This is a reland #3. The fixes were landed separately.
Perf Sheriffs: this CL might regress some benchmarks while improving
the others.
Bug: v8:11880
Change-Id: I8ed5bf59360649718960dc34c06015ee6ff1532a
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_compile_dbg
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422643
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78854}
Change-Id: Ie62c4d46b767f1dcf70e8e75a30b5fc4d90ac295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424897
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78851}
Runtime_HasProperty already does the right thing; this CL is directing
more cases to it.
Bug: v8:12580
Change-Id: I16ae6099fa9781ecc663085e87a7fc59abd10d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422639
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78850}
We can now specify the trials for clusterfuzz using the file
clusterfuzz_trials_config.json. There is also a presubmit check
to make sure that it is formatted correctly.
Change-Id: Iafb7063b63b1daeb7653830542d13b419cf187d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416191
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78848}
This reverts commit 517ed4ad00.
Reason for revert: There still seems to be an issue on V8 Win msvc related to this CL (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/20568/overview).
Original change's description:
> Reland "[Torque] Generalize Torque literals to larger size"
>
> Previously, literals in Torque were stored as double values, which
> made it impossible to precisely represent 64 bit integer values.
> This CL replaces the old literal expression with an integer and
> floating point literal expression that are unbounded in size. We
> allow implicit conversion of these literals to arbitary integer
> and floating point types respectively and insert a corresponding
> bounds check into generated CSA.
>
> Changes in the reland: Simplified IntegerLiteral to single digit.
>
> Bug: v8:7793, chromium:1289282
> Change-Id: I31c762c2f31165c7a1d0b07842b764e5851ce189
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406750
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78811}
Bug: v8:7793, chromium:1289282
Change-Id: I818cec9625fbd827a4a30088d8c8b759fb6c50d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424484
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78847}
Enable compaction of objects in the map space during a full GC. So far
pages in the map space were never chosen as evacuation candidates. We
might be able to improve memory usage a bit by also compacting map
space. Luckily for us the marking barrier was already emitted when
updating an object's map word.
This CL adds a new flag FLAG_compact_map_space to easily turn off this
feature again. For now we keep this flag (and with that map space
compaction) disabled by default. So GC behavior does not change with
this CL.
Bug: v8:12578
Change-Id: I99c0cd826bd824af5383fb3ce64796693a59d1ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404775
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78844}
Implement the WasmResume builtin, which resumes a wasm suspender
when the corresponding JS promise resolves.
Drive-by 1: Fix detection of empty stacks in the stack frame iterator.
Drive-by 2: Add a stack ID for better tracing.
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191
Change-Id: Ifa3f00c4259f802292b04d426c739e9b551f87b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420827
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78842}
The contents of CodeDataContainer::code_cage_base field was
accidentally written during serialization while zeros should
have been written instead.
Bug: v8:11880
Change-Id: Ib1d66d2fe8cceace19f4feb57950838bfbc89efa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422642
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78841}
Port 99a5bb7484
Original Commit Message:
CallFunction is only called for targets that are checked not to be class
constructors, therefore we can remove the check for class constructors
from CallFunction.
R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I327c075bdd2e561236820818c2a26e8fc4ed6522
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3421506
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78839}
This is a reland of 12e46091a0
Original change's description:
> [heap] Support client-to-shared refs in Code objects
>
> Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
>
> Bug: v8:11708
> Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78819}
Bug: v8:11708
Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78838}
Currently the reconstruction of the shared heap object cache for testing
incorrectly includes the terminating undefined value. Unlike the RO cache
reconstruction, which does not change, the shared heap object cache may be
extended by serializing the live Isolate during testing, so it should skip the
original terminating undefined.
Bug: v8:12007, v8:12584
Change-Id: If73b865567ed7d5b658506e15b1dc8d14bd755d6
Cq-Include-Trybots: luci.v8.try:v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3421726
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78836}
The Descriptor of Builtin defines the allocated machine registers for
its parameters. However, when an argument is in
InterpreterAccumulatorRegister, the Descriptor might require another
machine register holding the the value of this argument and result in a
redundant register-to-register move. This CL avoids this move by
allocating a same register for such argument. It also changes the
assigned registers for Typeof, KeyedLoadIC and KeyedHasIC to align the
use in Baseline Builtins.
Change-Id: I14004d8e44c4c45f2a1bea2c09b06160f615709b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416544
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78833}
This extracts all {dlsym} calls to a single function which is called
once during initialization.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: I068f180e26b92d72e3e1e0ba7c6232c760f202e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417439
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78831}
We can avoid a pointer deref if the ValueSerializer is inlined in
WebSnapshotDeserializer.
Bug: v8:11525
Change-Id: I92d8cac37af3fdbe04a66465f97761bf5a9fd705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417433
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78830}
Rolling v8/build: 45926ba..3a3da2d
Rolling v8/buildtools/third_party/libunwind/trunk: c8a5d43..7246413
Rolling v8/third_party/depot_tools: d586255..289dedd
Rolling v8/third_party/googletest/src: f45d586..0b7798b
Rolling v8/tools/clang: b93ee79..00a9400
Rolling v8/tools/luci-go: git_revision:7528d700b89db0b6feb32be098d40597f738d3c7..git_revision:9c88febc5ab63469baf5aae05a74f8e419970ef3
Rolling v8/tools/luci-go: git_revision:7528d700b89db0b6feb32be098d40597f738d3c7..git_revision:9c88febc5ab63469baf5aae05a74f8e419970ef3
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Iac896e6c72fc33bba8e8b96190d62028c4aedcf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422885
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78828}
Port 54604990c6
Change-Id: I011a9bf1329e7499cb8d288186a098e6768e1436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3419126
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78827}
With dynamic tiering, the total amount of code generated for a
WebAssembly module decreases significantly. However, the amount of
code space we reserved for generated code has not been adjusted yet.
This CL adds a parameter for dynamic tiering to
EstimateNativeModuleCodeSize. If dynamic tiering is used, then the code
space reserved for TurboFan gets reduced to a quarter of the code space
without dynamic tiering.
Reserving a quarter of the space seems to be still quite generous. Even
Google Earth, seems to use a lot of its code, only needs less than 20%.
R=clemensb@chromium.org
Bug: chromium:1285334
Change-Id: I7dce0821b5e46d7240dfb1523031de84b1fe1348
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420307
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78826}
Drive-by fix to align what builds the test runner considers to be able
to have shared memory features and what builds can create a shared
Isolate.
Bug: v8:12007
Change-Id: I151513ccbfbee31e5b35c5ce8e9192732eabfee2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3421507
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78824}
This fixes the `unused variable` error in release builds
with gcc.
Change-Id: I637dac3968e768960035960b846b2783f92571d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3421511
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78822}
This reverts commit 12e46091a0.
Reason for revert: new test fails on GC stress bot:
https://cr-buildbucket.appspot.com/build/8823858142855002833
Original change's description:
> [heap] Support client-to-shared refs in Code objects
>
> Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
>
> Bug: v8:11708
> Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78819}
Bug: v8:11708
Change-Id: If8d15a22651f8b1cfca61be21a81f60b43f008a4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3421725
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78821}
Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
Bug: v8:11708
Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78819}
- It changes ContextSlotIndex from static to non-static.
- Updates ContextSlotIndex and ScriptContextTable::Lookup to use
handles, since it is necessary for the NameToIndexHashTable::Add
- Adds a NameToIndexHashTableLookup to CSA.
- Renames LocalNamesIterator to LocalNamesRange and iterates the
hashtable when local names are not inlined.
Bug: v8:12315
Change-Id: I2c8c933002fe73f4def145bc207825823262d743
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406751
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78818}
This is a reland #2. The fixes were landed separately.
Perf Sheriffs: this CL might regress some benchmarks while improving
the others.
Bug: v8:11880
Change-Id: I397aef5ad5cce42ef189ee10b482805c90ec925a
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_compile_dbg
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417000
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78817}
This CL replaces the equirecursive type system for wasm-gc with the
isorecursive hybrid type system presented here:
https://github.com/WebAssembly/gc/issues/257.
In broad strokes, this includes the following changes:
- In the module decoder, remove equirecursive types. Implement recursive
type groups, subtype definitions, and function/struct/array
definitions. Treat nominal modules as syntactic sugar of an
isorecursive module, where all types belong in the same recursive
group.
- Remove rtt.sub and all related infrastructure.
- Change subtyping to work with explicit supertypes only.
- Add ValidSubtypeDefinition in subtyping, to check that subtype
declarations are valid during decoding.
- Remove the subtyping cache.
- Add support for functions to have specific signature index in
WasmModuleBuilder and in test-gc.cc.
- Adapt tests.
Current restrictions:
- Recursive groups are not stored beyond decoding.
- Type canonicalization is not implemented. No tests relying on types
being considered identical post-canonicalization.
- No cross-module subtyping is possible. Tests relying on cross-module
subtyping have been commented out.
Bug: v8:7748
Change-Id: I69fd04ecc5611f6230c95d5c89d1c520163fffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416239
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78816}
... which was using incorrect cage base value for reading map field.
Drive-by: fix CodeDataContainer verifier - the value returned by
code().InstructionStart() might not always be equal to cached code
entry point value when shared pointer compression cage is enabled.
Bug: v8:11880, chromium:1291299
Change-Id: I1338717095a9a1ad2c056f0af0181eabaef88431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420308
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78815}
With this CL, externref parameters are supported by the generic wrapper.
Externref parameters get handled in a separate loop which runs after the
loop which converts primitive type parameters from JavaScript values to
WebAssembly values. Externref parameters get handled separately because
the conversion of primitive type parameters may cause a GC, and it would
be hard for the GC to identify stack slots which contain reference
parameters which have already been processed.
As an optimization we remember in the first loop if we have seen a
reference parameter. For functions without a reference parameter we
would not iterate the parameters for a second time.
R=thibaudm@chromium.org
Bug: v8:12565
Change-Id: Ib36bee9d8e6b1606250fcd5f2e9cdbbdfed96356
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412079
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78814}
Changes:
- Introduce {TypeDefinition} for wasm modules.
- Introduce an enum {TypeDefinition::Kind} to represent the three
different definition types.
- Collapse the {types}, {type_kinds} and {supertypes} vectors into a
single vector of {TypeDefinition}s.
- Use {TypeDefinition} in WasmModuleBuilder.
- Drive-by: Remove {kNullIndex} in WasmModuleBuilder.
- Drive-by: Tidy-up wasm-module.h.
Change-Id: I97c2c268bcad745176243c693cf169bfa5714f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416233
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78813}
Previously, literals in Torque were stored as double values, which
made it impossible to precisely represent 64 bit integer values.
This CL replaces the old literal expression with an integer and
floating point literal expression that are unbounded in size. We
allow implicit conversion of these literals to arbitary integer
and floating point types respectively and insert a corresponding
bounds check into generated CSA.
Changes in the reland: Simplified IntegerLiteral to single digit.
Bug: v8:7793, chromium:1289282
Change-Id: I31c762c2f31165c7a1d0b07842b764e5851ce189
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406750
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78811}
This CL replaces 'InvalidArgument' with 'ServerError' for
Runtime#getExceptionDetails. The reason is that the error we
raise is on the application level, allowing the DevTools frontend
to handle it to a certain degree. 'InvalidArgument' errors would be
interpreted as "something went really wrong", which is not the case
here.
Bug: chromium:1280141
Change-Id: Id72f06ce8daa06875adeb2528638a80ae61d9e55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420304
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78809}
This is the 1. CL in a series of CollectGarbage refactoring CLs.
Bug:v8:12503
Change-Id: Ia0871df79bf9e1732d6c416079a387cd494196ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3419918
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78807}
Add JumpLoop to the list of bytecodes that unconditionally exit a
block, so that bytecodes are not emitted after a JumpLoop until there's
a bound label.
As a drive by, fix the bytecode random iterator's initialisation to use
'done()' directly (the old condition worked for Return, but was failing
for wide JumpLoops that ended the bytecode).
Change-Id: I63910602efbac8ad2b995a8fe6559a9f8f4b83b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3419919
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78806}
This field points to the start of the WASM memory buffer for the
instance, which is an ArrayBuffer and so guaranteed to be located inside
the sandbox if it is enabled. As such, this simply turns the field into
a sandboxed pointer field.
Bug: chromium:1218005
Change-Id: I847aebf5c29fcf1ab1163809350204db5b685a10
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359630
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78805}
