From e66c2dce832bf46b69a31f4249812cb6abedc0dc Mon Sep 17 00:00:00 2001
From: Giancarlo Cordero Ortiz <giancarlo.cordero.ortiz@sap.com>
Date: Tue, 27 Aug 2024 15:53:52 -0400
Subject: [PATCH 1/7] deps: V8: backport f320600cd1f4

Original commit message:

    [wasm-gc] Only normalize JSObject targets in SetOrCopyDataProperties

    Bug: 339458194
    Change-Id: I4d6eebdd921971fa28d7c474535d978900ba633f
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5527397
    Reviewed-by: Rezvan Mahdavi Hezaveh <rezvan@chromium.org>
    Commit-Queue: Shu-yu Guo <syg@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#93811}

Refs: https://github.com/v8/v8/commit/f320600cd1f48ba6bb57c0395823fe0c5e5ec52e
---
 common.gypi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common.gypi b/common.gypi
index ec92c9df4c1ea2..04bab2bb84d597 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.37',
+    'v8_embedder_string': '-node.38',
 
     ##### V8 defaults for Node.js #####
 

From 9d8d3fcb037d4a04f99aa4676698fd6b8ad4330f Mon Sep 17 00:00:00 2001
From: Giancarlo Cordero Ortiz <giancarlo.cordero.ortiz@sap.com>
Date: Tue, 27 Aug 2024 16:28:27 -0400
Subject: [PATCH 2/7] Backport of f320600

---
 deps/v8/src/objects/js-objects.cc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/deps/v8/src/objects/js-objects.cc b/deps/v8/src/objects/js-objects.cc
index 4335a7cf0e4698..09ebc70262cab1 100644
--- a/deps/v8/src/objects/js-objects.cc
+++ b/deps/v8/src/objects/js-objects.cc
@@ -432,9 +432,7 @@ Maybe<bool> JSReceiver::SetOrCopyDataProperties(
       Nothing<bool>());
 
   if (!from->HasFastProperties() && target->HasFastProperties() &&
-      !target->IsJSGlobalProxy()) {
-    // JSProxy is always in slow-mode.
-    DCHECK(!target->IsJSProxy());
+      IsJSObject(*target) && !IsJSGlobalProxy(*target)) {
     // Convert to slow properties if we're guaranteed to overflow the number of
     // descriptors.
     int source_length;

From 7d888ffa61944c162ec63fd8302c7cca20befbe0 Mon Sep 17 00:00:00 2001
From: Giancarlo Cordero Ortiz <giancarlo.cordero.ortiz@sap.com>
Date: Fri, 6 Sep 2024 11:00:16 -0400
Subject: [PATCH 3/7] deps: V8: cherry-pick 6e5e1053fa61

Original commit message:

    Merged: [parser] Using FunctionParsingScope for parsing class static blocks

    Class static blocks contain statements, don't inherit the
    ExpressionScope stack.

    (cherry picked from commit 3e037e195e508dea045f5626862412e8f64fc919)

    Bug: 341663589
    Change-Id: Ice9a710293b028e5d9fd30d5d85c4842f970b152
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5558360
    Reviewed-by: Adam Klein <adamk@chromium.org>
    Reviewed-by: Shu-yu Guo <syg@chromium.org>
    Commit-Queue: Adam Klein <adamk@chromium.org>
    Cr-Commit-Position: refs/branch-heads/12.4@{#38}
    Cr-Branched-From: 309640da62fae0485c7e4f64829627c92d53b35d-refs/heads/12.4.254@{#1}
    Cr-Branched-From: 5dc24701432278556a9829d27c532f974643e6df-refs/heads/main@{#92862}

Refs: https://github.com/v8/v8/commit/6e5e1053fa619b709d6290c12fdef2f0b0641188
---
 common.gypi                       | 2 +-
 deps/v8/src/ast/scopes.cc         | 2 +-
 deps/v8/src/parsing/parser-base.h | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/common.gypi b/common.gypi
index ec92c9df4c1ea2..04bab2bb84d597 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.37',
+    'v8_embedder_string': '-node.38',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/ast/scopes.cc b/deps/v8/src/ast/scopes.cc
index 0d22a4ef4e677e..f84a536fa257c2 100644
--- a/deps/v8/src/ast/scopes.cc
+++ b/deps/v8/src/ast/scopes.cc
@@ -2397,7 +2397,7 @@ bool Scope::MustAllocate(Variable* var) {
     var->set_is_used();
     if (inner_scope_calls_eval_ && !var->is_this()) var->SetMaybeAssigned();
   }
-  DCHECK(!var->has_forced_context_allocation() || var->is_used());
+  CHECK(!var->has_forced_context_allocation() || var->is_used());
   // Global variables do not need to be allocated.
   return !var->IsGlobalObjectProperty() && var->is_used();
 }
diff --git a/deps/v8/src/parsing/parser-base.h b/deps/v8/src/parsing/parser-base.h
index 30dff440f6522b..cdb8da5a1c87f0 100644
--- a/deps/v8/src/parsing/parser-base.h
+++ b/deps/v8/src/parsing/parser-base.h
@@ -2562,6 +2562,7 @@ typename ParserBase<Impl>::BlockT ParserBase<Impl>::ParseClassStaticBlock(
   }
 
   FunctionState initializer_state(&function_state_, &scope_, initializer_scope);
+  FunctionParsingScope body_parsing_scope(impl());
   AcceptINScope accept_in(this, true);
 
   // Each static block has its own var and lexical scope, so make a new var

From d6d914b16b1da4e6037c45f0d619e5287b914add Mon Sep 17 00:00:00 2001
From: Giancarlo Cordero Ortiz <giancarlo.cordero.ortiz@sap.com>
Date: Fri, 6 Sep 2024 11:19:48 -0400
Subject: [PATCH 4/7] Revert backport f320600cd1f4

---
 deps/v8/src/objects/js-objects.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/deps/v8/src/objects/js-objects.cc b/deps/v8/src/objects/js-objects.cc
index 09ebc70262cab1..4335a7cf0e4698 100644
--- a/deps/v8/src/objects/js-objects.cc
+++ b/deps/v8/src/objects/js-objects.cc
@@ -432,7 +432,9 @@ Maybe<bool> JSReceiver::SetOrCopyDataProperties(
       Nothing<bool>());
 
   if (!from->HasFastProperties() && target->HasFastProperties() &&
-      IsJSObject(*target) && !IsJSGlobalProxy(*target)) {
+      !target->IsJSGlobalProxy()) {
+    // JSProxy is always in slow-mode.
+    DCHECK(!target->IsJSProxy());
     // Convert to slow properties if we're guaranteed to overflow the number of
     // descriptors.
     int source_length;

From 16e2bb88619ea7c932d8768b56436bae8482bb9b Mon Sep 17 00:00:00 2001
From: Giancarlo Cordero Ortiz <giancarlo.cordero.ortiz@sap.com>
Date: Fri, 6 Sep 2024 11:28:12 -0400
Subject: [PATCH 5/7] Revert "Revert backport f320600cd1f4"

This reverts commit d6d914b16b1da4e6037c45f0d619e5287b914add.
---
 deps/v8/src/objects/js-objects.cc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/deps/v8/src/objects/js-objects.cc b/deps/v8/src/objects/js-objects.cc
index 4335a7cf0e4698..09ebc70262cab1 100644
--- a/deps/v8/src/objects/js-objects.cc
+++ b/deps/v8/src/objects/js-objects.cc
@@ -432,9 +432,7 @@ Maybe<bool> JSReceiver::SetOrCopyDataProperties(
       Nothing<bool>());
 
   if (!from->HasFastProperties() && target->HasFastProperties() &&
-      !target->IsJSGlobalProxy()) {
-    // JSProxy is always in slow-mode.
-    DCHECK(!target->IsJSProxy());
+      IsJSObject(*target) && !IsJSGlobalProxy(*target)) {
     // Convert to slow properties if we're guaranteed to overflow the number of
     // descriptors.
     int source_length;

From 684f425afaa2388d93056401b75bdd8d2a76a841 Mon Sep 17 00:00:00 2001
From: Giancarlo Cordero Ortiz <giancarlo.cordero.ortiz@sap.com>
Date: Fri, 6 Sep 2024 11:30:30 -0400
Subject: [PATCH 6/7] Revert "deps: V8: cherry-pick 6e5e1053fa61"

This reverts commit 7d888ffa61944c162ec63fd8302c7cca20befbe0.
---
 common.gypi                       | 2 +-
 deps/v8/src/ast/scopes.cc         | 2 +-
 deps/v8/src/parsing/parser-base.h | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/common.gypi b/common.gypi
index 04bab2bb84d597..ec92c9df4c1ea2 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.38',
+    'v8_embedder_string': '-node.37',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/ast/scopes.cc b/deps/v8/src/ast/scopes.cc
index f84a536fa257c2..0d22a4ef4e677e 100644
--- a/deps/v8/src/ast/scopes.cc
+++ b/deps/v8/src/ast/scopes.cc
@@ -2397,7 +2397,7 @@ bool Scope::MustAllocate(Variable* var) {
     var->set_is_used();
     if (inner_scope_calls_eval_ && !var->is_this()) var->SetMaybeAssigned();
   }
-  CHECK(!var->has_forced_context_allocation() || var->is_used());
+  DCHECK(!var->has_forced_context_allocation() || var->is_used());
   // Global variables do not need to be allocated.
   return !var->IsGlobalObjectProperty() && var->is_used();
 }
diff --git a/deps/v8/src/parsing/parser-base.h b/deps/v8/src/parsing/parser-base.h
index cdb8da5a1c87f0..30dff440f6522b 100644
--- a/deps/v8/src/parsing/parser-base.h
+++ b/deps/v8/src/parsing/parser-base.h
@@ -2562,7 +2562,6 @@ typename ParserBase<Impl>::BlockT ParserBase<Impl>::ParseClassStaticBlock(
   }
 
   FunctionState initializer_state(&function_state_, &scope_, initializer_scope);
-  FunctionParsingScope body_parsing_scope(impl());
   AcceptINScope accept_in(this, true);
 
   // Each static block has its own var and lexical scope, so make a new var

From b0f614efd075a7e8fe7ba4675f524e7a00657889 Mon Sep 17 00:00:00 2001
From: Giancarlo Cordero Ortiz <giancarlo.cordero.ortiz@sap.com>
Date: Fri, 6 Sep 2024 13:52:04 -0400
Subject: [PATCH 7/7] Fix pointer dereference

---
 deps/v8/src/objects/js-objects.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deps/v8/src/objects/js-objects.cc b/deps/v8/src/objects/js-objects.cc
index 09ebc70262cab1..0f27fc3c303cf2 100644
--- a/deps/v8/src/objects/js-objects.cc
+++ b/deps/v8/src/objects/js-objects.cc
@@ -432,7 +432,7 @@ Maybe<bool> JSReceiver::SetOrCopyDataProperties(
       Nothing<bool>());
 
   if (!from->HasFastProperties() && target->HasFastProperties() &&
-      IsJSObject(*target) && !IsJSGlobalProxy(*target)) {
+      target->IsJSObject() && !target->IsJSGlobalProxy()) {
     // Convert to slow properties if we're guaranteed to overflow the number of
     // descriptors.
     int source_length;