This reverts commit 9732f422.

Reason for revert.

Original change's description:
> [inspector] queryObjects returns result
> 
> queryObjects command line API return array instead of sending
> inspectRequest notification.
> 
> R=​pfeldman@chromium.org
> 
> Bug: chromium:825349
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: Ie6c64419cb108b313c43b66eab533c5a7d5d9024
> Reviewed-on: https://chromium-review.googlesource.com/978464
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52197}

TBR=pfeldman@chromium.org,kozyatinskiy@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:825349
Change-Id: I90f93b96981d8218b9ad1dc0f4ebfb5a7cb671bc
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/982431Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52254}

Bug:v8:6532

Change-Id: I62e62f6584d1d42dc8af713b874daafa1f8d4436
Reviewed-on: https://chromium-review.googlesource.com/969991Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52253}

When a wasm function has a large stack frame, the x64 code generator
performs the stack overflow check before constructing the frame. This
requires using the `address_of_real_stack_limit` external reference, as
well as the `ThrowWasmStackOverflow` runtime function.

`ThrowWasmStackOverflow` is called via a generated trampoline, but it is
not a builtin, so the serializer adds it to the `stub_lookup_` map. This
map is encoded by using a monotonically increasing `stub_id` that starts
at 0.

When the function is serialized, a stub is differentiated from a builtin
by which half of the `i32` bits is used, upper or lower. A stub only
uses the lower 16 bits and a builtin only uses the upper 16 bits.

The deserializer checks whether the lower 16 bits are 0; if so, it is
determined to be a builtin. But if the `stub_id` is 0, then it will be
confused with builtin 0 (`RecordWrite`). Calling the builtin instead of
the stub causes a crash.

This CL starts all `stub_id`s at 1, which prevents the builtin/stub
confusion.

There is an additional bug that is not fixed by this CL:
`ThrowWasmStackOverflow` shouldn't be called at all. Currently it is
called because `address_of_real_stack_limit` is a thread-local value
that is not properly relocated.

Bug: chromium:808848
Change-Id: I06b3e650ea58ad717dcc47a3716443e16582e711
Reviewed-on: https://chromium-review.googlesource.com/981687Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52252}

Also annotate maps with the space, now that this can be RO_SPACE as well
as MAP_SPACE.

Bug: v8:7464
Change-Id: Id597b2195c179b38f93b0e1c6b2ce9ef04e4f0e4
Reviewed-on: https://chromium-review.googlesource.com/980554
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52251}

Change-Id: I7d5d9ff4d69628573586c1a8e5704d2b6009adc8
Reviewed-on: https://chromium-review.googlesource.com/980534Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52250}

Bug: v8:6949, v8:7310
Change-Id: I8647d385355f357e8825648d6da2757efdcbc6c2
Reviewed-on: https://chromium-review.googlesource.com/980496Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52249}

Change-Id: I41c3945d72116dd501bf34bafd8d21c205aed17c
Reviewed-on: https://chromium-review.googlesource.com/973445Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52248}

This reduces time it takes for the compiled module to be reclaimed. It
switches the reference in question from a weak reference with finalizer
to a phantom reference, because the finalizer was only clearing the
reference by now anyways.

R=ahaas@chromium.org
BUG=chromium:824443

Change-Id: I51f0dbd487281184f82fd6c79fcf27514721b819
Reviewed-on: https://chromium-review.googlesource.com/978243
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52247}

This reverts commit 496d0596.

Reason for revert: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_-_internal_snapshot%2F14705%2F%2B%2Frecipes%2Fsteps%2FCheck__flakes_%2F0%2Flogs%2FOutOfMemoryIneffectiv..%2F0

Original change's description:
> [heap] Detect ineffective GCs near the heap limit.
> 
> Currently V8 can enter CPU thrashing GC loop near the heap limit. In
> such cases it is better to trigger an out-of-memory failure earlier to
> avoid wasting CPU time and to avoid unresponsiveness.
> 
> This patch adds a mechanism for tracking consecutive ineffective GCs.
> A GC is considered ineffective if the heap size after the GC is still
> close to the heap limit and if the average mutator utilization dropped
> below a fixed threshold.
> 
> V8 execution is aborted after four consecutive ineffective GCs.
> 
> Bug: chromium:824214
> Change-Id: I647032707d49e5383e1317c5e7616dd57077ea32
> Reviewed-on: https://chromium-review.googlesource.com/978178
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52244}

TBR=ulan@chromium.org,hpayer@chromium.org

Change-Id: I267d247010a90224be60c27c83eeb37c3878fba5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:824214
Reviewed-on: https://chromium-review.googlesource.com/982072Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52246}

Since the flags are used for more than just giving hints to the
compiler, the name isn't appropriate anymore.

Change-Id: I4b2f87a117490e7f1e1a693394e46633e751b444
Reviewed-on: https://chromium-review.googlesource.com/982012Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52245}

Currently V8 can enter CPU thrashing GC loop near the heap limit. In
such cases it is better to trigger an out-of-memory failure earlier to
avoid wasting CPU time and to avoid unresponsiveness.

This patch adds a mechanism for tracking consecutive ineffective GCs.
A GC is considered ineffective if the heap size after the GC is still
close to the heap limit and if the average mutator utilization dropped
below a fixed threshold.

V8 execution is aborted after four consecutive ineffective GCs.

Bug: chromium:824214
Change-Id: I647032707d49e5383e1317c5e7616dd57077ea32
Reviewed-on: https://chromium-review.googlesource.com/978178
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52244}

This CL changes the poisoning in the interpreter to use the
infrastructure used in the JIT.

This does not change the original flag semantics:

--branch-load-poisoning enables JIT mitigations as before.

--untrusted-code-mitigation enables the interpreter mitigations
  (now realized using the compiler back-end), but does not enable
  the back-end based mitigations for the Javascript JIT. So in effect
  --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
  use the same mechanics (including changed register allocation) that
  --branch-load-poisoning enables for the JIT.

Bug: chromium:798964
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52243}

- Allow deserializer to add entries to the StringTable without
  causing a gc.

This is a reland of 868ed8ee

Original change's description:
> [runtime] Decrease StringTable shrink limit
>
> Given that we have not seen any regressions yet we're trying a more aggressive
> limit.
>
> Bug: chromium:818642, v8:5443
> Change-Id: Ic45001ed6c042fc31cbba0d417d5060d2de8fb3a
> Reviewed-on: https://chromium-review.googlesource.com/975126
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52145}

Bug: chromium:818642, v8:5443
Change-Id: I051c6a79e59ec40cf87cab5bf06c4c449f8113d0
Reviewed-on: https://chromium-review.googlesource.com/975643
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52242}

The instruction scheduler is not supported on these platforms.

Bug: v8:7577
Change-Id: If89494153407c6223e30d856dd0f3152eb0c5817
Reviewed-on: https://chromium-review.googlesource.com/973362Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52241}

Bug: v8:7310
Change-Id: Ic4a3c3326a1643d9a662a11ccdb75c8121587c71
Reviewed-on: https://chromium-review.googlesource.com/980943Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52240}

--cleanup-code-caches-at-gc flag was removed in
https://chromium.googlesource.com/v8/v8/+/b8b25e1c27b6634b764245671b5fcaacb19278bf,
rendering the test obsolete.

Change-Id: I34331d230102924899c89d3330379df51a489029
Reviewed-on: https://chromium-review.googlesource.com/980937Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52239}

The embedder can get notification when V8 heap size approaches the heap limit
and can extend the heap limit if needed using
- v8::Isolate::AddNearHeapLimitCallback
- v8::Isolate::RemoveNearHeapLimitCallback

This generalizes the exiting v8::debug::SetOutOfMemoryCallback API.

Bug: chromium:824214

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia444cb7efb6fe85c57fa3785e8fd1d8b654a5224
Reviewed-on: https://chromium-review.googlesource.com/979447
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52238}

Change-Id: I8db5eb77d0287d665ab2b7c41f8289d47389d0d0
Reviewed-on: https://chromium-review.googlesource.com/977579Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52237}

I replaced usages in Chromium and other embedders. I think we can safely
deprecate and soon remove.

Drive-by fix: Fixed some typos.

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia8e35adb2abebed3966403af61eda1ede319e5c3
Reviewed-on: https://chromium-review.googlesource.com/980452Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52236}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c8fbe98..9004761

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I1943b52306afc8095b08a15ed94b7d1d43eeaae4
Reviewed-on: https://chromium-review.googlesource.com/981498Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52235}

Port d6636145

Original Commit Message:

    Part of ongoing work to remove the construct_stub.

    For non-constructable functions, don't use the non-constructable stub,
    instead handle non-constructables explicitly in ConstructFunction.

R=petermarshall@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I2e81b03b8fbbde025881fd3b65fe2fa0604f6ff5
Reviewed-on: https://chromium-review.googlesource.com/981116
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52234}

This reverts commit 3d7ad2e7.

Reason for revert: too many regressions to handle for now.

Original change's description:
> Reland "[parser] Remove pretenuring of closures assigned to properties"
>
> The memory gains were significant, so despite the bluebird-doxbee
> regression, we think it's better to have this patch than not.
> See the attached Chromium bug for more discussion.
>
> This is a reland of 20e346bd.
>
> Original change's description:
> > [parser] Remove pretenuring of closures assigned to properties
> >
> > This pretenuring was added in https://codereview.chromium.org/5220007,
> > back when it was necessary in order to allow use of the closure
> > as a "constant function" property. This should no longer be the case,
> > and the pretenuring causes some unfortunate downstream effects.
> >
> > This patch removes the parser's setting of this bit. If it doesn't
> > cause regressions on the perf bots, followup CLs will remove the
> > rest of the support for this feature.
> >
> > Bug: v8:7442
> > Change-Id: I27c43dd4293ce5de921be6c78571e712778d138a
> > Reviewed-on: https://chromium-review.googlesource.com/914610
> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> > Commit-Queue: Adam Klein <adamk@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#51254}
>
> Bug: v8:7442, chromium:814182
> Change-Id: I228c59dccef3844803f115749e72ae6c5f286eda
> Reviewed-on: https://chromium-review.googlesource.com/938241
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51668}

Tbr: gsathya@chromium.org
Bug: v8:7442, v8:7524, chromium:814182, chromium:818627, chromium:818672, chromium:819994, chromium:821788
Change-Id: Ib760d63f879613f3b874889c5cb29ba2a77ba430
Reviewed-on: https://chromium-review.googlesource.com/980795
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52233}

FixedDoubleArray can be left-trimmed and should be treated similar to
FixedArray in concurrent marker.

Bug: v8:7595
Change-Id: I4046209b66d7ed8e649355f62296607234146793
Reviewed-on: https://chromium-review.googlesource.com/980874
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52232}

This is done now while embedders have yet to adapt to the new API before
it becomes hard to migrate.

Also renamed variable/methods to use "worker threads" rather than
"background" nomenclature.

Extracted from https://chromium-review.googlesource.com/c/v8/v8/+/978443/7
while resolving the more contentious bits around using task runners.

TBR=rmcilroy@chromium.org

Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie3ddf15a708e829c0f718d89bebf3e96d1990c16
Reviewed-on: https://chromium-review.googlesource.com/980953
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52231}

Bug: chromium:825828
Change-Id: I1f27c08fa8febe521412fddb6ae964969671764b
Reviewed-on: https://chromium-review.googlesource.com/980933Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52230}

This has been made possible when custom builtin constructors were
removed.

R=jgruber@chromium.org

Bug: v8:178, v8:7518
Change-Id: I7ee064c3b899732ebe9381ea004f231fa6c0cef0
Reviewed-on: https://chromium-review.googlesource.com/975541
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52229}

JSRegex does not have custom body descriptor and uses JSObject body
descriptor, so it should just use JSObject visitor id.

Bug: chromium:825828
Change-Id: Iae22315da7ab83bb4ac919586c883120621761c8
Reviewed-on: https://chromium-review.googlesource.com/980752Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52228}

We don't want to run into the situation of breaking inside of
debug-evaluate. That would get even more confusing with throw-on-side-effect.

R=kozyatinskiy@chromium.org

Bug: v8:7592
Change-Id: I93f5de63d8943792ff000dbf7c6311df655d3793
Reviewed-on: https://chromium-review.googlesource.com/978164Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52227}

NOTREECHECKS=true

Bug: chromium:669910
Change-Id: I16cfbb6bd6aa8eb4bad3289dfe43c1cd33c42f92
Reviewed-on: https://chromium-review.googlesource.com/980336
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52226}

Fixed register d27 wasn't used in code generation, so remove it and rename the
remaining fixed registers. Also, remove some left over Crankshaft comments.

Change-Id: I971069c668a597900b1a0c4b64736103a78dab14
Reviewed-on: https://chromium-review.googlesource.com/968426Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#52225}

Bug: chromium:669910
Change-Id: Ib22286cdfff6cd08f68819ad80a93707ff47389f
Reviewed-on: https://chromium-review.googlesource.com/980034
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52224}

Bug: chromium:669910
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ifb8719a989a4fda48241967271ebe39037643e39
Reviewed-on: https://chromium-review.googlesource.com/980032
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52223}

Bug: chromium:669910
Change-Id: I0d9a8c7277cfcedd464db44733803ccc4693ae70
Reviewed-on: https://chromium-review.googlesource.com/979952
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52222}

The mutator utilizaton is computed for each mark-compact GC cycle as
mutator_time / total_time, where
- total_time is the time from the end of the previous GC to the end of
  the current GC
- mutator_time = total_time - incremental_steps_duration - gc_time.

Bug: chromium:824214
Change-Id: Ie1814f22f0816a3c9c579107f4950f6fc8c8a72d
Reviewed-on: https://chromium-review.googlesource.com/978215
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52221}

Currently they are using a generic IterateBody(ObjectVisit*), which has
an overhead of virtual table lookup for each visited pointer.

Change-Id: I97268bf7fe63f8c99834d5fc31b4ce18a0fa5655
Reviewed-on: https://chromium-review.googlesource.com/979437
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52220}

Bug: chromium:669910
Change-Id: I35d146bbe265dfdd0059dd8d3ec4fc5ee54bb465
Reviewed-on: https://chromium-review.googlesource.com/979805
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52219}

Almost all callers of BodyDescriptor already have the map of the object
and should pass it to IterateBody and IsValidSlot functions.

This removes redundant load and makes the function consistent with the
SizeOf function.

Change-Id: Ie47a9bb05af23fbf0576dff99f2ec69625e057fc
Reviewed-on: https://chromium-review.googlesource.com/979436
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52218}

R=neis@chromium.org

Bug: v8:7599
Change-Id: I8a1e4864800dbf76530ebbe2a9ce09dac55a1f65
Reviewed-on: https://chromium-review.googlesource.com/980055
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52217}

R=machenbach@chromium.org

Change-Id: I13815463a1bd88d20dbb6f3f656cbda660b77dce
Reviewed-on: https://chromium-review.googlesource.com/979809Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52216}

R=titzer@chromium.org
BUG=v8:7549

Change-Id: I2b95a4d204dff6038b5a012b9753242f3384b886
Reviewed-on: https://chromium-review.googlesource.com/979811Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52215}