From 4b0dc3b458dc0a2a95dcea44e63946d11416a58a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Fri, 30 Apr 2021 12:56:37 +0200
Subject: [PATCH 1/2] deps: V8: cherry-pick ab2340a9b994

Original commit message:

    M86-LTS: [compiler] Fix a bug in VisitSpeculativeIntegerAdditiveOp

    (cherry picked from commit 9313c4ce3f32ad81df1c65becccec7e129181ce3)

    No-Try: true
    No-Presubmit: true
    No-Tree-Checks: true
    Bug: chromium:1199345
    Change-Id: I33bf71b33f43919fec4684054b5bf0a0787930ca
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831478
    Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
    Commit-Queue: Georg Neis <neis@chromium.org>
    Cr-Original-Commit-Position: refs/heads/master@{#74008}
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848412
    Commit-Queue: Artem Sumaneev <asumaneev@google.com>
    Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
    Cr-Commit-Position: refs/branch-heads/8.6@{#86}
    Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
    Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}

Refs: https://github.com/v8/v8/commit/ab2340a9b99409c94553eea0f79eed0e19903107
---
 common.gypi                                 |  2 +-
 deps/v8/src/compiler/simplified-lowering.cc | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/common.gypi b/common.gypi
index d4b6b91e18f113..2a849923d3b936 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.61',
+    'v8_embedder_string': '-node.62',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/compiler/simplified-lowering.cc b/deps/v8/src/compiler/simplified-lowering.cc
index a9229617dad037..156d4fcef058ed 100644
--- a/deps/v8/src/compiler/simplified-lowering.cc
+++ b/deps/v8/src/compiler/simplified-lowering.cc
@@ -1426,10 +1426,15 @@ class RepresentationSelector {
     Type right_feedback_type = TypeOf(node->InputAt(1));
 
     // Using Signed32 as restriction type amounts to promising there won't be
-    // signed overflow. This is incompatible with relying on a Word32
-    // truncation in order to skip the overflow check.
+    // signed overflow. This is incompatible with relying on a Word32 truncation
+    // in order to skip the overflow check.  Similarly, we must not drop -0 from
+    // the result type unless we deopt for -0 inputs.
     Type const restriction =
-        truncation.IsUsedAsWord32() ? Type::Any() : Type::Signed32();
+        truncation.IsUsedAsWord32()
+            ? Type::Any()
+            : (truncation.identify_zeros() == kIdentifyZeros)
+                  ? Type::Signed32OrMinusZero()
+                  : Type::Signed32();
 
     // Handle the case when no int32 checks on inputs are necessary (but
     // an overflow check is needed on the output). Note that we do not

From 6b5d3c160747d71d2900734d1f81a807a7553c07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Fri, 30 Apr 2021 12:56:47 +0200
Subject: [PATCH 2/2] deps: V8: cherry-pick 00245033cf75

Original commit message:

    M86-LTS: [compiler] Fix off-by-one error in kAdditiveSafeInteger

    (cherry picked from commit 798fbcb0a3e5a292fb775c37c19d9fe73bbac17c)

    No-Try: true
    No-Presubmit: true
    No-Tree-Checks: true
    Bug: chromium:1198705
    Change-Id: I6b3ad82754e1ca72701ce57f16c4f085f8c87f77
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835705
    Auto-Submit: Georg Neis <neis@chromium.org>
    Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
    Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
    Cr-Original-Commit-Position: refs/heads/master@{#74033}
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850708
    Commit-Queue: Artem Sumaneev <asumaneev@google.com>
    Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
    Cr-Commit-Position: refs/branch-heads/8.6@{#87}
    Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
    Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}

Refs: https://github.com/v8/v8/commit/00245033cf756f86cef7e830661810777aaf3476
---
 common.gypi                       | 2 +-
 deps/v8/src/compiler/type-cache.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common.gypi b/common.gypi
index 2a849923d3b936..aa4279d93ca35c 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.62',
+    'v8_embedder_string': '-node.63',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/compiler/type-cache.h b/deps/v8/src/compiler/type-cache.h
index b71ea8455d544d..54e725c64f7e35 100644
--- a/deps/v8/src/compiler/type-cache.h
+++ b/deps/v8/src/compiler/type-cache.h
@@ -80,7 +80,7 @@ class V8_EXPORT_PRIVATE TypeCache final {
       Type::Union(kPositiveIntegerOrMinusZero, Type::NaN(), zone());
 
   Type const kAdditiveSafeInteger =
-      CreateRange(-4503599627370496.0, 4503599627370496.0);
+      CreateRange(-4503599627370495.0, 4503599627370495.0);
   Type const kSafeInteger = CreateRange(-kMaxSafeInteger, kMaxSafeInteger);
   Type const kAdditiveSafeIntegerOrMinusZero =
       Type::Union(kAdditiveSafeInteger, Type::MinusZero(), zone());