Bug: v8:7790
Change-Id: Iae4374e352aea0169d4fe1eba5d825c16efe3940
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2715198
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72999}
When calling new WebAssembly.Table, the returned error message refers
accidentally to the WebAssembly.Module() constructor.
There will be a corresponding Chromium CL fixing expected error messages
in WPTs.
R=ahaas@chromium.org
Bug: v8:11356
Change-Id: I57f5e071d5c542615523345283d7c3613fb7a616
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2663155
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72998}
The precise type is only used for validation. For code generation,
knowing the kind is more than enough. Hence, only store and pass the
ValueKind in Liftoff, and not the full ValueType.
R=manoskouk@chromium.org
Bug: v8:11477
Change-Id: Ia42c0fa419f75b508bd2f210c767b631e93d3398
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707170
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72997}
Upcoming CLs will need atomic accessors for non-smi values. This CL
adds the full set of relaxed and acquire/release indexed accessors,
and I also take the opportunity to update the old
`synchronized_set(i, v)` style to `set(i, v, ReleaseStoreTag)`.
Bug: v8:7790
Change-Id: Ic4fa4ec52319ec943415f0e9ae515a00b04cbbc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717305
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72995}
Use external refs to load the masks neded for i8x16.swizzle. Before it
would need 3 instructions (2 moves + 1 pshufd), now it requires 2 moves.
Also on AVX we can relax the dst == src requirement, which can
potentially save a move too.
Bug: v8:11346
Change-Id: If350529de7272a7b178e12778a5e02813b34631c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2713168
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72989}
Compact some of the name definitions for wasm opcodes. With the
proposal being in phase 4, the instruction set is fixed, we can now
merge some of the adhoc i64x2 instructions in with the rest.
Bug: v8:11384
Change-Id: I94553b9f2daaa4804deaf1bb18933847897a4213
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708759
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72988}
Extract code sequence into macro-assembler for reuse between Liftoff and
TurboFan.
Bug: v8:11086
Change-Id: I914051dd8126e89f297e892da1b5c1917b47d7f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707763
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72987}
Extract code sequence out into macro-assembler for sharing between
Liftoff and TurboFan.
Bug: v8:11415
Change-Id: I76a5124eea917dc15385c90ce82fccdb31619295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707772
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72986}
Extract code sequence into macro-assembler for sharing between Liftoff
and TurboFan.
Bug: v8:11416
Change-Id: I8cdce30db8081f6b6c96cca1cbacd035dfc03de4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707768
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72985}
Extract code sequence into macro-assembler for sharing between Liftoff
and TurboFan. Relax the register aliasing requirements (remove the
DCHECKS), this will not affect codegen for TurboFan since the
instruction selector already sets the correct restrictions, but makes it
more flexible for use in Liftoff.
Bug: v8:11416
Change-Id: I5f3f37b21d8f7e96ff7e472cb96dcda5f28679cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707765
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72984}
This is a reland of 0ef2eea74c
The fixes are adding missing SSE4_1 scopes to ia32. I realize
the x64 codegen is missing the scopes to, so fix them as well.
Original change's description:
> [wasm-simd][ia32] Optimize some signed integer widening sequences
>
> Optimize ia32 code sequences. This is the same sequences as x64, which
> have been optimized based on supported extensions.
>
> Bug: v8:11464
> Change-Id: I10396a928a431cdd2de9b22bb8a395bc0adb4694
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704897
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72926}
Bug: v8:11464
Change-Id: Ib66a63de26bcc3bb3626922b642fe5df6bff8bdb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2713211
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72983}
Port 679af80e75
Original Commit Message:
Avoid duplicating the list of parameter registers to push in the
WasmCompileLazy builtin by reusing the existing arrays from
wasm-linkage.h.
Also verify the computed results against different constants.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Bug: v8:11377
Change-Id: I7277e865c30d83dd4d13aa501d913fb0d88526b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2716322
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72982}
Conservative tracing of an in construction objects might enter an
infinite recursion if the object holds a reference to itself.
The second time we try to trace the object it will be already marked and
we can bail out of tracing it again.
Bug: chromium:1056170
Change-Id: I74e99ca70c83f00d47299562d291adf7ba4a5808
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2715065
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72979}
With a recent change we reserve the maximum memory size also on 32-bit
platforms, up to 1GB. This change, however, caused failing tests in the
cases where no maximum memory size was defined and where WebAssembly
defines an implicit maximum memory size of 4GB. With this CL we do not
reserve more memory than the initial size if no maximum memory size is
defined.
R=clemensb@chromium.org
Bug: v8:11493
Change-Id: I62b62fd4faa7a480275b75421a98f73539646eab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712756
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72977}
WasmGraphBuilder often failed to use GraphAssembler infrastructure and
went with directly invoking graph()->NewNode(). This made the code more
verbose, especially in cases where effect() and control() had to be
passes directly to NewNode().
This CL eliminates these invocations in obvious cases. It does not try
to refactor complicated code with branches, diamond patterns, etc.
Additional changes:
- Define a few more operators in GraphAssembler.
- Move Branch() helper in WasmGraphAssembler.
- Define NumberConstant() helper in WasmGraphAssembler.
- Define Merge() helper with varargs in WasmGraphBuilder.
- Omit IntPtrConstant() wrapper for constant offsets of Load and Store.
Change-Id: I571d5286be8881504cb2060195fbd181d1fce67d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712804
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72975}
Functional change: Allow rtts as exception values.
Additional change: Remove liftoff subtyping TODO in anticipation of
removal of full ValueType usage in Liftoff.
Bug: v8:7748
Change-Id: I676a7fa6417d6e86bb148b4f5b9b086cc704928e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2714702
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72973}
The flag should not be set after an exception is thrown in a runtime
function. The unwinder still runs after the destructor, and should take
care of setting the flag depending on the catching frame.
R=ahaas@chromium.org,jkummerow@chromium.org
Bug: chromium:1180690
Change-Id: I0013c90f759a5145309f6e08d61ed36aeecbac63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2713103
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72972}
Its double methods were unused so we were using it as an ObjectData*
wrapper.
Bug: v8:7790
Change-Id: If6bd21fc23485f1e14aa3e71aea7c7821bd03315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2715185
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72968}
This change adds a new abstract type Lazy<T> which can be used to
interoperate with CSA code that uses LazyNode. This new type has special
code-generation rules because its generated type is not TNode<...> but
std::function<TNode<...>()>. Torque code can do nothing with this type
except pass it around, but passing it to the CSA function RunLazy is an
easy way to execute the std::function and get back a normal value.
Torque code can also create Lazy<T> values using the intrinsic function
%MakeLazy, which takes the name of a macro as its first parameter,
followed by arguments to that macro which will be passed when the
LazyNode is evaluated. We use the macro's name because the language
doesn't support taking references to macros, and implementing such a
feature would be complicated.
Bug: v8:7793
Change-Id: I09120960e3492dd51be0d4c57e14ff3826b99262
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2701752
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72964}
When making inlining decisions, we are interested in
CodeRef::inlined_bytecode_size(). Previously, we gated a check of this
value on predicate JSFunctionRef::HasAttachedOptimizedCode(), but we
removed this predicate because it only recorded a value seen at
serialization time.
Now, we look at attached CodeRefs "live," which means we might discover
that the code is now optimized, where it wasn't at serialization time.
This affects the inlining decision. This CL adds an additional check
before returning a non-zero inlined_bytecode_size that the code object
hasn't (already) been deoptimized. It's logical to do this, because the
inlined_bytecode_size is actually a stale value at this point.
Bug: chromium:1180749
Change-Id: I4d55132c5b47083413d3c6b1d934bfce6b550709
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712565
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72960}
Baseline code is, like baseline frames, now considered unoptimized,
sharing this name with interpreted code.
Bug: v8:11420,v8:11429
Change-Id: If1f4a41725dd0d809a4412f5d2f827d19f9628fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2713102
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72959}
After the runtime call for dynamic tiering, the instance cache is
invalidated. This was assumed to be done in {SpillAllRegisters}, but the
instance is still being accessed after that call, so the instance cache
register might still be set after the runtime call.
R=ahaas@chromium.org
Bug: chromium:1179065
Change-Id: I375e7c388e5a74789050e374db50d21c2efe27e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2714544
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72958}
This is a reland of ed225df70c
Reland changes: removed #if DEBUG from v8.h since it had compile errors
in chromium + windows. Also wasn't needed anyway since the method it was
calling was just a DCHECK.
Original change's description:
> [objects] Cache the ExternalString's data in its resource
>
> For external uncached strings (also called "Small External Strings")
> with cacheable resources, we can cache its resource's data at the
> string's creation time. This allows us to safely read the data from the
> background as we wouldn't trigger a data() callback.
>
> For more information regarding the investigation and possible proposals
> see
> https://docs.google.com/document/d/101eAQqFpBPWFGNJicxtdlwYShJkTOUsEuxkVVeu5Hrk/edit?usp=sharing
>
> Bug: v8:7790, v8:11463
> Change-Id: I6164092b01a6ccb525a9516f476e066b35fb1f96
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685177
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72862}
Bug: v8:7790
Bug: v8:11463
Change-Id: I7c8a54c814b92c8632fb0bcf5a33f57fec159443
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710440
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72956}
AbstractBytecodeArray was introduced in order to let the bytecode
array accessor work on either a Handle<BytecodeArray> or a serialized
BytecodeArrayRef. We have since implemented direct heap access for
bytecode arrays, so we can now remove the abstraction again.
Note that this means that as far as bytecode iteration is concerned
we no longer access the bytecode array through the BytecodeArrayRef.
I will remove the obsolete methods from that class in a follow-up CL.
The downside is the loss of this explicit interface. The upside is
simplicity and less code. We can justify the downside with the fact
that the bytecode array data is immutable and thus the Ref indirection
less meaningful than in other cases.
Bug: v8:7790
Change-Id: I0fe87b4efd0f77785f5a0917ab213c6031d9cc74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707166
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72955}
This CL is part of a series that adds the C++ implementation of
SwissNameDictionary, a deterministic property backing store based on
Swiss Tables.
This CL adds printing and verification functions.
Bug: v8:11388
Change-Id: I6af8672f19589f5693ebafbcafb8d59b26749eef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704669
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72954}
.. which can return Undefined if reading out of bounds, so the return
type is ObjectRef and not StringRef (if we had torque-like union types
it'd be StringRef|OddballRef). Also change the function name to
GetCharAsStringOrUndefined.
Bug: v8:7790,chromium:1181246
Change-Id: Icf9e8fd03d11c3936e87a509b9117e547972d283
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712965
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72952}
If two call instructions were generated right after each other, the
source position table could get populated with two entries for the same
PC (triggered by the follow-up CL: https://crrev.com/c/2697359).
This CL fixes that by slightly changing the carry-over of source
positions from nodes to instructions.
The call node which has a source position attached generates two
instructions:
18: gap () ([rax|R|tp] = v16(-); [rbx|R|t] = v17(-);)
[rax|R|t] = ArchCallWasmFunction [immediate:4] #-1 [rax|R|tp] [rbx|R|t] [immediate:5]
19: gap () ()
ArchJmp [immediate:6]
Those are then reversed, and the source position is attached to the first
one (the ArchJmp). After reversing it again later, the source position
will be set to the pc *after* the call instruction, which in the example
happened to be just another call instruction which already had a source
position, resulting in this code:
[...]
0x388ee467d426 66 e875feffff call 0x388ee467d2a0 ;; wasm stub: WasmThrow
0x388ee467d42b 6b e850feffff call 0x388ee467d280 ;; wasm stub: WasmStackGuard
[...]
Source positions:
pc offset position
6b 5
6b 0
By attaching the source position to the *last* instruction (after
reversing), we ensure that it will be generated for an instruction
*before* the call, or the call itself if this is the first instruction
emitted for that node.
R=jgruber@chromium.org
Bug: v8:11490, v8:11496
Change-Id: Ie95c87d0d9daea56ca14a811abcd02ac07a4cf84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2697358
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72951}
maintain hash table invariants (that equality implies matching hashes),
the CodeEntry hash shouldn't include the tag either.
CodeEntry: :IsSameFunctionAs does not consider the CodeEntry's tag, so to
Change-Id: I1e06707b72d49ad9e88368ae68e7ccb16c2483ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712786
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72949}
Also fixes existing tests which were asserting the wrong behavior (that
setting writable=false won't have an effect).
The bug was introduced by https://chromium-review.googlesource.com/c/v8/v8/+/1442640 .
Bug: chromium:1158138
Change-Id: I2d85721848eb4e7d530a980a9ecef7f8693bb9a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691050
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72948}
The main thread isolate may live until the end of the process, in which
case we would not record the counts. Sample at each event instead.
R=ahaas@chromium.org
Bug: v8:8091
Change-Id: I5b1eb023e4ca5410c7d8f4212ff20410044bf4f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710433
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72947}
The v8_enable_webassembly=false configuration will not be a able to run
any wasm code, hence remove the whole asm to wasm translation from the
binary.
In order to skip specific unit tests in that configuration, we move the
definition of the v8_enable_webassembly gn argument from BUILD.gn to
v8.gni, such that it is available in all gn files.
R=ecmziegler@chromium.org, machenbach@chromium.org
Bug: v8:11238
Change-Id: Id4e290df3e42ffd2f05c377bdd3a368871815daf
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712562
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72945}
Since gtest_prod.h is in a test-only build target, that target cannot be
a dependency of non-test build targets. To prevent gn check errors
warning about, this add "// nogncheck" to any includes.
Bug: v8:7330
Change-Id: I40de6983e30234de2a778780a9ca839aee0bc8ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712747
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72943}
This CL is part of a series that adds the C++ implementation of
SwissNameDictionary, a deterministic property backing store based on
Swiss Tables.
This CL add the lookup and iteration functions as well as the helpers
needed for that.
Bug: v8:11388
Change-Id: Ib684f32d1623868f9caf79c48fc61478d6f6ee4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695391
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#72940}
Load lanes require that dst == src1 when AVX is not supported, add that
constraint to the instruction selector. For Liftoff, we change the macro
defintions of Movlps and Movhps to do the move if dst != src1.
Bug: v8:10975
Change-Id: Ic4f499845f0728db250ea23b1b053e0a9fbe99b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708825
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72936}
