deps: cherry-pick 5ba9200 from V8 upstream

juanarbol · juanarbol · commit 92a5707b00ad · 2025-11-07T11:52:00.000-05:00
Original commit message: Fix crash when pausing in for-of loop header Given a for-of loop: for (const each of subject) { The bytecode generator emits the iterator.next call + done check + assigning to `each` all into the source position of `const each`. The pseudo-desugared code looks something like: var tmp; loop { var result = iterator.next(); if (result.done) break; tmp = result.value; PushBlockContext; const each = tmp; // rest of the loop. } This is a problem, as the parser starts the block scope already on the `const each`. If the scope requires a context we can pause on bytecode that has or has not pushed the block context yet, while the source position looks the same. The recent addition of per-script unique scope IDs lets us fix this problem in the debugger: We can check if the scope ID of the runtime scope matches the parser scope. If not, the context was not pushed yet. The debugger already has a `HasContext` helper. We extend it to also check for matching scope IDs and then use `HasContext` where we would read variable values off the context. If the context was not pushed yet, we report them as 'unavailable'. R=leszeks@chromium.org Fixed: 384413079,399002824 Change-Id: Ia2d0008d574e7eaf6c06b640053df696014d37f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6507402 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#100029} Refs: v8/v8@5ba9200 Fixes: #60580 PR-URL: #60620 Signed-off-by: Juan José Arboleda <soyjuanarbol@gmail.com>
diff --git a/common.gypi b/common.gypi
@@ -38,7 +38,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.28',
+    'v8_embedder_string': '-node.29',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/debug/debug-scopes.cc b/deps/v8/src/debug/debug-scopes.cc
@@ -431,6 +431,22 @@ bool ScopeIterator::DeclaresLocals(Mode mode) const {
 }
 
 bool ScopeIterator::HasContext() const {
+  // In rare cases we pause in a scope that doesn't have its context pushed yet.
+  // E.g. when pausing in for-of loop headers (see https://crbug.com/399002824).
+  //
+  // We can detect this by comparing the scope ID of the parsed scope and the
+  // runtime scope.
+  // We can skip this check for function scopes, those will have their context
+  // always pushed. Also, there is an oddity where parsing::ParseFunction
+  // produces function scopes with (-1, -1) as the start/end position,
+  // which messes up the unique ID.
+  if (current_scope_ && !current_scope_->is_function_scope() &&
+      NeedsContext() &&
+      current_scope_->UniqueIdInScript() !=
+          context_->scope_info()->UniqueIdInScript()) {
+    return false;
+  }
+
   return !InInnerScope() || NeedsContext();
 }
 
@@ -538,6 +554,11 @@ void ScopeIterator::Next() {
   MaybeCollectAndStoreLocalBlocklists();
   UnwrapEvaluationContext();
 
+  DCHECK_IMPLIES(current_scope_ && !current_scope_->is_function_scope() &&
+                     NeedsAndHasContext(),
+                 current_scope_->UniqueIdInScript() ==
+                     context_->scope_info()->UniqueIdInScript());
+
   if (leaving_closure) function_ = Handle<JSFunction>();
 }
 
