The compiler is only interested in the contents if it contains a
FeedbackVector. If one is discovered, it is serialized, and we
ensure we'll either return it or nothing if the contents of
the cell changed on the main thread.
FeedbackCells can be reset if the bytecode for the associated
function is flushed. We have guarantees only for functions we
choose to inline that this doesn't happen (by holding a strong
handle to the SharedFunctionInfo).
Bug: v8:7790
Change-Id: I9ecff3f4aef39169d84501feae9e47f2d118054e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434324
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72260}
Maps and DescriptorArrays are intertwined, but we can separate the
DescriptorArray's information inside DescriptorArrayData. Also,
encapsulate DescriptorArrayData's content and don't return the ZoneMap
as a value.
Bug: v8:7790
Change-Id: Icc29737e4dd9dd33b887e93d4ecd1e3f5aac1153
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624613
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72258}
This CL introduces cppgc::HistogramRecorder api which is similar to the
v8::metrics::Recorder api and is used by cppgc to report histogram
samples to embedders. Embedders should implement the api if they want to
collect histograms and provide an instance of it on heap creation.
CppHeap uses an adaptor class that implements the HistogramRecorder api
and is used to forward the relevant info to the relevant
v8::metrics::Recorder.
The api used 3 data structures: 2 for incremental steps that need to be
reported as they come (marking and sweeping) and 1 for the end of a GC
cycle that aggregates statistics over the entire cycle.
The data structure only provide the "raw" samples (e.g. atomic mark
time, incremental mark time, etc...). The embedder is expected to
compute aggregate histogram on its own (e.g. overall marking time).
Bug: chromium:1056170
Change-Id: If63ef50a29a21594f654edb83084598980d221ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642258
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72256}
In C++17 noexcept becomes part of the type system and thus needs to be
consistently applied between function declarations and definitions.
Change-Id: Ia34faa9d9d1f18916655fd5a1a8ec9f6b414f1e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643391
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72255}
This is a reland of c594a20ed3
Moved the getters to the .cc file to avoid link problems as they
are not performance critical anyway.
Moved ProfileNode::source_type to cc as it uses the _entry() functions
which are no longer inline.
Original change's description:
> [cpu-profiler] Use base::LeakyObject for static CodeEntry objects
>
> This is preferred over the older LazyInstance based stuff, and has
> a lot less boilerplate and is easier to follow.
>
> Bug: v8:8600
> Change-Id: I7c5c5ae04c064b0fc598dc01f1ed5442dc21a17b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640475
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72224}
Bug: v8:8600
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Change-Id: I0ad9118e6d3bd087707609714b20aee1cbc4f459
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642252
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72254}
This reverts commit 6ada6a90ee.
Reason for revert: Revert for link issue:
https://bugs.chromium.org/p/v8/issues/detail?id=11335
Original change's description:
> Reland "Faster JS-to-Wasm calls"
>
> This is a reland of 860fcb1bd2
>
> - Disabled the tests for this feature in V8-lite mode (the original
> change broke V8-lite tests)
> - Also modified test console-profile-wasm.js that was brittle with this
> change because it assumed that there was always a JS-to-Wasm wrapper
> but this is not the case when the TurboFan compilation completes before
> the Liftoff-compiled code starts to run.
>
> More changes in Patchset 8:
>
> - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
> into a new phase, wasm-inlining that reuses the JSInliner reducer.
> The doc
> https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
> describes the new logic.
>
> - Fixed a couple of small issues in wasm_compiler.cc to make sure that
> the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
> this should solve the problem we had inlining the calls in functions
> that can throw exception.
>
>
> Original change's description:
> > Faster JS-to-Wasm calls
> >
> > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
> >
> > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
> > the basis of the signature of a Wasm function to call, and whose task
> > is to:
> > - set "thread_in_wasm_flag" to true
> > - convert the arguments from tagged types into Wasm native types
> > - calculate the address of the Wasm function to call and call it
> > - convert back the result from Wasm native types into tagged types
> > - reset "thread_in_wasm_flag" to false.
> >
> > This CL tries to improve the performance of JS-to-Wasm calls by
> > inlining the code of the JS-to-Wasm wrappers in the call site.
> >
> > It introduces a new IR operand, JSWasmCall, which replaces JSCall for
> > this kind of calls. A 'JSWasmCall' node is associated to
> > WasmCallParameters, which contain information about the signature of
> > the Wasm function to call.
> >
> > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
> > of the Wasm function, when the conversion is not necessary.
> > The actual inlining of the graph generated for this wrapper happens in
> > the simplified-lowering phase.
> >
> > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
> > lazy deoptimizations that can happen if the Wasm function callee calls
> > back some JS code that invalidates the compiled JS caller function.
> >
> > Bug: v8:11092
> > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> > Cr-Commit-Position: refs/heads/master@{#71824}
>
> Bug: v8:11092
> Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
> Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#72147}
Tbr: ahaas@chromium.org, jgruber@chromium.org
Bug: v8:11092, v8:11335
Change-Id: Iab2908928dfe7ea353f70cb5d3bf2de4d3074db6
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644758
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72253}
On x64, reference types where not handled yet in LiftoffAssembler::push.
Note that the values pushed on the stack there do not have to be
handled by a safepoint. The reason is that stack parameters in general
are handled separately from safepoints.
R=thibaudm@chromium.org
Bug: chromium:1168116
Change-Id: Ie62479c13839f0ba240d0e41fa76d07a2cc48881
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642263
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72252}
This ensures that large objects have alignment suitable for a fixed
double arrays.
Bug: chromium:1161759
Change-Id: I64fe88d641fedbb5e27c2b38c1b9a4e75cab535a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639959
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72251}
There are several use cases related to collections that require
tracing a raw pointer.
Bug: chromium:1056170
Change-Id: I162b5380e7bddd7be62cbc74aa0031c8695220a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643385
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72250}
If a single background thread generates more code than
{kMaxCodeSpaceSize}, we cannot add them as one chunk. This CL adds a
CHECK to guard against that. If we find that this CHECK is hit in the
wild, we need to fix this for real.
R=ahaas@chromium.org
Bug: v8:11339
Change-Id: I549ecd79747bdf14a65b297c01779953e053abf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643382
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72247}
When kSpeculationPoisonRegister is a7, the test
TestFastJSWasmCall_MultipleArgs failed.
Besides, delete an unuse member named table_entry_size_.
Change-Id: Ic2c8b68d50c02dca7c41520ceb217fec33fe8cc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644539
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72245}
Instead of loading the same mask twice, we load from an external
reference twice. This saves some some binary size and a bunch of
instructions.
Bug: v8:11002
Change-Id: Ice80bd10694dcca920e18b8043390d7631c65805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643404
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72242}
Code fo Instruction Selection is added to the comments
and should be added when opcode is moved out of being a prototype.
Bug: v8:10983
Change-Id: I55948208e0ba0e903b267e0ca3e5815cb673d264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642155
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72241}
These are never generated by the instruction-selector, and don't need to
be defined.
Bug: v8:11074
Change-Id: I83a5760b6350155fd19d069be6aeeec5887e5880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643396
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72237}
It acquires the string lock to avoid race conditions. It does so in a
slow way (by getting the isolate from the string) to avoid piping the
Isolate through.
Bug: v8:7790, chromium:1166095
Change-Id: I8b769b4e96ee780314359d1d15d712012aade88a
Fix: chromium:1166095
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637861
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72236}
Those flags are only used in the simulators, hence hide them for
non-simulator builds.
Move the --log-colour flag out of the simulator block, because it
is also used in other components.
R=ahaas@chromium.org
Bug: v8:11074
Change-Id: Iafe3c6ba0ee78b2cf0b0dff7299a9b588d136ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642262
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72234}
With this change, the GC will compute the size for ScopeInfo instances
based on a combination of flags, context_local_count, and possibly
module_variable_count, rather than using the FixedArray-style length
field. After this change and a few more cleanups, we should be able to
remove that length field and save a few bytes.
Bug: v8:8952
Change-Id: Ica8e51ee106685b44fcc55556b4bb124afc91cfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2598461
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72231}
deoptimized-frame-info: Used only by the debugger.
translated-state: Combines translations and current frame states to
describe in- and output frames.
translation-array: Utils for accessing the on-heap TranslationArray
object.
Bug: v8:11332
Change-Id: I86757bed370d6d9e493862eb24a9e92533f80933
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640414
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72229}
This CL keep the Deoptimizer class in deoptimizer.{h,cc} and moves
everything else into translations.{h,cc}. Translations may be further
split up in follow-up work.
Drive-by: Remove dead code and clean up includes.
Bug: v8:11332
Change-Id: If774399843da1322c01e03d71c97b10fc88e45cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639955
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72228}
Provide a way to trigger a write barrier when updating the embedder
fields. In future, such a mechanism should be encapsulated into V8.
Bug: chromium:1056170
Change-Id: I4e43362993c3e58d5bebdd58a7d46a39c0aa4f06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640419
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72227}
This is a reland of d1da9694d4
Relanding now that fixes for perfetto and cppgc are in:
https://chromium-review.googlesource.com/c/v8/v8/+/2640458https://chromium-review.googlesource.com/c/v8/v8/+/2640480
Original change's description:
> [build] Enable external flag header by default
>
> Turns on v8_generate_external_defines_header.
>
> Bug: v8:11292
> Change-Id: I4b1d9b47390b560b7cbf677948310694d8b03367
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2610966
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72201}
Bug: v8:11292
Change-Id: Ia47eeb6c45f4cc3db72c10782d677b69506fa3d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642249
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72226}
This reverts commit c594a20ed3.
Reason for revert: Speculative revert for link issues: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/14658/overview
Original change's description:
> [cpu-profiler] Use base::LeakyObject for static CodeEntry objects
>
> This is preferred over the older LazyInstance based stuff, and has
> a lot less boilerplate and is easier to follow.
>
> Bug: v8:8600
> Change-Id: I7c5c5ae04c064b0fc598dc01f1ed5442dc21a17b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640475
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72224}
TBR=petermarshall@chromium.org,clemensb@chromium.org
Change-Id: I2e4fce9bc58d289338814f3ee1b1520a97dfd3cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8600
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642251
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72225}
This is preferred over the older LazyInstance based stuff, and has
a lot less boilerplate and is easier to follow.
Bug: v8:8600
Change-Id: I7c5c5ae04c064b0fc598dc01f1ed5442dc21a17b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640475
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72224}
Add a dependency to a cppgc target for the the cppgc unit tests sources
so that the header files are used correctly. Previously it was working
because it added the external config which sets up the include
directories correctly, but would fail if the v8-gn.h file was not
generated quickly enough or if the cppgc_unittests_sources was built on
its own.
Bug: v8:11292
Change-Id: If12be4809b59b8dd5705468ad0343a1118547092
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640458
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72222}
This fixes typing (and type conversions) in the two compilers and adds a
test for executing a memory.size instruction in memory64.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: Ic06b224437cb818ad74d0732fc4c8e08c9095231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2632594
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72219}
The icache and jump-table-assembler tests need memory that is both
writable and executable. On Mac, to do this we need to pass MAP_JIT to
mmap which is wired with the VirtualMemory::JitPermission flag.
Change-Id: If8236fa8983a4a59ef39fe777f26a02103dc6f75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637227
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#72217}
This CL lands a workaround for a bug causing the linker to merge
ExternalOneByteStringGetChar() and ExternalTwoByteStringGetChar() which
leads to the generated vtable address checks failing on one of the
inputs.
To make the two function's machine code different (to prevent the
linker from merging them), this CL adds CHECKs of the arguments to both
functions.
Bug: chromium:1160961
Change-Id: Ifc4c6e4e05a394a6f27572877abb765d02fd23ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640478
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72216}
Previously ShouldHaveBeenSerialized() would return false for
kPossiblyBackgroundSerializedHeapObject objects which prevented
checks for whether the correct serialization had been done before
accessing Map::prototype() for these ObjectRefs.
BUG=chromium:1168435,v8:7790,v8:9684
Change-Id: I31b4cf7c7ce67ba1c46aea1451172b279d215508
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640479
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72215}
Adds v8config.h include before using V8_USE_PERFETTO to fix build errors
when v8_generate_external_defines_header and v8_use_perfetto are both
enabled.
Bug: v8:11292
Change-Id: I4ea5fd39ca7eaaa5ad64b532d26df7933da41659
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640480
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72214}
This will places builtins in .text$hot code section that is generated by native compiler PGO
Change-Id: I9e66eea99fc9b25cda9d9a9d1f57a0cd43d3a924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2628595
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72213}
This was previously removed in
https://chromium-review.googlesource.com/c/v8/v8/+/946129.
Given that test/mjsunit/compiler/regress-817225.js no longer
reproduces, and that the original CL removed only one occurrence of
this common pattern, it's not clear that it fixes anything.
Bug: v8:7519
Change-Id: I973a581e1e6cdea5ba2ff31364bd6701602fc8d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637854
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72212}
