Add logic to drop cyclic contradictory flags from
correctness-fuzzing command lines. Add the currently known
biggest offenders.
Without this, the correctness fuzzing harness runs into a CHECK
failure during smoke testing, when attempting to pass cyclic flags
to d8. It fails fast, but uselessly burns fuzzing time.
This change drops one of the known cyclic flags instead to make the
test run still useful. The precedence is right to left like in the
V8 test framework.
Additionally on Clusterfuzz, all crashes during smoke testing are
deduped as one crash report. We don't know if there are other
problems before this one is fixed/hidden.
No-Try: true
Bug: chromium:1330303
Change-Id: I06cbb4655cd3cf467f5cce6f84dba653834ca72e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865562
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82939}
The intention is to be restrictive for now: modules should not
start to depend on this subtyping while the stringref type
hierarchy question is being settled (see
https://github.com/WebAssembly/stringref/issues/3 for details).
Bug: v8:12868
Change-Id: I0140e72f92550c88393dc84bb1fa3ce65840a048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865019
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82937}
At the start of the graph builder, we add merge states to exception
handlers basic block with ExceptionPhis (normal phis with no input,
but with an interpreter register "owner").
Every Node that can throw, can also lazy deopt, so we use the
lazy deopt IFS to recover the exception phi values in a trampoline
before jumping to the exception catch block.
Bug: v8:7700
Change-Id: I62fe7f19ce5e89c3df645224ea62f9fc2798207c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865865
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82935}
This change adds support for defining globals whose value is imported
and not defined inline. This was already possible for importing globals
from other modules, now it is also supported for non-global values, e.g.
values created by a wasm function and exported to JS.
Bug: v8:7748
Change-Id: I4fe22a7ab33b431cb731458900c0f332dff8b8f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865554
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82934}
Instead of implementing our own shared mutex, use std::shared_mutex,
which does not have the problem of deadlocking when interrupted by
signals (see https://crbug.com/v8/12037).
This is on Mac only, for now. If this fixes the regressions, we can
switch all systems to std::shared_mutex.
R=ishell@chromium.orgCC=dmercadier@chromium.org
Bug: v8:12037, v8:13256, chromium:1358856
Change-Id: Ie4be7cc5431905ca1e4f74809168eb6a9f584d28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870465
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82933}
ResumeGenerator is semantically a successor of SuspendGenerator (for
reasoning about liveness), but operationally it's a successor of
SwitchOnGeneratorState. This means that the jump to ResumeGenerator will
always create a new basic block, even if the SuspendGenerator was dead.
This causes problems if we made other assumptions on liveness based on
the semantics; in particular, we assume that JumpLoop is dead if the
loop header is dead (thanks to loop irreducibility).
SwitchOnGeneratorState breaks irreducibility, and this manifests as the
JumpLoop being alive and trying to jump to a dead header.
Since this is a special case, and loops are otherwise irreducible, we
can also fix it with a special case; namely, MarkBytecodeDead now has a
special case for SuspendGenerator which manually advances the iterator
and kills the ResumeGenerator.
Bug: v8:7700
Change-Id: Ice162f061e7ba1dda7ceb4f6fe9234889655b417
Fixed: v8:13250
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865556
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82931}
Check the function for TF code before finalizing a maglev compilation,
so that we don't accidentally overwrite the higher tier.
Bug: v8:7700
Change-Id: I20eb4e25f3bf2710b6e65f9d866cad143e77943d
Fixed: chromium:1359114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870464
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82929}
This CL refactors most of the cctests and unittests (22 out of 31) that
directly invoke heap GC, so that the corresponding internal heap methods
are called from a few specific places in boilerplate code. This will
facilitate impending changes to the interface of GC-related internal
heap methods.
Bug: v8:13257
Change-Id: Ia6773a7952501b0792b279b799171519620497d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869264
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82927}
Use the correct helper function to emit an immediate.
Fixed: chromium:1358909
Change-Id: I2f2ae7819f40009b3f9c22067cdf11885d3347ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869265
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82924}
This can save memory in cases where multiple frames in a process use the
same script, with sufficient time between loads that the script's
top-level SharedFunctionInfo is no longer present in the compilation
cache. Merging is relatively fast; it generally takes about one tenth as
long as deserialization.
Bug: v8:12808
Change-Id: I7366a51f1d2ca6a9f551cdf2bdbe0441450cf1bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868088
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82920}
base::SharedMutex was implemented as an exclusive lock on Mac, because
of an OS issue on Mac (see https://crbug.com/v8/12037).
https://crrev.com/c/3855361 then introduced a custom implementation on
Mac, which caused performance regressions (see
https://crbug.com/1358856).
Since we rely on C++17 now, we can instead just use {std::shared_mutex},
which does not seem to have the deadlock issue of {pthread_rwlock_t}.
As a smoke test (and to check whether this actually fixes the
performance regressions), only switch one mutex in Wasm compilation to
std::shared_mutex. If this CL looks good, then other places can be
switched over as well.
R=ishell@chromium.org
Bug: chromium:1358856, v8:13256
Change-Id: Ia56efcb7747f191cc3ed7a381096c8f57142aff8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868954
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82916}
.. just until I can implement the fix.
Bug: v8:7700,v8:13251
Change-Id: I8ccbe8b08351472a1144db46fd8d9bcbd4188633
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865919
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82914}
This CL renames ConcurrentMarking::JobTask to JobTaskMajor, adds
JobTaskMinor, and makes ScheduleJob branch to schedule the respective
JobTask depending on its GarbageCollector parameter.
Bug: v8:13012
Change-Id: Ic7ab15ba70f7d4e86c94a6824623c258aa8b739c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850482
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82913}
Fold the CheckHeapObject check into the other checks (CheckMaps,
CheckString, etc), to avoid emitting a separate IR node with separate
deopt info and a separate actual deopt point.
Allow this check to be elided when we already know the node is a heap
object.
Bug: v8:7700
Change-Id: I981860a6522c082d86abc856cfe1b3ff5658ac59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867733
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82912}
Add a simple forward check elimination based on a side hashmap of "known
node aspects", namely the node type and node map (if any). This set of
aspects is cloned when merge states are created, and destructively
merged when merged into existing merge states -- destructive cloning
here means removing any mismatching information. This allows information
in dominators to be preserved.
Maps are kept separate from node types because we want to distinguish
between stable and unstable maps, where the former need a dependency and
the latter must be flushed across side-effecting calls.
The representation of this known information is currently very
inefficient, and won't win us any compilation speed prizes -- just
ZoneMaps keyed on ValueNode*. We should optimize this to take into
account some sort of liveness information, and clear out nodes that
aren't reachable anymore. There is also a lot more information we could
store per Node, e.g. known loaded fields or alternative representations;
depending on what we want to store and how that has to be invalidated,
we likely might need an alternative way of representing it. This
implementation is good enough for now though, for measuring the impact
of check elimination.
Bug: v8:7700
Change-Id: I2f001dedf8ab5d86f8acaa22416617bd80701982
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865160
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82911}
This CL removes the marking_worklists parameter from the
ConcurrentMarking constructor, and instead sets marking_worklists_
in ScheduleJob based on the new GarbageCollector parameter.
We will use the ConcurrentMarking class for both major and minor
marking later, and this CL does preparatory work for that by allowing
to change the mode of operation (minor/major) through ScheduleJob.
Bug: v8:13012
Change-Id: I44a35155cf19e1df139a6a4e5bc5cbedbc3e00aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850289
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82910}
This is a reland of commit aa541f1c9c
Original change's description:
> [turbofan][arm64] Emit Lsl for Int32MulWithOverflow when possible
>
> Int32MulWithOverflow on arm64 uses a cmp to set flags rather than
> the multiply instruction itself, thus we can use a left shift when
> the multiplication is by a power of two.
>
> This provides 0.15% for Speedometer2 on a Neoverse-N1 machine,
> with React being improved by 0.45%.
>
> Change-Id: Ic8db42ecc7cb14cf1ac7bbbeab0e9d8359104351
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829472
> Commit-Queue: George Wort <george.wort@arm.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82499}
Change-Id: Ib8f387bd41d283df551299f7ee98e72d39e2a3bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865484
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82909}
Remove jump optimization for platforms such as arm64 that
do not support it, and thus unblock alignment in builtins.
This provides a 0.3% improvement in Speedometer2
on a Cortex-A55 machine when PGO is applied.
This patch increases arm64's embedded code size by 0.3%.
Change-Id: Ice09c39f5f3fc954e114b9ee30630c0d9528107c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863281
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82908}
This CL adds src/base/container-utils.h wich contains a few utilities
to make working with containers easier by providing a few additional
functions (e.g. contains, all_equal, ...) that are not (yet) shipped
with C++ standard containers.
Change-Id: I365b88c4286bf58bcac32c7bb89a5b0a98fc3509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865966
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82907}
Sufficiently full pages in new space are promoted as is to old space. If
a string is allocated on such a page, it won't be promoted to the shared
heap. The string can later be promoted by the next full GC, but then it
is promoted from old space, not new space, which was not supported.
Bug: v8:12612
Change-Id: I6133e13bec9ba3110b2b9dbfb4dcef47bde25e90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865162
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82906}
This is a reland of commit 911c7170dc
Re-landed as https://crrev.com/c/3867727 has also been re-landed.
Original change's description:
> [debug] CHECK that a function's context is always available
>
> After https://crrev.com/c/3854501 has landed, we no longer have to
> handle the case that we do not find a function's context in the
> scope iterator even though the function requires one.
>
> This CL renames `NeedsAndHasContext` to `NeedsContext` since we
> always find a scope's context now. Additionally we turn this
> assumption into a dedicated check.
>
> R=bmeurer@chromium.org
>
> Bug: chromium:1246907
> Change-Id: I6458df76689c0bfa6d6b2f8c421f9ce481855547
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865153
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82848}
Bug: chromium:1246907
Change-Id: I5ce4fe458e4614f4d6ee419483c5a9071dc91bbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865555
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82905}
Otherwise we could point to a potentially dead (not allocable)
input to GeneratorStore.
Bug: v8:7700
Change-Id: I113a02e0c1a3eb1b817dc4eb8f538cf40a1d0d3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867729
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82904}
It is possible for IncrementalMarkingJob to be scheduled while MajorMC
is running, but it only gets to run after MajorMC finished.
If concurrent MinorMC is run in the meantime, RunInternal should not
invoke Step, which is currently only supported for MajorMC. This CL adds
a bailout for this case.
Bug: v8:13012
Change-Id: I3012cac3de5195a9f1b85f1ac18b02cef67b004b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867516
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82903}
This is a reland of commit 3297ccca23
This is a straight-up reland of the original CL. The failing test
was flaky and removed with https://crrev.com/c/3868727. We replaced
the test with a proper DevTools e2e test: https://crrev.com/c/3867522
Original change's description:
> [debug] Immediately step-in for 'stack check triggered' debug breaks
>
> This CL changes debug breaks that are triggered via interrupts (i.e.
> via stack check). One client of this behavior is the `Debugger.pause`
> CDP method.
>
> The problem is that when we pause so early, the JSFunction didn't have
> time yet to create and push it's context. This requires special
> handling in the ScopeIterator and makes an upcoming change unnecessary
> complex.
>
> Another (minor) problem is that local debug-evaluate can't change
> context-allocated local variables (see changed regression bug). Since
> the context is not yet created and pushed, variables are written to
> the DebugEvaluateContext that goes away after the evaluation.
>
> The solution is to mirror what `BreakOnNextFunction` does. Instead
> of staying paused in the middle of the function entry, we trigger
> a "step in" and pause at the first valid breakable position instead.
> This ensures that the function context is already created and pushed.
>
> Note that we do this only in case for JSFunctions. In all other cases
> we keep the existing behavior and stay paused in the entry.
>
> R=jgruber@chromium.org
>
> Fixed: chromium:1246907
> Change-Id: I0cd8ae6e049a3b55bdd44858e769682a1ca47064
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854501
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82817}
Change-Id: I1938ccb5979fd80dff530b2ffe3f18714b7eff3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867727
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82901}
Add a mechanism similar to the optimizing compile dispatcher, for tests
to be able to wait for Maglev compilation to finish, and to force
finalization.
Bug: v8:7700
Change-Id: I0ef542001fe9f6622b1231eb9406130ad81c8f6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865551
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82899}
New Flags added:
--log-source-code
--log-source-position
--log-feedback-vector
With the above flags we can choose between detailed or lightweight
logging.
Drive-by-fix:
- Use std::isprint
- Add AppendRawString to avoid vprintf formatting for raw strings
Change-Id: I3e9eda8473153de9620d24617c5a5e12e2e3bd56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863469
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82897}
... which works for stale pointers. The default == operator contains
a DCHECK guarding against Code vs. non-Code object comparisons and
thus it can't be used for stale pointer.
Bug: v8:13252, v8:11880
Change-Id: Iaf80d7d1039515fee0d4d294f1fc4c6689cd8d5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867734
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82896}
This CL skips the MarkingFromInternalFields write barrier when
MinorMC concurrent marking is active, because we do not run Oilpan
young GCs yet.
Bug: v8:13012
Change-Id: Ib73dea8357be6d135290009258b5d172477a633b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865464
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82895}
This is a reland of commit ddafb7a30e
CL is relanded without changes. https://crrev.com/c/3865965 and
https://crrev.com/c/3865967 fixed the failing DCHECKs that caused
this CL to be reverted.
Original change's description:
> [heap] Verify client heaps during shared GC
>
> With --verify-heap verify all client heaps before and after a shared
> GC. This ensures that the OLD_TO_SHARED remembered set is properly
> filled for each client isolate.
>
> Bug: v8:11708
> Change-Id: I1506a419c7a91c5baa87ce251da9861d8ad9e066
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857559
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82829}
Bug: v8:11708
Change-Id: I38bd6724807fee36bc47d70b0d83156b81a2b4fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865968
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82893}
Currently MinorMC does not suport incremental marking but uses the
IncrementalMarking class to bootstrap concurrent marking.
IncrementalMarkingJob::ScheduleTask is called from multiple call
sites which assume major incremental marking. This CL adds a bailout
to ScheduleTask on IsMajorMarking()==false to avoid erreoneously
doing incremental steps while in MinorMC mode.
Bug: v8:13012
Change-Id: I57803a8f258697478a9696716063c8c2cae1ae30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865147
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82891}
This CL removes two DCHECKs which no longer hold with minor
concurrent marking.
Bug: v8:13012
Change-Id: I6f24284f0955c57deeb2fa2c300623d9aedfdd3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865463
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82890}
