Properly push back the current request promise for async generators when
resuming after an `await` to ensure that the catch prediction works as
expected for async generators.

Fixed: chromium:1220203
Change-Id: I8c3592ceb567aadcba8f460794cd5d60a965a360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3442680
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78984}

Bug: v8:12315
Change-Id: If750c9528d4f20c6695a6b25f4d1abc8a14dba62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431486
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78983}

all_ones and all_zero is also moved to the macro assembler
which will be used later.

Change-Id: I72787c9bb217dd78f6fd8a818b95939e936bc68d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439916Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78982}

After https://crrev.com/c/3416191 there are too many mixed concerns in
the clusterfuzz directory. We split it into js-fuzzer, foozzie and
trials.

Change-Id: I9a21ee83985e6113d77acba4583e99df88723c60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3443505
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78981}

Currently, the stack-switching import wrapper always suspends. Only
suspend if the returned value is a promise, otherwise just convert and
return the value back to wasm.

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I26e7a3921aeae30fcce7f0ccc98d790a1a6f8c35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440655Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78980}

When performing a shared allocation in a client we have checks for the
AlwaysAllocateScope in both client and shared isolate slow allocation
code paths. We need to enable both such that we don't fail with
spurious OOM failures with GC stress bots.

This change was already introduced with the reverted CL
https://crrev.com/c/3422630. Land this as its own CL until that CL
relands.

Bug: v8:11708, v8:12582
Change-Id: I81ca3f0aaec3ac3fbef9d0b7219e09fa056000f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3443503Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78979}

Verification code in HeapObject::set_map() is supposed to run on the
main thread since object layout change is only supported on the main
thread. There are some users of set_map() on background threads though,
which resulted in crashes. Since those users all perform a safe map
transition, we introduce a separate method for this purpose:
HeapObject::set_map_safe_transition(). This method behaves just like
set_map() but verifies that this is a safe map transition and not an
object layout change and therefore can be used on background threads
as well.

This CL also adds a DCHECK to HeapObject::set_map() to ensure we run
this method only on the main thread.

Bug: chromium:1293484
Change-Id: I25de6fda08de21b8b7a3645cf0ea5b1334e8a2f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439905Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78978}

Turn on fuzzing to get additional test coverage.

Bug: v8:12578
Change-Id: Ia614fb9e4ba519163024f3b7b40f22ad6ebb3297
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3442677Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78977}

Make it include the invalid length again, but this time consistently.

Bug: chromium:923688
Change-Id: I0ec2543e02b58ff2b79547021a8e0d47a9debe46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440068Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78976}

We introduce a new information type ForwardingIndex to be stored in
the Name::Hash field (to be used in the future).
To do so we use the 2 least significant bit to distinguish types
of information stored in the hash field (in contrast to only bit 1
to distinguis integer indicies from "real" hashes).
This motivated a refactor to use base::BitField for the hash field.

Bug: v8:12007
Change-Id: I651c86807edfc218792d0db12379374eaa50c930
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432385Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78975}

This is the final step towards moving away from sending `url` with
every call frame when emitting the `Debugger.paused` event.

Fixed: chromium:1270316
Bug: chromium:1271078
Change-Id: I87a286d81eb91a9bed64213c4b18db0675858822
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345001
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78974}

- Suspender.suspendOnReturnedPromise expects a function with type
[ti*]->[externref] and returns a function with the same type.
- Suspender.returnPromiseOnSuspend expects a function with type
[ti*]->[to] and returns a function with type [ti*]->[externref].

Changes:
- Check the wrapped function's return types
- Skip type checking of return types when importing a wrapper (and
assert that the return type is externref)
- Add special case for WebAssembly.Function.type of a
WasmExportedFunction: it currently returns the signature declared by
the module. Change the return type to externref if this is a
stack-switching export.

Bug: v8:12191
Change-Id: I6619c306e9613825ad1b021cb3400d73cd684656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435190Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78973}

Drive-by: cleanup accessor declaration and definition macros.

Bug: v8:11880, v8:12596
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ia04a7f21d911386e610f963f55cbc1d310b2f442
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439917Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78972}

We have two different kinds of GC prologues/epilogues. The user-exposed
one in Heap and the internal one in LocalHeap. During parsing and in
the JSON parser we were using the former. While this is definitely
correct and at the time of implementation it was the only existing
mechanism, I believe the internal callbacks are now a better fit for
these use cases.

Internal callbacks are simpler since they don't allow allocations, which
allows us to run them during the GC safepoint. The user-exposed
interfaces are allowed to allocate and are run either before or after
the safepoint. Such allocations could cause recursive GCs, which is
impossible for internal callbacks.

Bug: v8:12545
Change-Id: Ie697556cec9aa77b2f70704445aa5bd58e0a381a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435188Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78971}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4852ab2..3233ed2

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/659c7d9..f2ef96e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I5494824f0c480b20bcd653855dce9cf9827d73a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441242
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78970}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/f1292c4..4852ab2

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I923602ab54a92259568d1b264ef82f97144e6265
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441240
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78969}

Bug: v8:11544
Change-Id: Iab90377372dcd97f1919fde1d886dfe67b336198
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379236Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78968}

get Temporal.Plain*Time.prototype.(hour|minute|*second)

Bug: v8:11544
Change-Id: I6de1304c1a920f8047d499e4e6dcedbd72ba07f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3374073Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78967}

Bug: v8:11544
Change-Id: I72e005c0937418f4160e763edc4fd2b81b14b9c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3385604Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78966}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3a9b7ad..f1292c4

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/8ccda4f..2a745cc

Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/f0d4a3b..87b4b48

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/87e6066..b4974c8

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/df01c5a..66c9784

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/25ad42a..14aa11d

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f246ca2..a8ca822

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Idbd708109a5b352fb33489a66cd0c620931a4fa3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441237
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78965}

Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.

Bug: v8:12547
Change-Id: I1cd23b18b5b841c5b4339f52adecf1b86f3253dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441398Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78964}

Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.

Bug: v8:12547
Change-Id: I428d21f5e6a9c51c8c7c4577395bf27c8706bdb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441033Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78963}

Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.

Bug: v8:12547
Change-Id: I7524a956876a0ff2d362c1ad6ec3ae044445215f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441023Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78962}

Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.

Bug: v8:12547
Change-Id: I52d5a172ea602f4ad058d979003d51a80cdb4405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441022Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78961}

Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.

Bug: v8:12547
Change-Id: I4d2c9f5d4d7bc50b3aeb515eb78c08eb1b2a6824
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440902Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78960}

Change-Id: I4646bb0f3f6291c97bb4b397d6248b9bdaa2059a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439641Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78959}

This method returns the unique debugger ID for a v8::Context (i.e. the
V8DebuggerID), serialized to a pair of int64_ts.

Bug: v8:12528
Change-Id: Ib2cdda73447f8233f9afb773fed4a634d4618aef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3369124Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78958}

Using UTF-8 encoding couldn't properly read:
test/webkit/parser-high-byte-character.js

Fix itertools rename and one usage of map that's now an iterator.

Bug: chromium:1292016
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_python3_rel_ng_triggered
Change-Id: I2b2ab72ce0eb355d1e70f247b5ea38d1d71c7845
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439914Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78957}

Change-Id: Id233437d92a9af0d7726bcd6207133802ee3d129
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439640Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78956}

Change-Id: I5d9fc560a398328674907962a3730036b72172a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439638Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78955}

Change-Id: I709253796b8493cf365f21247c367974ffbb3106
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440435Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78954}

The size is queried from the background thread to check whether
incremental marking should be started.

Bug: chromium:1292728
Change-Id: I60e0def5756b62ef2ae2d10cc76ce745f3aef308
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440654
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78953}

The web app owner who notified me about bugs v8:12112 and v8:12126 asked
me a reasonable question: "how am I ever supposed to trust the retaining
paths in the devtools, if the heap snapshot is generated by a different
component than the actual marking code?". This change is my attempt to
answer that question. If verification is enabled, the heap snapshot
generator will visit each heap object with a realistic marking visitor
to find all references from that object. It will then check that those
references match the HeapGraphEdges in the snapshot.

I also considered the idea that we could collect retaining information
during the last GC cycle before taking the heap snapshot, or during an
extra GC cycle immediately after. However, running the full GC provides
the embedder with the opportunity to run arbitrary code (including JS)
both before and after PerformGarbageCollection, so there is no clear
guarantee that the heap state during the snapshot actually matches the
heap state during marking.

Bug: v8:12112, v8:12126
Change-Id: Id29e75ecf9eee19e35daedbdb4a3e1df64785380
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299590Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78952}

Return/Throw/Rethrow all unconditionally exit the bytecode, so the
bytecode liveness analysis shouldn't merge their next bytecode's
liveness into them.

Change-Id: I62f53d16f2763e12a702b8b40b2573c264488968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439915
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78951}

Replacement is v8::TracedReference in combination with v8::Global if a
callback is really needed.

Bug: v8:12603
Change-Id: Iae48fee2e6588a594d430c5f3a71ff0b3e67e5b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439873Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78950}

This is the 3. CL in a series of CollectGarbage refactoring CLs.

Bug: v8:12503
Change-Id: Icc578eb9a4dc06083ea3380a00a50dbdbfd22e34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420908Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78949}

Distinguish between tagged and machine pointer sizes in grokdump, and
dump a tagged memory view in addition to the machine-word dump when they
don't match.

This tagged view tries to decompress pointers for link targets, by
masking the slot they're in to get the cage root.

Drive-by: Add a .style.yapf to opt in to python formatting using
git cl format.

Change-Id: Ic5272cd865f995fc670ab2fb7d5e464f317af1bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439906Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78948}

TracedNode is used as backing node for v8::TracedGlobal (with
destructor) and v8::TracedReference (no destructor).

A future change adds concurrent marking for TracedReference which
requires that the node stays around until the atomic pause to avoid
synchronization with the concurrent marker.

This change prepares TracedNode in prolonging the lifetime until the
it is actively cleared ("sweeped") in the atomic pause. This allows
for spuriously keeping alive a TracedNode for an additional GC cycle
in the case the the node was destroyed while the marker is running.

We maintain eager clearing of nodes where possible, i.e., outside of
incremental marking.

Bug: v8:12600
Change-Id: I9688c83a42b70d352c84613485f37242b1b910a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3436805Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78947}

Bug: chromium:1029379
Change-Id: I3970de943c58aa834bd12afd2d289c2034c65c1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439913
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78946}

Change-Id: I2ca9afc488ebe9dcab0fd1d1f1bc4016f9a06c92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440434Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78945}