deps: V8: add CopyArrayBufferViewBytes API

Add v8::ArrayBufferView::CopyArrayBufferViewBytes, which copies a byte
range from one ArrayBufferView to another. Unlike the existing
v8::ArrayBuffer::CopyArrayBufferBytes, it operates on the *views*: it
resolves each view's data pointer directly (JSTypedArray::DataPtr /
DataView::data_pointer) and reads the backing buffer's shared/immutable/
detached flags as plain field loads, without ever materializing or
fetching the views' ArrayBuffers.

This exists because materializing the ArrayBuffer is expensive. Profiling
Buffer.prototype.copy (perf, AMD EPYC 9135, x86-64) showed that for small
copies the dominant native cost is ArrayBufferView::Buffer() ->
JSTypedArray::GetBuffer() -- ~25% of total runtime, paid on every call
(not just first materialization) and incurred twice (source and target).
Add ByteOffset() (~7%) and IsSharedArrayBuffer() (~6%) and roughly 38% of
a small copy is spent turning two views into ArrayBuffers and querying
them piecemeal, while the actual memmove is ~4%. Routing the node binding
through CopyArrayBufferBytes forces all of that onto the embedder side; a
view-level entry point folds it into a single call of cheap field reads.

Byte ranges are clamped to both views' byte lengths. Nothing is copied
when the source is detached/out-of-bounds or the target is detached/
out-of-bounds or backed by an immutable ArrayBuffer; the number of bytes
actually copied is returned. When both views are backed by a
SharedArrayBuffer a relaxed-atomic memmove is used, honoring the
SharedArrayBuffer memory model; any other combination performs a plain
memmove on the backing store (matching CopyArrayBufferBytes).

Carried as a floating patch; v8_embedder_string is bumped to -node.22
accordingly. It is the natural sibling of the CopyArrayBufferBytes API
added in the preceding floating patch and touches nothing but the public
ArrayBuffer/ArrayBufferView API.

Refs: #55422
Signed-off-by: Robert Nagy <ronagy@icloud.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: ronag

common.gypi

@@ -40,7 +40,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.21',
+    'v8_embedder_string': '-node.22',
 
     ##### V8 defaults for Node.js #####
 

deps/v8/include/v8-array-buffer.h

@@ -477,6 +477,26 @@ class V8_EXPORT ArrayBufferView : public Object {
    */
   bool HasBuffer() const;
 
+  /**
+   * Copy up to |bytes_to_copy| bytes from |source| (starting |source_start|
+   * bytes into the view) to |target| (starting |target_start| bytes into the
+   * view). The byte range is clamped to both views' byte lengths. The views'
+   * data pointers are resolved directly, without materializing their
+   * ArrayBuffers, avoiding the overhead of ArrayBufferView::Buffer /
+   * JSTypedArray::GetBuffer.
+   *
+   * Nothing is copied if |source| is detached or out of bounds, or if |target|
+   * is detached, out of bounds, or backed by an immutable ArrayBuffer. When
+   * both views are backed by a SharedArrayBuffer the copy uses a relaxed-atomic
+   * memmove that honors the SharedArrayBuffer memory model. Returns the number
+   * of bytes actually copied.
+   */
+  static size_t CopyArrayBufferViewBytes(Local<ArrayBufferView> source,
+                                         size_t source_start,
+                                         Local<ArrayBufferView> target,
+                                         size_t target_start,
+                                         size_t bytes_to_copy);
+
   V8_INLINE static ArrayBufferView* Cast(Value* value) {
 #ifdef V8_ENABLE_CHECKS
     CheckCast(value);

deps/v8/src/api/api.cc

@@ -4246,6 +4246,43 @@ static size_t CopyArrayBufferBytesImpl(const void* source_buffer,
   return bytes_to_copy;
 }
 
+struct ArrayBufferViewBytes {
+  char* data;
+  size_t length;
+  bool is_shared;
+  bool is_immutable;
+};
+
+// Resolves a view's data pointer, byte length and backing-buffer flags without
+// materializing its ArrayBuffer (i.e. without JSTypedArray::GetBuffer, which is
+// comparatively expensive). A detached or out-of-bounds view resolves to an
+// empty {nullptr, 0} range.
+ArrayBufferViewBytes GetArrayBufferViewBytes(
+    i::Tagged<i::JSArrayBufferView> view) {
+  if (view->IsDetachedOrOutOfBounds()) return {nullptr, 0, false, false};
+  if (i::IsJSTypedArray(view)) {
+    i::Tagged<i::JSTypedArray> array = i::Cast<i::JSTypedArray>(view);
+    i::Tagged<i::JSArrayBuffer> buffer = array->buffer();
+    return {reinterpret_cast<char*>(array->DataPtr()), array->GetByteLength(),
+            buffer->is_shared(), buffer->is_immutable()};
+  }
+  if (i::IsJSDataView(view)) {
+    i::Tagged<i::JSDataView> data_view = i::Cast<i::JSDataView>(view);
+    i::Tagged<i::JSArrayBuffer> buffer =
+        i::Cast<i::JSArrayBuffer>(data_view->buffer());
+    return {reinterpret_cast<char*>(data_view->data_pointer()),
+            data_view->byte_length(), buffer->is_shared(),
+            buffer->is_immutable()};
+  }
+  i::Tagged<i::JSRabGsabDataView> data_view =
+      i::Cast<i::JSRabGsabDataView>(view);
+  i::Tagged<i::JSArrayBuffer> buffer =
+      i::Cast<i::JSArrayBuffer>(data_view->buffer());
+  return {reinterpret_cast<char*>(data_view->data_pointer()),
+          data_view->GetByteLength(), buffer->is_shared(),
+          buffer->is_immutable()};
+}
+
 size_t v8::SharedArrayBuffer::CopyArrayBufferBytes(
     size_t source_start, size_t bytes_to_copy, Local<SharedArrayBuffer> target,
     size_t target_start) const {
@@ -8960,6 +8997,40 @@ size_t v8::ArrayBuffer::CopyArrayBufferBytes(size_t source_start,
                                          that->GetByteLength(), bytes_to_copy);
 }
 
+size_t v8::ArrayBufferView::CopyArrayBufferViewBytes(
+    Local<ArrayBufferView> source, size_t source_start,
+    Local<ArrayBufferView> target, size_t target_start, size_t bytes_to_copy) {
+  i::DisallowGarbageCollection no_gc;
+  ArrayBufferViewBytes src =
+      GetArrayBufferViewBytes(*Utils::OpenDirectHandle(*source));
+  ArrayBufferViewBytes dst =
+      GetArrayBufferViewBytes(*Utils::OpenDirectHandle(*target));
+
+  // Never write to an immutable target. Detached/out-of-bounds views resolve to
+  // a zero length, so they fall out through the clamping below.
+  if (dst.is_immutable) return 0;
+
+  source_start = std::min(source_start, src.length);
+  target_start = std::min(target_start, dst.length);
+  bytes_to_copy = std::min(
+      {bytes_to_copy, src.length - source_start, dst.length - target_start});
+  if (bytes_to_copy == 0) return 0;
+
+  char* source_data = src.data + source_start;
+  char* target_data = dst.data + target_start;
+  // A relaxed-atomic memmove is only required when both views are backed by a
+  // SharedArrayBuffer; any other combination performs a plain memmove on the
+  // backing store, matching v8::ArrayBuffer::CopyArrayBufferBytes.
+  if (src.is_shared && dst.is_shared) {
+    base::Relaxed_Memmove(
+        reinterpret_cast<base::Atomic8*>(target_data),
+        reinterpret_cast<const base::Atomic8*>(source_data), bytes_to_copy);
+  } else {
+    std::memmove(target_data, source_data, bytes_to_copy);
+  }
+  return bytes_to_copy;
+}
+
 namespace {
 std::shared_ptr<i::BackingStore> ToInternal(
     std::shared_ptr<i::BackingStoreBase> backing_store) {