This change adds new functions to BackgroundCompileTask which closely
match those in BackgroundDeserializeTask. These functions allow a caller
to manage background merging of newly compiled content into an existing
Script from the Isolate compilation cache. These functions are not yet
exposed via the API; instead, StressBackgroundCompileThread uses them to
increase test coverage of the merging logic.

Bug: v8:12808
Change-Id: I4d2f429164223785169fe447ce2bdd8beaee00d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793959
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82121}

Previously, we would set embedder fields and do type checks (on
embedder fields) in the GC. This does not work nicely as embedder
fields contain system pointers whereas we can only operate with
tag-aligned reads/writes. The end result of assembling pointers was
somtimes broken for concurrent marking.

In this CL we reverse the mode and check assumptions when writing the
fields. From Blink we generally only write once and use the fields in
the GC and via reads multiple times.

We assume, that when running with CppHeap, any pointer on an instance
field that points into CppHeap, also has the type field set with the
appropriate tracing information. In debug builds we also verify that
the embedder field indeed points to the start of an Oilpan object.

Bug: chromium:1337690
Change-Id: I9f9a8e691cdcf666861a455dcf8f65f2fe80b034
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788206
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82120}

Feedback vector allocation can trigger a GC, and thereby make the
WasmCompileLazyFrame visible for the GC. This CL add stack scanning
for the WasmCompileLazyFrame.

Design doc: http://doc/1peovM6N6C4nSEdC77l4uxU1L0njA0RTaOjy5F12r2CQ

Change-Id: Iec16f50ad2c8ad7e6dcf05f9e620163d3b60ea0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789516Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82119}

R=jkummerow@chromium.org

Bug: v8:12926
Change-Id: I5942af918142a72158149e9820f49d4f07bb5266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3790860Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82118}

As requested in https://chromium-review.googlesource.com/c/v8/v8/+/3794708

No intended behavior change.

Bug: none
Change-Id: I5816ecf6073dc3c0d558d52518e38e4dbee7d562
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3796233Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82117}

This CL fixes issues in YoungGenerationConcurrentMarkingVisitor
(YGCMV) that were discovered during an offline integration test which
uses YGCMV during MinorMC's final pause.

This also adds PopOnHold() to EmptyMarkingWorklist, in order to
process on-hold objects during final pause once concurrent marking is
working.

Bug: v8:13012

Change-Id: Ia4fef101bd974de9f5b031974cdae787dcbd3819
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803030
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82116}

The type stored in {Result} should not always be the same as derived by
the compiler for the argument to {Decoder::toResult}. If we pass in a
temporary, we most often want it to be stored by value, not by
reference.
This CL enforces this; if requirements change in the future, we can
remove the static assertions and think about how to protect against
accidental UAF when referencing a temporary value.

R=jkummerow@chromium.org
CC=mliedtke@chromium.org

Change-Id: Ia0449e6ed7342319799479b200af35660fccc6d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792115Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82115}

Bug: v8:7700
Change-Id: I72b85094b22c2fb5a94c42d5920f750aee2fd167
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803025
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82114}

Refactor out the parallel move algorithm into a helper class, and add
stack slot support for cases where stack slots can clobber each other
(e.g. a Phi which is an input to another Phi). Also add some
documentation for how these parallel moves work.

Bug: v8:7700
Change-Id: Ib9bb1cce8287e2ad34b4417b77b148a1ad483268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803032Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82113}

Change-Id: I57c805b899a25e58035f2ed9accd10e43114fd80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802689Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82112}

Preparation step to remove the subtype relationship between funcref and anyref.

Bug: v8:7748
Change-Id: Ic2d3467addff16dc0df466234cb7ce6e573ba666
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3797829
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82111}

...for very large feedback vector indices.

Fixed: v8:13118
Change-Id: I38f1507ffe29e63ae58fd6436dffec7d0d610f95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791247Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82110}

clang now complains when a BitField for an enum is too wide.
We could suppress this, but it seems kind of useful from an
uninformed distance, so I made a few bitfields smaller instead.

(For AddressingMode, since its size is target-dependent, I added
an explicit underlying type to the enum instead, which suppresses
the diag on a per-enum basis.)

This is without any understanding of the code I'm touching.
Especially the change in v8-internal.h feels a bit risky to me.

Bug: chromium:1348574
Change-Id: I73395de593045036b72dadf4e3147b5f7e13c958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794708
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Auto-Submit: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82109}

struct.new_default may not be called for immutable structs.
Follow-up to d2c75d32.

Change-Id: I7b682938ca5da00ef6c9bec29856133301beb6b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802688
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82108}

Introduce RootVisitor and related class hierarchy to just handle
roots. This avoids the awkard definitions for roots visiation in all
the cases they are not needed.

Change-Id: Ib0912e4bf543db2ecf68caead6929c68d6afdda6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782794Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82107}

- ThrowReferenceErrorIfHole
- ThrowSuperNotCalledIfHole
- ThrowSuperAlreadyCalledIfNotHole
- ThrowIfNotSuperConstructor

Bug: v8:7700
Change-Id: I565a196869905cddaf1203deae7469dcadbfcdf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802685Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82106}

Bump the memory size limit of memory64 memories from 4GB to 16GB. Tests
are added for larger sizes (5GB, 16GB).

Drive-by: Improve two decoder errors to properly include the unit,
  tested by the new tests.

R=jkummerow@chromium.org

Bug: v8:10949
Change-Id: I99dfc216b9213838784214c0b65ba863831d5884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789507Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82105}

- No slots are invalidated as all slots are always treated as tagged
  or aligned pointers.
- The map is not updated.

Change-Id: Ifb8ffddfa3b626de3233f17f67b46fec36146f2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3795378Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82104}

Port commit 044a18ac

Bug: v8:10949
Change-Id: I1dfe8fdc4439f621d2ae9f38e63310a1e6f0b7f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3798964
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#82103}

Make sure to always start at the innermost loop, and to have Jump phis
participate in the lifetime extension.

Bug: v8:7700
Change-Id: Iefb9108519d027782ba9f0ce8c0696fba0a0aa52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793390Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82102}

Bug: v8:7700
Change-Id: I3ea3027feb51f10ef0587328835d5a3a1002ed54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803029Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82101}

.. instead of their non-negated form.

Fixed: v8:13097
Change-Id: I6426f5bbce2dfec2bbc64346d04f3b833d17c2b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802690
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82100}

Instead, create only 1 normalized map.

This will benefit ES5-style classes.

Bug: v8:13091
Change-Id: I495ea4a69aedef01b97f4b0d5aad19bb355ce004
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776692
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82099}

It's difficult to say which structs might in the future have deprecated
fields, so this CL adds tests for two more for now.
Once we add deprecated fields, we then need to define copy/move
constructs and assignment operators via
{ALLOW_COPY_AND_MOVE_WITH_DEPRECATED_FIELDS} (same as for other structs
which are not tested yet).

R=mlippautz@chromium.org

Bug: v8:13092
Change-Id: I89a330661a02d86d3d48e216b69cb6f77f02cff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789508Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82098}

Bug: v8:12783
Change-Id: I5b7acf2445b0f898158448dde206a0cecdab6a80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764345Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82097}

When an object either gets promoted or evacuated, old-to-shared slots
need to be recorded like we already do for old-to-old or old-to-new.

Bug: v8:11708
Change-Id: Ifb5b3d50a59aa45bf8289e1cd7610bb2f317fd6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794648Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82096}

Create a HasProperty node to mirror TF.

Bug: v8:7700
Change-Id: Ie332d54031eef640c247e7c7c5d06c033636fc7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803027Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82095}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/0572ff1..4bfce1a

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Iaf282b305b9cda21b347cfaaa1338c0195e2806f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3796863
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82094}

The function returns true if the function does not do anything like:
() => {}.

Change-Id: I049d7956c443b5d2bb8017a48547376f13acd0a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3778969Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82093}

Change-Id: I6e4dc69d6f22d3108ae74552b72bcafc0be3db64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793476
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82092}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ce68e6e..0572ff1

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/af18ab7..6940fd4

Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/5ecb463..de32b18

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/64bbf98..c4e1268

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/37aede2..b11b8b4

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I5dcf21dfc7a92999a08c81678ee394a096dde544
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3796107
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82091}

In https://crrev.com/c/3764190, V8_COMPILER_IS_MSVC gets used before it
is defined, so it has no effect. Move the V8_COMPILER_IS_MSVC define up
to fix this.

Change-Id: I94c63ad2a8a7555c85730792c1f91e1285a9b77f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3774095
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82090}

Added:
- history's circles titles
- history's records titles
- ability to move to node from history view
- new hotkey for turboshaft layout

Bug: v8:7327
Change-Id: I7ecfdbef2c1bf9534c76f8ac253e846beeea8cb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779909Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82089}

Bug: v8:7327
Change-Id: I233173b92ab2acd6e6184abf2769a607df7b6a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779695
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82088}

zero extending the offset register must happen regardless
of the length of the offset_imm.

We can only use ip as the offset_reg as r0 and and r1
are being used as scratch later on.

Change-Id: I5517f974af40eb014b8e1f58f8e531909c4d466a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794646
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82087}

The jump table and far jump table are allocated once per code space, but
the lazy compile table only needs to exist exactly once, and it does not
really matter in which code space we allocate it.
Before dynamic tiering, we could always allocate it in the initial code
space (which was empty at the point when we allocated it), but with
deserialization of a partially tiered module we can end up in a
situation where we first deserialize some TurboFan functions into the
initial code space, and when we later try to allocate the lazy compile
table (when we encounter the first non-serialized function) we do not
have enough space any more in the initial code space.

This CL allows to allocate the lazy compile jump table in any code space
to avoid that failure.

R=thibaudm@chromium.org

Bug: chromium:1348472, chromium:1348214
Change-Id: I58c9a8a6541f2ab7df26ddfd1b65d31cc99337fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792607Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82086}

With this CL, blocks at the end of the ExternalPointerTable that are
completely empty after sweeping will be decommitted to reduce the
table's memory footprint.

Bug: v8:10391
Change-Id: I1002e95a0f9c22400fdd2620047d86738a1f7af4
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791903Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82085}

Port 781a5b5a

Original Commit Message:

    Many platform-dependent LiftoffAssembler methods do not use all
    parameters. Comment out the name of unused ones, to make it easier to
    see which implementation uses which parameters.

    Also, remove {is_load_mem} from arm's {LoadInternal}, because it is
    unused there.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I861df687e373ed7dd302fc5e2e1299f09f899166
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792177
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82084}

Bug: v8:13119
Change-Id: Idbacfe1fd8259a8ff378ec97c770cc997c0c813d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792606Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82083}

This is a reland of commit 07e11a64.

The original change removed the fill_thehole_and_call_runtime bailout
in StringBuiltinsAssembler::StringToArray() so when the string
is external and cannot be unpacked, the FixedArray won't be filled
with holes before we call into the runtime, thus failing a
heap verification if a GC happens before the array is filled. This
reland adds back the bailout for this case.

Bug: v8:12718, chromium:1330410

Original change's description:
> [heap] pre-populate the single_character_string_cache
>
> This simplifies the code and removes the runtime overhead of
> spontaneously adding strings to the cache.
>
> Bug: v8:12718
> Change-Id: I2ed49bd82e3baf2563eeb8f463be72c0308c52c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616553
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#80803}

Change-Id: I25e8724d511a8d0d971fa2a9b6ba8a0eafce4413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793525Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82082}