Reland "[sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX"

This is a reland of commit 49c5967830 The non-deterministic snapshot issue has been fixed by using the correct field size for CodeDataContainers in serializer.cc. Original change's description: > [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX > > Now that all external pointers have been sandboxed, > V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also > shrinks external pointer slots to 32 bits when the sandbox is enabled. > > Bug: v8:10391 > Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a > Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Samuel Groß <saelo@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83083} Bug: v8:10391 Change-Id: I29870404406902d99ba6016c570cc0c4d05c6c85 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887899 Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83130}
2022-09-12 07:20:02 +00:00 · 2022-09-12 07:20:02 +00:00 · 0e2dbaac6b
commit 0e2dbaac6b
parent c1e067e993
13 changed files with 84 additions and 131 deletions
--- a/BUILD.gn
+++ b/BUILD.gn
@ -307,10 +307,6 @@ declare_args() {
  # Sets -DV8_ENABLE_SANDBOX.
  v8_enable_sandbox = ""
  # Enable sandboxing for all external pointers. Requires v8_enable_sandbox.
  # Sets -DV8_SANDBOXED_EXTERNAL_POINTERS.
  v8_enable_sandboxed_external_pointers = false
  # Enable all available sandbox features. Implies v8_enable_sandbox.
  v8_enable_sandbox_future = false
@ -534,7 +530,6 @@ if (v8_enable_sandbox == "") {
 # Enable all available sandbox features if sandbox future is enabled.
 if (v8_enable_sandbox_future) {
  v8_enable_sandboxed_external_pointers = true
  v8_enable_sandbox = true
 }
@ -569,9 +564,6 @@ assert(!v8_enable_sandbox || v8_enable_pointer_compression_shared_cage,
 assert(!v8_enable_sandbox || v8_enable_external_code_space,
       "The sandbox requires the external code space")
 assert(!v8_enable_sandboxed_external_pointers || v8_enable_sandbox,
       "Sandboxed external pointers require the sandbox")
 assert(!v8_expose_memory_corruption_api || v8_enable_sandbox,
       "The Memory Corruption API requires the sandbox")
@ -749,7 +741,6 @@ external_v8_defines = [
  "V8_31BIT_SMIS_ON_64BIT_ARCH",
  "V8_COMPRESS_ZONES",
  "V8_ENABLE_SANDBOX",
  "V8_SANDBOXED_EXTERNAL_POINTERS",
  "V8_DEPRECATION_WARNINGS",
  "V8_IMMINENT_DEPRECATION_WARNINGS",
  "V8_NO_ARGUMENTS_ADAPTOR",
@ -780,9 +771,6 @@ if (v8_enable_zone_compression) {
 if (v8_enable_sandbox) {
  enabled_external_v8_defines += [ "V8_ENABLE_SANDBOX" ]
 }
 if (v8_enable_sandboxed_external_pointers) {
  enabled_external_v8_defines += [ "V8_SANDBOXED_EXTERNAL_POINTERS" ]
 }
 if (v8_deprecation_warnings) {
  enabled_external_v8_defines += [ "V8_DEPRECATION_WARNINGS" ]
 }
--- a/include/v8-initialization.h
+++ b/include/v8-initialization.h
@ -100,9 +100,6 @@ class V8_EXPORT V8 {
    const int kBuildConfiguration =
        (internal::PointerCompressionIsEnabled() ? kPointerCompression : 0) |
        (internal::SmiValuesAre31Bits() ? k31BitSmis : 0) |
        (internal::SandboxedExternalPointersAreEnabled()
             ? kSandboxedExternalPointers
             : 0) |
        (internal::SandboxIsEnabled() ? kSandbox : 0);
    return Initialize(kBuildConfiguration);
  }
@ -273,8 +270,7 @@ class V8_EXPORT V8 {
  enum BuildConfigurationFeatures {
    kPointerCompression = 1 << 0,
    k31BitSmis = 1 << 1,
-    kSandboxedExternalPointers = 1 << 2,
+    kSandbox = 1 << 2,
    kSandbox = 1 << 3,
  };
  /**
--- a/include/v8-internal.h
+++ b/include/v8-internal.h
@ -166,14 +166,6 @@ constexpr bool SandboxIsEnabled() {
 #endif
 }
 constexpr bool SandboxedExternalPointersAreEnabled() {
 #ifdef V8_SANDBOXED_EXTERNAL_POINTERS
  return true;
 #else
  return false;
 #endif
 }
 // SandboxedPointers are guaranteed to point into the sandbox. This is achieved
 // for example by storing them as offset rather than as raw pointers.
 using SandboxedPointer_t = Address;
@ -272,7 +264,7 @@ using ExternalPointerHandle = uint32_t;
 // ExternalPointers point to objects located outside the sandbox. When
 // sandboxed external pointers are enabled, these are stored on heap as
 // ExternalPointerHandles, otherwise they are simply raw pointers.
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
 using ExternalPointer_t = ExternalPointerHandle;
 #else
 using ExternalPointer_t = Address;
@ -399,9 +391,8 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
 // When the sandbox is enabled, external pointers marked as "sandboxed" above
 // use the external pointer table (i.e. are sandboxed). This allows a gradual
-// rollout of external pointer sandboxing. If V8_SANDBOXED_EXTERNAL_POINTERS is
+// rollout of external pointer sandboxing. If the sandbox is off, no external
-// defined, all external pointers are sandboxed. If the sandbox is off, no
+// pointers are sandboxed.
 // external pointers are sandboxed.
 //
 // Sandboxed external pointer tags are available when compressing pointers even
 // when the sandbox is off. Some tags (e.g. kWaiterQueueNodeTag) are used
@ -409,9 +400,7 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
 // alignment requirements.
 #define sandboxed(X) (X << kExternalPointerTagShift) | kExternalPointerMarkBit
 #define unsandboxed(X) kUnsandboxedExternalPointerTag
-#if defined(V8_SANDBOXED_EXTERNAL_POINTERS)
+#if defined(V8_COMPRESS_POINTERS)
 #define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = sandboxed(Bits),
 #elif defined(V8_COMPRESS_POINTERS)
 #define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = State(Bits),
 #else
 #define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = unsandboxed(Bits),
--- a/src/api/api.cc
+++ b/src/api/api.cc
@ -6162,17 +6162,6 @@ bool v8::V8::Initialize(const int build_config) {
        kEmbedderSmiValueSize, internal::kSmiValueSize);
  }
  const bool kEmbedderSandboxedExternalPointers =
      (build_config & kSandboxedExternalPointers) != 0;
  if (kEmbedderSandboxedExternalPointers !=
      V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
    FATAL(
        "Embedder-vs-V8 build configuration mismatch. On embedder side "
        "sandboxed external pointers is %s while on V8 side it's %s.",
        kEmbedderSandboxedExternalPointers ? "ENABLED" : "DISABLED",
        V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ? "ENABLED" : "DISABLED");
  }
  const bool kEmbedderSandbox = (build_config & kSandbox) != 0;
  if (kEmbedderSandbox != V8_ENABLE_SANDBOX_BOOL) {
    FATAL(
--- a/src/codegen/tnode.h
+++ b/src/codegen/tnode.h
@ -88,7 +88,7 @@ struct ExternalPointerHandleT : Uint32T {
  static constexpr MachineType kMachineType = MachineType::Uint32();
 };
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
 struct ExternalPointerT : Uint32T {
  static constexpr MachineType kMachineType = MachineType::Uint32();
 };
--- a/src/common/globals.h
+++ b/src/common/globals.h
@ -124,12 +124,6 @@ namespace internal {
 #define V8_CAN_CREATE_SHARED_HEAP_BOOL false
 #endif
 #ifdef V8_SANDBOXED_EXTERNAL_POINTERS
 #define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL true
 #else
 #define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL false
 #endif
 #ifdef V8_ENABLE_SANDBOX
 #define V8_ENABLE_SANDBOX_BOOL true
 #else
@ -511,7 +505,7 @@ static_assert(kPointerSize == (1 << kPointerSizeLog2));
 // This type defines raw storage type for external (or off-V8 heap) pointers
 // stored on V8 heap.
 constexpr int kExternalPointerSlotSize = sizeof(ExternalPointer_t);
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
 static_assert(kExternalPointerSlotSize == kTaggedSize);
 #else
 static_assert(kExternalPointerSlotSize == kSystemPointerSize);
--- a/src/objects/slots-inl.h
+++ b/src/objects/slots-inl.h
@ -221,7 +221,7 @@ void ExternalPointerSlot::store(Isolate* isolate, Address value,
 ExternalPointerSlot::RawContent
 ExternalPointerSlot::GetAndClearContentForSerialization(
    const DisallowGarbageCollection& no_gc) {
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
  ExternalPointerHandle content = Relaxed_LoadHandle();
  Relaxed_StoreHandle(kNullExternalPointerHandle);
 #else
@ -234,7 +234,7 @@ ExternalPointerSlot::GetAndClearContentForSerialization(
 void ExternalPointerSlot::RestoreContentAfterSerialization(
    ExternalPointerSlot::RawContent content,
    const DisallowGarbageCollection& no_gc) {
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
  return Relaxed_StoreHandle(content);
 #else
  return WriteMaybeUnalignedValue<Address>(address(), content);
--- a/src/snapshot/serializer.cc
+++ b/src/snapshot/serializer.cc
@ -1238,7 +1238,7 @@ void Serializer::ObjectSerializer::OutputRawData(Address up_to) {
      // snapshot deterministic.
      CHECK_EQ(CodeDataContainer::kCodeCageBaseUpper32BitsOffset + kTaggedSize,
               CodeDataContainer::kCodeEntryPointOffset);
-      static byte field_value[kTaggedSize + kExternalPointerSlotSize] = {0};
+      static byte field_value[kTaggedSize + kSystemPointerSize] = {0};
      OutputRawWithCustomField(
          sink_, object_start, base, bytes_to_output,
          CodeDataContainer::kCodeCageBaseUpper32BitsOffset,
--- a/src/torque/torque-parser.cc
+++ b/src/torque/torque-parser.cc
@ -68,8 +68,6 @@ class BuildFlags : public ContextualClass<BuildFlags> {
    build_flags_["V8_ENABLE_WEBASSEMBLY"] = false;
 #endif
    build_flags_["V8_ENABLE_SANDBOX"] = V8_ENABLE_SANDBOX_BOOL;
    build_flags_["V8_SANDBOXED_EXTERNAL_POINTERS"] =
        V8_SANDBOXED_EXTERNAL_POINTERS_BOOL;
    build_flags_["DEBUG"] = DEBUG_BOOL;
  }
  static bool GetFlag(const std::string& name, const char* production) {
--- a/src/wasm/wasm-objects.tq
+++ b/src/wasm/wasm-objects.tq
@ -14,9 +14,9 @@ extern class WasmInstanceObject extends JSObject;
 // Represents the context of a function that is defined through the JS or C
 // APIs. Corresponds to the WasmInstanceObject passed to a Wasm function
 // reference.
-// TODO(manoskouk): If V8_SANDBOXED_EXTERNAL_POINTERS, we cannot encode the
+// TODO(manoskouk): If V8_ENABLE_SANDBOX, we cannot encode the isolate_root as
-// isolate_root as a sandboxed pointer, because that would require having access
+// a sandboxed pointer, because that would require having access to the isolate
-// to the isolate root in the first place.
+// root in the first place.
 extern class WasmApiFunctionRef extends HeapObject {
  isolate_root: RawPtr;
  native_context: NativeContext;
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@ -687,9 +687,8 @@ TEST(MakingExternalStringConditions) {
  CHECK(local_string->CanMakeExternal());
  // Tiny strings are not in-place externalizable when pointer compression is
-  // enabled, but they are if sandboxed external pointers are enabled.
+  // enabled, but they are if the sandbox is enabled.
-  CHECK_EQ(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ||
+  CHECK_EQ(V8_ENABLE_SANDBOX_BOOL || i::kTaggedSize == i::kSystemPointerSize,
               i::kTaggedSize == i::kSystemPointerSize,
           tiny_local_string->CanMakeExternal());
 }
--- a/test/cctest/test-strings.cc
+++ b/test/cctest/test-strings.cc
@ -2066,11 +2066,11 @@ TEST(CheckCachedDataInternalExternalUncachedString) {
  // that we indeed cached it.
  Handle<ExternalOneByteString> external_string =
      Handle<ExternalOneByteString>::cast(string);
-  // If sandboxed external pointers are enabled, string objects will always be
+  // If the sandbox is enabled, string objects will always be cacheable because
-  // cacheable because they are smaller.
+  // they are smaller.
-  CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
+  CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
  CHECK(external_string->resource()->IsCacheable());
-  if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
+  if (!V8_ENABLE_SANDBOX_BOOL) {
    CHECK_NOT_NULL(external_string->resource()->cached_data());
    CHECK_EQ(external_string->resource()->cached_data(),
             external_string->resource()->data());
@ -2109,11 +2109,11 @@ TEST(CheckCachedDataInternalExternalUncachedStringTwoByte) {
  // that we indeed cached it.
  Handle<ExternalTwoByteString> external_string =
      Handle<ExternalTwoByteString>::cast(string);
-  // If sandboxed external pointers are enabled, string objects will always be
+  // If the sandbox is enabled, string objects will always be cacheable because
-  // cacheable because they are smaller.
+  // they are smaller.
-  CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
+  CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
  CHECK(external_string->resource()->IsCacheable());
-  if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
+  if (!V8_ENABLE_SANDBOX_BOOL) {
    CHECK_NOT_NULL(external_string->resource()->cached_data());
    CHECK_EQ(external_string->resource()->cached_data(),
             external_string->resource()->data());
--- a/tools/v8heapconst.py
+++ b/tools/v8heapconst.py
@ -515,67 +515,67 @@ KNOWN_OBJECTS = {
  ("read_only_space", 0x04b49): "NativeScopeInfo",
  ("read_only_space", 0x04b61): "HashSeed",
  ("old_space", 0x04235): "ArgumentsIteratorAccessor",
-  ("old_space", 0x04255): "ArrayLengthAccessor",
+  ("old_space", 0x0424d): "ArrayLengthAccessor",
-  ("old_space", 0x04275): "BoundFunctionLengthAccessor",
+  ("old_space", 0x04265): "BoundFunctionLengthAccessor",
-  ("old_space", 0x04295): "BoundFunctionNameAccessor",
+  ("old_space", 0x0427d): "BoundFunctionNameAccessor",
-  ("old_space", 0x042b5): "ErrorStackAccessor",
+  ("old_space", 0x04295): "ErrorStackAccessor",
-  ("old_space", 0x042d5): "FunctionArgumentsAccessor",
+  ("old_space", 0x042ad): "FunctionArgumentsAccessor",
-  ("old_space", 0x042f5): "FunctionCallerAccessor",
+  ("old_space", 0x042c5): "FunctionCallerAccessor",
-  ("old_space", 0x04315): "FunctionNameAccessor",
+  ("old_space", 0x042dd): "FunctionNameAccessor",
-  ("old_space", 0x04335): "FunctionLengthAccessor",
+  ("old_space", 0x042f5): "FunctionLengthAccessor",
-  ("old_space", 0x04355): "FunctionPrototypeAccessor",
+  ("old_space", 0x0430d): "FunctionPrototypeAccessor",
-  ("old_space", 0x04375): "SharedArrayLengthAccessor",
+  ("old_space", 0x04325): "SharedArrayLengthAccessor",
-  ("old_space", 0x04395): "StringLengthAccessor",
+  ("old_space", 0x0433d): "StringLengthAccessor",
-  ("old_space", 0x043b5): "ValueUnavailableAccessor",
+  ("old_space", 0x04355): "ValueUnavailableAccessor",
-  ("old_space", 0x043d5): "WrappedFunctionLengthAccessor",
+  ("old_space", 0x0436d): "WrappedFunctionLengthAccessor",
-  ("old_space", 0x043f5): "WrappedFunctionNameAccessor",
+  ("old_space", 0x04385): "WrappedFunctionNameAccessor",
-  ("old_space", 0x04415): "InvalidPrototypeValidityCell",
+  ("old_space", 0x0439d): "InvalidPrototypeValidityCell",
-  ("old_space", 0x0441d): "EmptyScript",
+  ("old_space", 0x043a5): "EmptyScript",
-  ("old_space", 0x04461): "ManyClosuresCell",
+  ("old_space", 0x043e9): "ManyClosuresCell",
-  ("old_space", 0x0446d): "ArrayConstructorProtector",
+  ("old_space", 0x043f5): "ArrayConstructorProtector",
-  ("old_space", 0x04481): "NoElementsProtector",
+  ("old_space", 0x04409): "NoElementsProtector",
-  ("old_space", 0x04495): "MegaDOMProtector",
+  ("old_space", 0x0441d): "MegaDOMProtector",
-  ("old_space", 0x044a9): "IsConcatSpreadableProtector",
+  ("old_space", 0x04431): "IsConcatSpreadableProtector",
-  ("old_space", 0x044bd): "ArraySpeciesProtector",
+  ("old_space", 0x04445): "ArraySpeciesProtector",
-  ("old_space", 0x044d1): "TypedArraySpeciesProtector",
+  ("old_space", 0x04459): "TypedArraySpeciesProtector",
-  ("old_space", 0x044e5): "PromiseSpeciesProtector",
+  ("old_space", 0x0446d): "PromiseSpeciesProtector",
-  ("old_space", 0x044f9): "RegExpSpeciesProtector",
+  ("old_space", 0x04481): "RegExpSpeciesProtector",
-  ("old_space", 0x0450d): "StringLengthProtector",
+  ("old_space", 0x04495): "StringLengthProtector",
-  ("old_space", 0x04521): "ArrayIteratorProtector",
+  ("old_space", 0x044a9): "ArrayIteratorProtector",
-  ("old_space", 0x04535): "ArrayBufferDetachingProtector",
+  ("old_space", 0x044bd): "ArrayBufferDetachingProtector",
-  ("old_space", 0x04549): "PromiseHookProtector",
+  ("old_space", 0x044d1): "PromiseHookProtector",
-  ("old_space", 0x0455d): "PromiseResolveProtector",
+  ("old_space", 0x044e5): "PromiseResolveProtector",
-  ("old_space", 0x04571): "MapIteratorProtector",
+  ("old_space", 0x044f9): "MapIteratorProtector",
-  ("old_space", 0x04585): "PromiseThenProtector",
+  ("old_space", 0x0450d): "PromiseThenProtector",
-  ("old_space", 0x04599): "SetIteratorProtector",
+  ("old_space", 0x04521): "SetIteratorProtector",
-  ("old_space", 0x045ad): "StringIteratorProtector",
+  ("old_space", 0x04535): "StringIteratorProtector",
-  ("old_space", 0x045c1): "StringSplitCache",
+  ("old_space", 0x04549): "StringSplitCache",
-  ("old_space", 0x049c9): "RegExpMultipleCache",
+  ("old_space", 0x04951): "RegExpMultipleCache",
-  ("old_space", 0x04dd1): "BuiltinsConstantsTable",
+  ("old_space", 0x04d59): "BuiltinsConstantsTable",
-  ("old_space", 0x05225): "AsyncFunctionAwaitRejectSharedFun",
+  ("old_space", 0x051ad): "AsyncFunctionAwaitRejectSharedFun",
-  ("old_space", 0x05249): "AsyncFunctionAwaitResolveSharedFun",
+  ("old_space", 0x051d1): "AsyncFunctionAwaitResolveSharedFun",
-  ("old_space", 0x0526d): "AsyncGeneratorAwaitRejectSharedFun",
+  ("old_space", 0x051f5): "AsyncGeneratorAwaitRejectSharedFun",
-  ("old_space", 0x05291): "AsyncGeneratorAwaitResolveSharedFun",
+  ("old_space", 0x05219): "AsyncGeneratorAwaitResolveSharedFun",
-  ("old_space", 0x052b5): "AsyncGeneratorYieldResolveSharedFun",
+  ("old_space", 0x0523d): "AsyncGeneratorYieldResolveSharedFun",
-  ("old_space", 0x052d9): "AsyncGeneratorReturnResolveSharedFun",
+  ("old_space", 0x05261): "AsyncGeneratorReturnResolveSharedFun",
-  ("old_space", 0x052fd): "AsyncGeneratorReturnClosedRejectSharedFun",
+  ("old_space", 0x05285): "AsyncGeneratorReturnClosedRejectSharedFun",
-  ("old_space", 0x05321): "AsyncGeneratorReturnClosedResolveSharedFun",
+  ("old_space", 0x052a9): "AsyncGeneratorReturnClosedResolveSharedFun",
-  ("old_space", 0x05345): "AsyncIteratorValueUnwrapSharedFun",
+  ("old_space", 0x052cd): "AsyncIteratorValueUnwrapSharedFun",
-  ("old_space", 0x05369): "PromiseAllResolveElementSharedFun",
+  ("old_space", 0x052f1): "PromiseAllResolveElementSharedFun",
-  ("old_space", 0x0538d): "PromiseAllSettledResolveElementSharedFun",
+  ("old_space", 0x05315): "PromiseAllSettledResolveElementSharedFun",
-  ("old_space", 0x053b1): "PromiseAllSettledRejectElementSharedFun",
+  ("old_space", 0x05339): "PromiseAllSettledRejectElementSharedFun",
-  ("old_space", 0x053d5): "PromiseAnyRejectElementSharedFun",
+  ("old_space", 0x0535d): "PromiseAnyRejectElementSharedFun",
-  ("old_space", 0x053f9): "PromiseCapabilityDefaultRejectSharedFun",
+  ("old_space", 0x05381): "PromiseCapabilityDefaultRejectSharedFun",
-  ("old_space", 0x0541d): "PromiseCapabilityDefaultResolveSharedFun",
+  ("old_space", 0x053a5): "PromiseCapabilityDefaultResolveSharedFun",
-  ("old_space", 0x05441): "PromiseCatchFinallySharedFun",
+  ("old_space", 0x053c9): "PromiseCatchFinallySharedFun",
-  ("old_space", 0x05465): "PromiseGetCapabilitiesExecutorSharedFun",
+  ("old_space", 0x053ed): "PromiseGetCapabilitiesExecutorSharedFun",
-  ("old_space", 0x05489): "PromiseThenFinallySharedFun",
+  ("old_space", 0x05411): "PromiseThenFinallySharedFun",
-  ("old_space", 0x054ad): "PromiseThrowerFinallySharedFun",
+  ("old_space", 0x05435): "PromiseThrowerFinallySharedFun",
-  ("old_space", 0x054d1): "PromiseValueThunkFinallySharedFun",
+  ("old_space", 0x05459): "PromiseValueThunkFinallySharedFun",
-  ("old_space", 0x054f5): "ProxyRevokeSharedFun",
+  ("old_space", 0x0547d): "ProxyRevokeSharedFun",
-  ("old_space", 0x05519): "ShadowRealmImportValueFulfilledSFI",
+  ("old_space", 0x054a1): "ShadowRealmImportValueFulfilledSFI",
-  ("old_space", 0x0553d): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
+  ("old_space", 0x054c5): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
-  ("old_space", 0x05561): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
+  ("old_space", 0x054e9): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
 }
 # Lower 32 bits of first page addresses for various heap spaces.