When preparsing and detecting a sloppy block function redefinition then
don't mark the variable as assigned to make it consistent with the eager
parser.
Bug: chromium:1053364
Change-Id: Iec7c24db80014bfe73ee41a4f3bb7a41a354cef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241511
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68415}
Instead of creating temporary {std::vector}s (which always allocate on
the heap) create more vectors on the stack, via initializer lists.
As this is "only" a fuzzer, performance is not really critical, but
still has some impact on the efficiency of the whole fuzzer.
That said, this CL is mostly a cleanup to replace unwanted code pattern
by better code.
R=jkummerow@chromium.org
Change-Id: I924c15e5d64ed584fc96c85715eef1dca5aef150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249928
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68413}
Motivation:
Changes to the typed function references and gc proposals solidified
the notion of heap type, clarified nullable vs. non-nullable reference
types, and introduced rtts, which contain an integer depth field in
addition to a heap type. This required us to overhaul our ValueType
representation, which results in extensive changes.
To keep this CL "small", we do not try to implement the binary encoding
as described in the proposals, but rather devise a simpler one of our
own (see below). Also, we do not try to implement additional
functionality for the new types.
Changes:
- Introduce HeapType. Move heap types from ValueType to HeapType.
- Introduce Nullability for reference types.
- Rework ValueType helper methods.
- Introduce rtts in ValueType with an integer depth field. Include depth
in the ValueType encoding.
- Make the constructor of ValueType private, instead expose static
functions which explicitly state what they create.
- Change every switch statement on ValueType::Kind. Sometimes, we need
nested switches.
- Introduce temporary constants in ValueTypeCode for nullable types,
use them for decoding.
- In WasmGlobalObject, split 'flags' into 'raw_type' and 'is_mutable'.
- Change IsSubtypeOfRef to IsSubtypeOfHeap and implement changes in
subtyping.
- kWasmFuncRef initializers are now non-nullable. Initializers are
only required to be subtypes of the declared global type.
- Change tests and fuzzers as needed.
Bug: v8:7748
Change-Id: If41f783bd4128443b07e94188cea7dd53ab0bfa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247657
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68408}
This reverts commit f78d69fa5d.
With https://chromium-review.googlesource.com/c/v8/v8/+/2243216,
incorrect MemoryChunk::FromHeapObject uses are now fixed.
Original change's description:
> Revert "[heap] Make ReadOnlySpace use bump pointer allocation"
>
> This reverts commit 81c34968a7 and also
> 490f3580a3 which depends on the former.
>
> Reason for revert: Break CFI tests in chromium https://ci.chromium.org/p/chromium/builders/ci/Linux%20CFI/17438
> Original change's description:
> > [heap] Make ReadOnlySpace use bump pointer allocation
> >
> > This changes ReadOnlySpace to no longer be a PagedSpace but instead it
> > is now a BaseSpace. BasicSpace is a new base class that Space inherits
> > from and which has no allocation methods and does not dictate how the
> > pages should be held.
> >
> > ReadOnlySpace unlike Space holds its pages as a
> > std::vector<ReadOnlyPage>, where ReadOnlyPage directly subclasses
> > BasicMemoryChunk, meaning they do not have prev_ and next_ pointers and
> > cannot be held in a heap::List. This is desirable since with pointer
> > compression we would like to remap these pages to different memory
> > addresses which would be impossible with a heap::List.
> >
> > Since ReadOnlySpace no longer uses most of the code from the other
> > Spaces it makes sense to simplify its memory allocation to use a simple
> > bump pointer and always allocate a new page whenever an allocation
> > exceeds the remaining space on the final page.
> >
> > Change-Id: Iee6d9f96cfb174b4026ee671ee4f897909b38418
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209060
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#68137}
>
> TBR=ulan@chromium.org,delphick@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Change-Id: I68c9834872e55eb833be081f8ff99b786bfa9894
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232552
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68211}
TBR=ulan@chromium.org,delphick@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: Id5b3cce41b5dec1dca816c05848d183790b1cc05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250254
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68407}
f89ea875..8d3dd2d
8d3dd2d Sync the test w/ changes in intl-datetime-style 43 by Frank Tang · 15 hours ago master
2dcdba9 Simplify tests by Alexey Shvayka · 15 hours ago
23417d9 Test %TypedArray%.prototype.set with primitives by Alexey Shvayka · 15 hours ago
Bug: v8:7834
Change-Id: I39b62aa1f4800349a009035e704bd4a93223174b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2251174
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68404}
This subsumes the old behavior of --allow-natives-for-fuzzing under
--fuzzing as well. Both flags are used in a redundant way in fuzz
configs. Only --allow-natives-for-fuzzing wasn't specified as a
required argument, leading to the bug below.
We still need the flag --allow-natives-for-differential-fuzzing
to allow different functions when using differential fuzzing.
Bug: chromium:1094866
Change-Id: I398791779e58ed4d80e896c1cfea343848159212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246568
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68401}
https://github.com/tc39/ecma262/pull/1776 is a normative change that
reached consensus in the November 2019 TC39. It changes
%AsyncFromSyncIteratorPrototype% methods to forward the absence of
arguments to the underlying sync iterator. This is observable via
`arguments.length` inside the underlying sync iterator.
For example, .next is changed to, roughly:
```
%AsyncFromSyncIteratorPrototype%.next = function(value) {
let res;
if (arguments.length < 1) {
res = [[SyncIteratorRecord]].[[Iterator]].next();
} else {
res = [[SyncIteratorRecord]].[[Iterator]].next(value);
}
// ...
};
```
Bug: v8:10395
Change-Id: Ib8127d08cd78b8d502e6510241f3f13fbbaba5c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247041
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68398}
The CL addresses two issues with (Weak)Persistent and WeakMember:
1. (Weak)Persistent pointers are cleared on heap teardown. Before this
CL the pointers would contain stale values which could lead to UAF.
2. WeakPersistent and WeakMember are cleared using a combination of
internal clearing methods and mutable fields which avoids the use
of const_cast<>.
Bug: chromium:1056170
Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68394}
Since ReadOnlySpace pages will soon not be MemoryChunks, change most
uses of MemoryChunk::FromHeapObject and FromAddress to use the
BasicMemoryChunk variants and which use the new MemoryChunk::cast
function that takes a BasicMemoryChunk and DCHECKs !InReadOnlySpace().
To enable this, it also moves into BasicMemoryChunk several MemoryChunk
functions that just require a BasicMemoryChunk.
Bug: v8:10454
Change-Id: I80875b2c2446937ac2c2bc9287d36e71cc050c38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243216
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68390}
This is a reland of 539f0ed23b
The reland fixes creating TimeDelta from double which requires
saturated_cast<>. Improvements to this constructions are tracked
in v8:10620.
Original change's description:
> cppgc,heap: Implement atomic unified heap GC
>
> Add v8::CppHeap as an implementation of a cppgc heap that
> integrates with V8's existing EmbedderHeapTracer API. The
> current implementation only supports non-incremental marking.
>
> Bug: chromium:1056170
> Change-Id: I4a09eb5ae57f5c7defe35eb3fe346627eb492473
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245610
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68374}
Bug: chromium:1056170,v8:10620
Change-Id: I39e15790e5cafe24da2a14d0bae6543391ebb536
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248191
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68387}
... for nci code, in which several phases of the compiler are not
active:
LowerJSCreateCatchContext
LowerJSCreateEmptyLiteralObject
LowerJSCreateIterResultObject
LowerJSCreateWithContext
LowerJSGetIterator
LowerJSGetTemplateObject
With this change, the nci variant passes the test suite. Tests
relying on turbofan-specific behavior (e.g. deopts) are skipped.
Bug: v8:8888
Change-Id: I709178241e9b25e7480a39b4fb64bdcf576483be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245604
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68381}
This adds the following things:
- age table for 4K regions;
- generational barrier for mixed 4K regions;
- unmarking for major collections;
- young generation flags.
Bug: chromium:1029379
Change-Id: Ief1229f0dac5f90c5f06d3168c8ffb4b7d1f1b53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246566
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68379}
Add v8::CppHeap as an implementation of a cppgc heap that
integrates with V8's existing EmbedderHeapTracer API. The
current implementation only supports non-incremental marking.
Bug: chromium:1056170
Change-Id: I4a09eb5ae57f5c7defe35eb3fe346627eb492473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245610
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68374}
Changes:
- Simplify and generalize ToValueTypeString.
- Fix some error messages in msjunit so that they reflect the underlying
error better.
- Change 'exn' -> 'exnref' to match exception-handling proposal.
Bug: v8:7581
Change-Id: I264f6c9aa598a57f39d5a4d01399af64db83a2b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243214
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68364}
The C++ code uses the A instruction key for return address signing,
which is the default for Clang and GCC when the -mbranch-protection
option is used (although this can be configured to use the B key).
Using the B key for JS means that it's not possible to use an A key
signing gadget to replace a return address signed with the B key and
vice-versa. This should offer a degree of separation from the C++ side.
Bug: v8:10026
Change-Id: Ia9dcc7ae7096c96b4a271efbe25fc02940f6fc8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242953
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#68360}
Recently the test harness of the js-api spec tests got updated
to the test harness of wpt. With this CL we import the wpt test
harness into V8.
Some adjustments to the test harness had to be made. These additions
are in the new files report.js and testharness-additions.js
Bug: v8:10556
Change-Id: Ia5f7dec3f40ba8fc639135fb2b2078b9220eccf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235116
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68355}
This is a reland of 3692bef9f9
Integer overflow in the test code is fixed by using
MulWithWraparound.
Original change's description:
> [wasm-simd][x64] Prototype i32x4.dot_i16x8_s
>
> This implements I32x4DotI16x8S for x64 and interpreter.
>
> Bug: v8:10583
> Change-Id: I404ac68c19c1686a93f29c3f4fc2d661c9558c67
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229056
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68244}
Bug: v8:10583
Change-Id: Ie7d0032f5398b6f725c02b572764258adacc8578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2236962
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68343}
The registers were not spilled correctly in liftoff when tracing
function calls, which caused runtime errors.
R=clemensb@chromium.orgCC=thibaudm@chromium.org
Bug: v8:10559
Change-Id: Ic0a9ae8a286bdee8f8440e006d0b47e52241ea5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245595
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Arnaud Robin <arobin@google.com>
Cr-Commit-Position: refs/heads/master@{#68340}
... to OptimizedCompilationInfo, BytecodeGraphBuilder, and
JSHeapBroker.
Also add first uses of these flags in pipeline.cc by skipping certain
phases when nci is enabled. With this change, tests in the NCI variant
will start to fail since generic lowering is not fully implemented.
These implementations will follow incrementally in the next days.
Bug: v8:8888
Change-Id: I3f570fb92f09059d1f1f4015f88ffe80ccf746ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2239572
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68339}
This is a reland of change Idb1061cafcba7a2a654a207402dca520f79a3bbe.
The access to wire_bytes has been protected by using atomic operations.
Under some circumstances, Wasm is trying to log code for which the
wire bytes are not fully loaded yet. This can happen during streaming
compilation when a few functions are already fully compiled but the
engine is still streaming the remaining functions.
If the profiler now kicks in, it will attempt to log these freshly
compiled functions. As these functions will not be executed before
the module is fully compiled, we can simply defer the logging in this
case.
R=clemensb@chromium.org
Bug: chromium:1085852
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Iccb6607e8adb9fdaf6138d4ccd30de58d6a6cdff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230536
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68336}
We currently hit a nullptr access when trying to update the detected
feature set. Instead of adding a check for nullptr there (which would be
unnecessary overhead in production code), we just pass a pointer when
compiling for debugging.
R=thibaudm@chromium.org
Bug: chromium:1092408
Change-Id: I7804edc3f67237bbf28d0ed2f5c58339d3a0f8f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238080
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68335}
We recently changed uc32 to be an unsigned type, and with the invalid
marker being static_cast<uc32>(-1) this DCHECK no longer holds. After
this CL it expicitly checks for the invalid marker.
Bug: v8:10568,chromium:1094226
Change-Id: Idd9efe055b38387e3e37b132cb786cca130767b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245592
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68333}
We want to enable the wasm-bigint implementation by default. However,
at the moment there exist several tests which fail when wasm-bigint
gets enabled. With this CL we adjust or delete these tests so that they
pass once wasm-bigint gets enabled. At the same time we disable these
tests for now, and re-enable them in the CL that flips the flag.
R=jkummerow@chromium.org
Bug: v8:7741
Change-Id: I733bfe7ff19e403913b143e6ea86ab13602ab993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243212
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68328}
This function wasm created as a partial subtyping check after the
subtyping refactoring for wasm-gc, but is really not needed.
Change-Id: I5f3a38dba599f1571e26d29254eb0f8614c16a8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241519
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68321}
For DescriptorArrays with more than 8 elements, we do a BinarySearch on
the main thread. For background thread, BinarySearch is unsafe and we
have to fall back to LinearSearch.
Bug: v8:7790
Change-Id: I7136b616ae31f509e56cf5ceb5afd659d13e0d81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237142
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68318}
The condition was too strong since we never store Smis into
{previously_materialized_objects}.
Bug: chromium:1094132
Change-Id: I680eb7f175f12d3c44882fd8a9eff0d062eda55f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241517
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68317}
Since the registration requires calling into the library, there's no
reason to get the heap through a magic getter on API level.
Bug: chromium:1056170
Change-Id: I8d2b1d0fcee8c855908bd26c71a22826c493ed29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238568
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68315}
Unified heap support in V8 requires having another (at least internal)
heap that implements a unfied garbage collection strategy. This will
not re-use the already existing cppgc::Heap because there should be no
way in creating such a heap externally or scheduling stand-alone
garbage collections.
In order to have a common token, this CL introduces AllocationHandle
which can be passed to MakeGarbageCollected to allocate C++ objects.
V8 (soon) and the stand-alone heap both have methods to retrieve such
a handle.
This works around a problem with creating diamond class hierarchies
when a base class would be exposed on the public API level.
Fast paths for Blink are still possible because allocation handles can
be cached the same way (e.g. global, or TLS) as a heap can be cached.
Tbr: yangguo@chromium.org
Bug: chromium:1056170
Change-Id: I8e9472a2c24ef82d1178953e8429b1fd8a2344bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238027
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68310}
