This CL fixes a bug that allowed OOB read/stores on fastpaths when
a comparison function caused the underlying FixedArray to change
while keeping the elements kinds and size property on the original
JSArray the same.

R=jgruber@chromium.org

Bug: chromium:852592
Change-Id: I09af357d10e7f41e75241e4c87430fc9aa806f8c
Reviewed-on: https://chromium-review.googlesource.com/1104158
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53811}

Refs: https://ci.chromium.org/buildbot/client.v8/V8%20Linux64%20TSAN/21047

Bug: v8:7836
Change-Id: Ic825065de419bbab97972d9b7a2beb6527b0a48a
Reviewed-on: https://chromium-review.googlesource.com/1103560
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53810}

Inspector test expectations may be changed without changes inside
src/inspector directory.

R=dgozman@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3196209a4b974d4cf32c76c51116d77e589a9dbb
Reviewed-on: https://chromium-review.googlesource.com/1104303Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53809}

This is a reland of 4363a693

Original change's description:
> [inspector] fixed location of top level function return
>
> We should pass false as has_braces argument to create FunctionLiteral
> for top level function.
>
> R=dgozman@chromium.org,bmeurer@chromium.org
> TBR=bmeurer@chromium.org
>
> Bug: none
> Change-Id: I397f31b562d32c71f3a12bfc9ceeed16c367aa80
> Reviewed-on: https://chromium-review.googlesource.com/1098018
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53769}
TBR=dgozman@chromium.org

Bug: v8:7858
Change-Id: Ie636bc101f9d29d9d40bd10b96e62da6505c2734
Reviewed-on: https://chromium-review.googlesource.com/1104497
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53808}

This reverts commit 733b7c82.

Reason for revert: breaks arm64 gc-stress: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/11659

Original change's description:
> [wasm] Introduce jump table
> 
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
> 
> R=​mstarzinger@chromium.org, titzer@chromium.org
> 
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}

TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org,sreten.kovacevic@mips.com

Change-Id: Iea358db2cf13656a65cf69a6d82cbbc10d3e7e1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7758
Reviewed-on: https://chromium-review.googlesource.com/1105157Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53807}

Now TFJ builtins can use their own descriptors so there's no need to
keep the hacky BuiltinDescriptor around.

Bug: v8:7754
Change-Id: Ia7f23a21fb979370fd2149fef13186b83a3d5d30
Reviewed-on: https://chromium-review.googlesource.com/1104428
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53806}

This introduces the concept of a jump table for WebAssembly, which is
used for every direct and indirect call to any WebAssembly function.
For lazy compilation, it will initially contain code to call the
WasmCompileLazy builtin, where it passes the function index to be
called.
For non-lazy-compilation, it will contain a jump to the actual code.
The jump table allows to easily redirect functions for lazy
compilation, tier-up, debugging and (in the future) code aging. After
this CL, we will not need to patch existing code any more for any of
these operations.

R=mstarzinger@chromium.org, titzer@chromium.org

Bug: v8:7758
Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
Reviewed-on: https://chromium-review.googlesource.com/1097075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53805}

Move Slot recording to concurrent and incremental marking phase and
out of the atomic pause. Records more slots to remove
slot recording completely from the pause.

Bug: chromium:844008
Change-Id: I13ba20b4839990134dc37bd909fb0a2d66e13c64
Reviewed-on: https://chromium-review.googlesource.com/1104348
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53804}

Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.

Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.

This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.

R=mstarzinger@chromium.org, titzer@chromium.org

Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}

For now we keep params since NewSloppyArguments uses it to figure out how to structure the arguments object. We should be able to only keep params in case we have a special case though. E.g., leaf functions with no duplicate parameters don't need special treatment. Or we simply encode the parameter index for each context slot. (I'm not sure duplicates need special treatment.)


Change-Id: Icfbb844e5331aeb93c50bc07edd58246c8aeb1d7
Reviewed-on: https://chromium-review.googlesource.com/1104420
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53802}

We currently store the {WasmModule} (generated during decoding) in a
unique_ptr and pass ownership to the {WasmModuleObject} after
compilation.
I plan to move the {Managed<NativeModule>} from {WasmCompiledModule} to
{WasmModuleObject}, which will force us to create the
{WasmModuleObject} *before* compilation, so that the {CompilationState}
is available during compilation.

This CL prepares that refactoring by storing the {WasmModule} in a
{shared_ptr} in the {AsyncCompileJob}. Note that it will eventually be
stored in a {shared_ptr} in the {Managed} anyway.

R=titzer@chromium.org

Change-Id: Iac5e3c1067af2801e938f77a455a68807801526a
Reviewed-on: https://chromium-review.googlesource.com/1104117
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53801}

This CL completely reimplements the DataView setters in Torque, and
removes the former C++ runtime implementation.

Change-Id: I66cdd35712e46f3931d6530a4512fa3c8eb3b3bf
Reviewed-on: https://chromium-review.googlesource.com/1104162
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53800}

Reading up on the bug description, this is a test
that is triggered by TurboFan execution. This can
be done with natives and does not need excessive
loop iterations. Additionally, we have a more specific
regression test for the original issue in the repo:
http://crrev.com/c/584837

Bug: v8:7783
Change-Id: Id022b515b663e6fb897acb29f43ef92b70b547b8
Reviewed-on: https://chromium-review.googlesource.com/1101018Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53799}

Bug: chromium:851393
Change-Id: I53cbf16068efbf24a2bd233c0b4c56e8361f9931
Reviewed-on: https://chromium-review.googlesource.com/1104317Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53798}

This adds an overload of JSGraph::Constant that takes an ObjectReference
rather than a Handle<Object>.

ObjectReference is a new superclass of HeapReference.

Also several refactorings and renaming, e.g.:
- Rename HeapReference to HeapObjectRef.
- Rename ContextHeapReference to ContextRef.
- ...
- Rename HeapReferenceType to HeapObjectType.

Bug: v8:7790
Change-Id: Id3e567cbaf7c326189b99b2fd4ced6bff02f9640
Reviewed-on: https://chromium-review.googlesource.com/1104337Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53797}

This CL also adds macros for defining JS-compatible interface descriptors that
has additional parameters.
ArrayConstructorDescriptor is redefined using the new macros.

Bug: v8:7754
Change-Id: Id39cac9f234666576f35de755d11aba198248bea
Reviewed-on: https://chromium-review.googlesource.com/1100833
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53796}

The test test-api/InitializeDefaultIsolateOnSecondaryThread1 has been
failing since at least 6.8, but our infra only recently realized that.

NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

Bug: v8:7856
Change-Id: I8cbfd4ea554bb32c50c01d437efa5b18f60c2fde
Reviewed-on: https://chromium-review.googlesource.com/1104458
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53795}

This is a preliminary step before removing BuiltinDescriptor.

Bug: v8:7754
Change-Id: I752134aa29431e5773c9813361a3c6bda6f8872d
Reviewed-on: https://chromium-review.googlesource.com/1104169Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53794}

Bug: chromium:848165
Change-Id: I1ec18bf12f53c24f388dbd529fe62e990fbc8783
Reviewed-on: https://chromium-review.googlesource.com/1104175Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53793}

The operator<< for Signature objects in Torque incorrectly counted
the number of named parameters instead of the total number
of parameters when displaying them.

This would cause the displayed signature to be "()" when no
parameters were named, instead of the actual signature.

Change-Id: I32572da5f5a378b71749515d89429172129bbcb9
Reviewed-on: https://chromium-review.googlesource.com/1104172Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#53792}

We currently have a system where the protected instructions are
unregistered when the last instance dies, and registered again on the
next instantiation. This is triggered by {WasmCompiledModule::Reset}.
Since the reference to the {NativeModule} will move to the
{WasmModuleObject}, and this object stays alive even if the last
instance dies, this will become hard to maintain.
It will also make it harder to share wasm code across isolates.
This CL refactors this to register trap handler data once when the code
is added to the {NativeModule}, and releases it if the code dies.

R=mstarzinger@chromium.org
CC=​eholk@chromium.org

Bug: v8:5277
Change-Id: I3f1b336095230b255f3849c271b37b62f2b96cd6
Reviewed-on: https://chromium-review.googlesource.com/1103567
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53791}

Bug: v8:7783
Change-Id: I3c6a229b5a1a30ea089ffeef920bf48b27bc86ab
Reviewed-on: https://chromium-review.googlesource.com/1101030Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53790}

Don't expose GetFunction on the scope iterator. Simply take it into account for GetFunctionDebugName

This is a step towards avoiding materializing function_ altogether if we deoptimize. Typically we only need the SharedFunctionInfo.

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idee78f02d1afe3d2cb70e93a6d96a5a33907f892
Reviewed-on: https://chromium-review.googlesource.com/1100474
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53789}

R=cbruni@chromium.org, jgruber@chromium.org

Bug: v8:7382
Change-Id: I45f2517afa8ecb3ddb1f77f845e9ce88f69d4eef
Reviewed-on: https://chromium-review.googlesource.com/1092500Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53788}

It only has one call size ({CompileToModuleObject}), which just tail
calls into {CompileToModuleObjectInternal}. Thus, merge the two.

R=titzer@chromium.org

Bug: v8:7754
Change-Id: I6344f257279f049fd6cab51114988f7e1c019272
Reviewed-on: https://chromium-review.googlesource.com/1104157Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53787}

R=ishell@chromium.org

Change-Id: I84288cc16297dbe33adddbdf08b689db95d0fc04
Reviewed-on: https://chromium-review.googlesource.com/1104164Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53786}

Instead of instantiating each function multiple times, just call out to
a common function, passing the variadic number of arguments in an
initializer list.

R=tebbi@chromium.org

Bug: v8:7754
Change-Id: Idb2d77cef7cf8e590de6aa3cea02c0e0773da45f
Reviewed-on: https://chromium-review.googlesource.com/1101689
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53785}

Return the raw Object* when accessing the constant pool of bytecode
with the bytecode array accessor, to avoid needing an isolate there.
If the returned value needs to be a handle, we create the handle
later.

Bug: v8:7786
Change-Id: Ifeac2a06f0383230bf7e9bfc1b751d9750ecfb51
Reviewed-on: https://chromium-review.googlesource.com/1102334
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53784}

Bug: v8:7754
Change-Id: Ie8224f2cda1132f0ac8f5508b54c31a6164a944e
Reviewed-on: https://chromium-review.googlesource.com/1104160Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53783}

By now we no longer emit calls with {RelocInfo::CODE_TARGET} as part of
WebAssembly code. Hence the requirement to block sharing of code targets
disappeared and the support can be dropped.

R=jarin@chromium.org

Change-Id: I6df026cd05769ddaa6ea8df5a7b17b62e8a7c373
Reviewed-on: https://chromium-review.googlesource.com/1100889Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53782}

Reland "[debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes."

Change-Id: I0ad97057600d0a0f1dd4c71d5f8245dafb908154
Reviewed-on: https://chromium-review.googlesource.com/1103576Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53781}

Current situation: When calling a macro with the wrong parameter types
the error message will say "macro not found".

This CL changes the message to "macro with parameter types not found"
and lists possible candidates.

R=tebbi@chromium.org

Bug: v8:7793
Change-Id: I6724c4030cbbf4ca1af008b33797b2dd9d18808b
Reviewed-on: https://chromium-review.googlesource.com/1101694
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53780}

The FuzzAssemble* tests rely on two CSA functions which are relatively big. And
with the --enable-slow-asserts flag they get so big that the register
allocator's memory consumption becomes a problem. Let's just override this flag.

Bug: v8:7819, v8:6848, v8:7842
Change-Id: I95db59b9c788aa665d04339892b2e0b5d92d9a89
Reviewed-on: https://chromium-review.googlesource.com/1093315Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#53779}

R=jgruber@chromium.org

Bug: v8:7382
Change-Id: I5b92f46736d8c0ca8ef0f187ecaa1d58661a1c7f
Reviewed-on: https://chromium-review.googlesource.com/1101690Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53778}

R=yangguo@google.com

Change-Id: Icb4825344991e5b2d15050e037064c60eeb9617e
Reviewed-on: https://chromium-review.googlesource.com/1097578Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53777}

Since https://crrev.com/2951473002, there is only one reloc info for
code targets, so there is no need for the special {kCodeTargetMask}.

R=mstarzinger@chromium.org

Bug: v8:7754
Change-Id: I1055108c0128c7de0f5cfefc5e90bbd9dc75522a
Reviewed-on: https://chromium-review.googlesource.com/1098663Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53776}

This reverts commit 4363a693.

Reason for revert: Seems to break layout tests: https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/24146

Original change's description:
> [inspector] fixed location of top level function return
> 
> We should pass false as has_braces argument to create FunctionLiteral
> for top level function.
> 
> R=​dgozman@chromium.org,bmeurer@chromium.org
> TBR=bmeurer@chromium.org
> 
> Bug: none
> Change-Id: I397f31b562d32c71f3a12bfc9ceeed16c367aa80
> Reviewed-on: https://chromium-review.googlesource.com/1098018
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53769}

TBR=dgozman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: none
Change-Id: I4495f6723daed63b7a38b0d3c3637724f6c2d484
Reviewed-on: https://chromium-review.googlesource.com/1104017Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53775}

The jump optimization maybe run Turbofan pipeline twice for each TF/CS builtins,
and relies on the fact that the number of j/jmp instruction generated is always
the same.
This CL introduces a verification process to ensure that instruction sequence
and virtual registers are always the same in two stages, before the final
code generation phase.

R=danno@chromium.org, jarin@chromium.org

Bug: v8:7839
Change-Id: Id77e9bc80f54f79d7a845315e0b99e3f4b6a54fb
Reviewed-on: https://chromium-review.googlesource.com/1100491
Commit-Queue: Kanghua Yu <kanghua.yu@intel.com>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53774}

TBR=sergiyb@chromium.org

No-Try: true
Bug: chromium:793687
Change-Id: Ia2dbc1f11f1852bcc89889e9bf6ea5ab6066f868
Reviewed-on: https://chromium-review.googlesource.com/1103197
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53773}

Bug: v8:6020
Change-Id: If121d2813e81e11773c42c36893b63ff98fc0247
Reviewed-on: https://chromium-review.googlesource.com/1101840Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53772}