In the recent port of reduce() and reduceRight(), a check for a length
change during the loop (standard for iterating builtins) was omitted.
We did get array bounds check protection, however it didn't expose
the issue in our tests because the bounds check is against the
backing store length, not against the length in the referring JSArray.
Also added a test for reduceRight().
R=jgruber@chromium.org
Bug: chromium:937676
Change-Id: I76e22e0d71965bff84a0822b1df5dc818a00b50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503732
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60033}
Port 9c7b6e1e8a
Original Commit Message:
This is the implementation of crrev.com/c/766371 for arm.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
R=ahaas@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, miladfar@ca.ibm.com
BUG=
LOG=N
Change-Id: I83df1af8c49f6d6c5b529db599fce61a1da2490d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496549
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60032}
When a function is exported from a WebAssembly module, it is implicitly
wrapped in a WasmExportedFunction. For functions that were imports into
this module, the exported function appears like other Wasm function,
e.g. can be used in tables. When that exported function was re-imported
to another module, the logic to compute the import kind mistakenly
assumed the exported function was indeed originally a Wasm function
and tried to call it directly, instead of treating it like an imported
JS function.
R=ahaas@chromium.org
BUG=v8:8947
Change-Id: Ib8fac81fbe0f49c50cfbfb2e69d9bb60aef91fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503632
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60031}
This allows us to change the page size without affecting Scavenger
heuristics and performance.
Bug: chromium:852420
Change-Id: Idcff4296e88e16f9af0ee6ecd00c63d789866fd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499494
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60028}
The `TurboAssembler::CallRecordWriteStub()` method which generates out-of-line
code to call the write barrier would push and pop arguments to move them to
different registers. Let's use `mov` instructions instead, making sure we handle
overlapping registers.
Change-Id: Ideb654cd558e984ccb90c7cf44b1c2c49f1c5b50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499496
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60026}
This CL changes the language server to store file paths as URIs and
decodes them on-demand during compilation. For now, this will
eliminate the need for an URI encoding function.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: If79f635cb60035f58712c1458ecca3bfa23a6e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1502992
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60025}
Launching Python scripts can fail on Windows if the Python executable
isn't given as the first argument to the shell. This change adds the
path of the current Python executable, as per the behavior of v8gen.py
Change-Id: Iedaf57bcafc4c6aa6ebb89e945ee967cf393da04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497522
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60023}
This reverts commit 821bc64951.
Reason for revert: Fails on ARM hardware :(
https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/9271
Original change's description:
> [wasm simd] Fix F32x4 Min and Max
>
> - Fix F32x4 tests to save results in globals, so they can be checked
> in C++ code. Perform correct checks in case of NaNs.
> - Fix ia32, x64 implementations of F32x4Min, F32x4Max to correctly
> deal with NaNs.
> - Enable tests for all float values on all platforms, except skip
> denormalized results on ARM, and skip extreme values for reciprocal,
> reciprocal square root approximation opcodes.
> - Disable Min, Max test for interpreter (see v8:8425) since it doesn't
> handle NaNs correctly.
> - Fix vmin, vmax implementations in ARM simulator.
>
> Bug: v8:8639
> Change-Id: I87e188e3cb078f09fdacfd9955f426c20a11bf64
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495897
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60021}
TBR=bbudge@chromium.org,gdeepti@chromium.org
Change-Id: Ib0dc8395ff86263fe0c02faa53d90c7da46b50a6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8639
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501732
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60022}
- Fix F32x4 tests to save results in globals, so they can be checked
in C++ code. Perform correct checks in case of NaNs.
- Fix ia32, x64 implementations of F32x4Min, F32x4Max to correctly
deal with NaNs.
- Enable tests for all float values on all platforms, except skip
denormalized results on ARM, and skip extreme values for reciprocal,
reciprocal square root approximation opcodes.
- Disable Min, Max test for interpreter (see v8:8425) since it doesn't
handle NaNs correctly.
- Fix vmin, vmax implementations in ARM simulator.
Bug: v8:8639
Change-Id: I87e188e3cb078f09fdacfd9955f426c20a11bf64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495897
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60021}
Passive elements have a different binary format, where the contents are
instructions instead of function indexes:
0xd0 0x0b -> (ref.null)
0xd2 var:x 0x0b -> (ref.func x)
Bug: v8:8891
Change-Id: Ie7e8efe7b5acdf99622880dd97d28d3c13744dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497516
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60020}
This reverts commit f8a676707d.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/25576
I don't think I've seen MSAN being flaky. Chances are that the change to SFI's object layout indeed left some field uninitialized.
Original change's description:
> Remove builtin-function-id in SFI
>
> builtin_function_id corresponded to BuiltinFunctionId (a manually maintained list of 'interesting' functionsmainly used during optimization). With this change, we nuke builtin-function-id in favor of builtin-id and 8 bits is freed up in SFI.
>
> Bug: v8:6993
> Change-Id: Iee9b539475bc6531c9aa65b1904d1402a9ef30db
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495898
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60017}
TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org,bmeurer@chromium.org,duongn@microsoft.com
Change-Id: Ic3964ce182ddbd7ef529ddb8b78b9bdfb1be7887
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499500
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60018}
builtin_function_id corresponded to BuiltinFunctionId (a manually maintained list of 'interesting' functionsmainly used during optimization). With this change, we nuke builtin-function-id in favor of builtin-id and 8 bits is freed up in SFI.
Bug: v8:6993
Change-Id: Iee9b539475bc6531c9aa65b1904d1402a9ef30db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495898
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60017}
If buffer_ is empty and start_ is zero, even though the MemCopy would be
a no-op, &buffer_[start_] is undefined. buffer_.data() + start_ would
work, but due to a C/C++ language bug, that is technically undefined
too[*] if an empty buffer_.data() returns nullptr, so add a length() ==
0 check, matching methods above.
This was caught by building with _LIBCPP_DEBUG=0.
[*] https://www.imperialviolet.org/2016/06/26/nonnull.html
Bug: chromium:893810
Change-Id: I9f0834ffae6769e0e191e786842e6ecc6c95a58a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1483616
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60016}
AllocateUninitializedJSArrayWithElements into the method.
Prior to the change, if the caller forgets to handle empty case on
their side, AllocateUninitializedJSArrayWithElements would allocate a
new empty FixedArray rather than return the canonical one. This refactor
shifts the burden of canonicalization from the callers to
AllocateUninitializedJSArrayWithElements.
Bug: v8:6777
Change-Id: I1246cb288861b65b51938414a454f21af78f8399
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1480330
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60015}
Moving to gtest allows negative test cases as the current parser
implementation exits the process on a parser error. The CL adds two
small negative tests. The idea is less to get full coverage, but to
have a place for regression tests.
Drive-by-change: Lexer errors need a valid source position scope and
Json parser needs a valid SourceId, otherwise we read OOB when the
error message is generated.
R=petermarshall@chromium.org
Bug: v8:8880
Change-Id: I56c4b9e0a29c8333b2e5e44f8116e5178552d2f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1498472
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60014}
This CL also gives up trying to maintain double and system word
fields at aligned addresses because currently it's not always
maintained (v8:8875) and Torque object definitions do not support
padding fields (v8:8863).
Given that both platforms where pointer compression is going to be
enabled (x64 and arm64) support loading of doubles and full words
from 4-byte aligned addresses we are fine.
Bug: v8:7703
Change-Id: I99fc6da5a0927f4db9b8fb24c7cc0bfc416523bc
Reviewed-on: https://chromium-review.googlesource.com/c/1496974
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60013}
... by skipping over them. Such variables appear in the case of direct
namespace exports and default exports. (Actually, the name used for
default exports used to be "*default*" which is not recognized as
synthetic, so I'm renaming it here to ".default").
Bug: chromium:932111
Change-Id: I0554dae9614334fdc02e78606f2db47e92196429
Reviewed-on: https://chromium-review.googlesource.com/c/1494010
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60012}
This CL removes PPC specific constants and makes the regular heap
object size limit a power of two.
Bug: chromium:852420
Change-Id: I5f4000f76d029d689d22112877eea124774b29d2
Reviewed-on: https://chromium-review.googlesource.com/c/1496367
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60011}
This CL introduces a declaration_position_ field on TypeAlias,
corresponding with the SourcePosition of the name of the
Type where it is declared.
This information is needed by the language server for
"goto defintion".
R=tebbi@chromium.org
Bug: v8:7793
Change-Id: I0de2f7b7ba23b86de34441107ca9982d190c227f
Reviewed-on: https://chromium-review.googlesource.com/c/1497952
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60008}
Bug: v8:8906
Change-Id: I7a07482d2d5de13de11fa2611e3c6ae18439e820
Reviewed-on: https://chromium-review.googlesource.com/c/1493136
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60007}
In the early days of Chrome when we used WebKit there was no support for
ASCII strings on the C++ side, so we put a hint onto these two-byte
strings that said "string only contains one byte data", such that
internally in V8 when these were involved in string operations, we could
instead create the *cheaper* one byte strings.
Nowadays Blink properly supports one-byte string representations and
this additional hint only comes with overhead, since we check it in
quite a few places (i.e. on the hot path for string concatenation), plus
we end up consuming more memory due to the additional string maps.
Removing the hint also frees one bit in the InstanceType zoo for
strings.
This alone improves performance on the `bench-dom-serialize.js` test case
by around **3%**.
Tbr: mstarzinger@chromium.org
Bug: v8:6622, v8:8834, v8:8939
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: I0753f2859cee7b5a37b6f0da64d8ec39fcb044ff
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/1498478
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60006}
Removes the result_size parameter in TFC definitions which
can be infered from the provided CallInterfaceDescriptor.
Previously, the result size was added to support stubs with
custom linkage. However, In pratice, the size don't differ from
the provided CallInterfaceDescriptor (given that it's a DCHECK)
and use mostly JS linkage (only one return).
Change-Id: I8efdb3e3ce1a470735dac84ec6be506e071d2756
Bug: v8:6116
Reviewed-on: https://chromium-review.googlesource.com/c/1495554
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60004}
This adds a new method Isolate::LocaleConfigurationChangeNotification
that clears the cached Locale allowing new Locales to be picked up in
later Locale operations.
It moves Date::DateTimeConfigurationChangeNotification to Isolate
(deprecating the old one) so that the configuration change methods are
found together.
Change-Id: Iffc15e326933c5bc5baf2f0eafdd5c148b8279a8
Reviewed-on: https://chromium-review.googlesource.com/c/1491608
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60003}
Removes JavaScriptFrame::CollectTopFrameForICStats whose last usage was
removed in https://chromium-review.googlesource.com/626016.
Bug: v8:8834
Change-Id: I9ffad0c712816696c56b746a137bed30362550bc
Reviewed-on: https://chromium-review.googlesource.com/c/1496365
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60002}
As the TODO's indicate, these helpers only used by TypedArray#join when it was
implemented in JS. As of https://chromium-review.googlesource.com/c/v8/v8/+/1369330
TypedArray#join is now implemented Torque and was optimized in a way that no longer
requires these helpers anymore.
Bug: v8:7624
Change-Id: I1d1ff80235a12feb3846ff92764e8593ce7c72c9
Reviewed-on: https://chromium-review.googlesource.com/c/1498692
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#59999}
BytecodeArray::SourcePosition and BytecodeArray::SourceStatementPosition
have no implementations and are never called.
Bug: v8:8834
Change-Id: I919c871795084766856dfbff5344c037b6f33dd0
Reviewed-on: https://chromium-review.googlesource.com/c/1497009
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59998}
After 54a1889, Bug:7464, the permission of the page is read only, but this function need write permission.
Since this function is not used, just remove it.
Change-Id: I5a5976ab773bd808920893bbd2e3d9796e89e804
Reviewed-on: https://chromium-review.googlesource.com/c/1490813
Reviewed-by: Predrag Rudic <prudic@wavecomp.com>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#59995}
Remove the duplication of the allocation logic via the
AllocateOneByteConsString and AllocateTwoByteConsString helpers, and
instead just have a diamond to figure out the result map. This reduces
code size of the StringAdd_CheckNone builtin and even seems to be
beneficial performance wise. It seems to improve the performance on
the `bench-dom-serialize.js` test by around 1% just doing this.
Drive-by-fix: Remove the `flags` from CodeStubAssembler::StringAdd()
and its helpers, since we no longer support pretenuring of string
additions (for quite a while now).
Bug: v8:8834, v8:8939
Change-Id: Ia23e02c974b5f572930fcd45be0643094ab2fa98
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/1498133
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59993}
Stringification of Json wrongly used quotes for "true", "false" and
"null".
Drive-by: Manually flush std::cout when sending messages. This might
fix the server on windows.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: Ie499595a1b429514c5d8b1d3ece24f4690ece02e
Reviewed-on: https://chromium-review.googlesource.com/c/1498132
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59992}
This is a cosmetic change aimed to reduce compilation
time spent on instantiating things and potentially reduce
code (in case instantiated specializations are in
different shared objects).
Change-Id: I719b4d376a0d707f4724555a2f404327d19d8477
Reviewed-on: https://chromium-review.googlesource.com/c/1484298
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59988}
When running under simulator, all arm64 JIT instructions are interpreted by
simulator via normal memory read, then no need to do icache/dcache flush.
Also when running under simulator, cache_type_register_ is set to 0 explicitly
in above CacheLineSizes class, which results in 0 value in both dstart and
istart, then causes flush on this incorrect range.
Bug: chromium:893460
Change-Id: Ief6cb09a0e89f7ede0761ad676ea6a882e9f4600
Reviewed-on: https://chromium-review.googlesource.com/c/1492514
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59987}
I thought about potentially adding the identifer ref to the error but
that would require allocating a new string or at the very least
increasing the size of the resulting cons string. Given that the
parser is pretty performance sensitive, I've decided to not display
the identifier.
Previously, the error was:
_test.js:3: Error
a[foo].c = () => { throw Error(); };
^
Error
at a.(anonymous function).c (_test.js:3:26)
at _test.js:5:1
With this patch, the error becomes:
_test.js:3: Error
a[foo].c = () => { throw Error(); };
^
Error
at a.<computed>.c (_test.js:3:26)
at _test.js:5:1
Bug: v8:8823
Change-Id: I557b3517e317652c447ca06c5a400e9625353d9b
Reviewed-on: https://chromium-review.googlesource.com/c/1495017
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59985}
