryProtoDataConstant:
+ case compiler::PropertyAccessInfo::kDictionaryProtoAccessorConstant:
+ case compiler::PropertyAccessInfo::kModuleExport:
+ case compiler::PropertyAccessInfo::kStringLength:
+ UNREACHABLE();
}
}