AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[ShadowRealm] Make CallSite#getFunction/getThis throw

Browse Source 
ShadowRealms have a callable boundary: there cannot be any edges between
objects in the ShadowRealm and those from other realms. V8's
prepareCallStack API breaks this invariant via getFunction() and
getThis(). This CL makes those functions throw when called inside
ShadowRealms.

See also
https://docs.google.com/document/d/1aXEy4YCC9CduxLs7MGw-UOm0P4OuG7W-cScBnLG3ALI/edit?usp=sharing

Bug: v8:11989
Change-Id: I5a2b8fa735c0f10583c8cede4062645986b2d914
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4108810
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84944}
This commit is contained in:
Shu-yu Guo 2022-12-19 11:20:42 -08:00 committed by V8 LUCI CQ
parent ea1bac5386
commit b41df346db
17 changed files with 220 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ast/scopes.cc
View File

@ -1797,6 +1797,8 @@ const char* Header(ScopeType scope_type, FunctionKind function_kind,
case CLASS_SCOPE:
return "class";
case WITH_SCOPE: return "with";
case SHADOW_REALM_SCOPE:
return "shadowrealm";
}
UNREACHABLE();
}

22
src/builtins/builtins-callsite.cc
View File

@ -66,8 +66,17 @@ BUILTIN(CallSitePrototypeGetFileName) {
}
BUILTIN(CallSitePrototypeGetFunction) {
static const char method_name[] = "getFunction";
HandleScope scope(isolate);
CHECK_CALLSITE(frame, "getFunction");
CHECK_CALLSITE(frame, method_name);
if (isolate->raw_native_context().scope_info().scope_type() ==
SHADOW_REALM_SCOPE) {
THROW_NEW_ERROR_RETURN_FAILURE(
isolate,
NewTypeError(
MessageTemplate::kCallSiteMethodUnsupportedInShadowRealm,
isolate->factory()->NewStringFromAsciiChecked(method_name)));
}
if (frame->IsStrict() ||
(frame->function().IsJSFunction() &&
JSFunction::cast(frame->function()).shared().is_toplevel())) {
@ -124,8 +133,17 @@ BUILTIN(CallSitePrototypeGetScriptNameOrSourceURL) {
}
BUILTIN(CallSitePrototypeGetThis) {
static const char method_name[] = "getThis";
HandleScope scope(isolate);
CHECK_CALLSITE(frame, "getThis");
CHECK_CALLSITE(frame, method_name);
if (isolate->raw_native_context().scope_info().scope_type() ==
SHADOW_REALM_SCOPE) {
THROW_NEW_ERROR_RETURN_FAILURE(
isolate,
NewTypeError(
MessageTemplate::kCallSiteMethodUnsupportedInShadowRealm,
isolate->factory()->NewStringFromAsciiChecked(method_name)));
}
if (frame->IsStrict()) return ReadOnlyRoots(isolate).undefined_value();
isolate->CountUsage(v8::Isolate::kCallSiteAPIGetThisSloppyCall);
#if V8_ENABLE_WEBASSEMBLY

5
src/common/globals.h
View File

@ -1421,7 +1421,8 @@ enum ScopeType : uint8_t {
SCRIPT_SCOPE, // The top-level scope for a script or a top-level eval.
CATCH_SCOPE, // The scope introduced by catch.
BLOCK_SCOPE, // The scope introduced by a new block.
WITH_SCOPE // The scope introduced by with.
WITH_SCOPE, // The scope introduced by with.
SHADOW_REALM_SCOPE // Synthetic scope for ShadowRealm NativeContexts.
};
inline std::ostream& operator<<(std::ostream& os, ScopeType type) {
@ -1442,6 +1443,8 @@ inline std::ostream& operator<<(std::ostream& os, ScopeType type) {
return os << "CLASS_SCOPE";
case ScopeType::WITH_SCOPE:
return os << "WITH_SCOPE";
case ScopeType::SHADOW_REALM_SCOPE:
return os << "SHADOW_REALM_SCOPE";
}
UNREACHABLE();
}

2
src/common/message-template.h
View File

@ -66,6 +66,8 @@ namespace internal {
"CallSite expects wasm object as first or function as second argument, " \
"got <%, %>") \
T(CallSiteMethod, "CallSite method % expects CallSite as receiver") \
T(CallSiteMethodUnsupportedInShadowRealm, \
"CallSite method % is unsupported inside ShadowRealms") \
T(CannotBeShared, "% cannot be shared") \
T(CannotConvertToPrimitive, "Cannot convert object to primitive value") \
T(CannotPreventExt, "Cannot prevent extensions") \

4
src/d8/d8.cc
View File

@ -1319,6 +1319,10 @@ MaybeLocal<Context> Shell::HostCreateShadowRealmContext(
InitializeModuleEmbedderData(context);
std::shared_ptr<ModuleEmbedderData> initiator_data =
GetModuleDataFromContext(initiator_context);
// ShadowRealms are synchronously accessible and are always in the same origin
// as the initiator context.
context->SetSecurityToken(initiator_context->GetSecurityToken());
shadow_realm_data->origin = initiator_data->origin;
return context;

4
src/debug/debug-scopes.cc
View File

@ -529,6 +529,10 @@ ScopeIterator::ScopeType ScopeIterator::Type() const {
case EVAL_SCOPE:
DCHECK_IMPLIES(NeedsContext(), context_->IsEvalContext());
return ScopeTypeEval;
case SHADOW_REALM_SCOPE:
DCHECK_IMPLIES(NeedsContext(), context_->IsNativeContext());
// TODO(v8:11989): New ScopeType for ShadowRealms?
return ScopeTypeScript;
}
UNREACHABLE();
}

2
src/execution/isolate.cc
View File

@ -5310,6 +5310,8 @@ MaybeHandle<NativeContext> Isolate::RunHostCreateShadowRealmContextCallback() {
Handle<Context> shadow_realm_context_handle =
v8::Utils::OpenHandle(*shadow_realm_context);
DCHECK(shadow_realm_context_handle->IsNativeContext());
shadow_realm_context_handle->set_scope_info(
ReadOnlyRoots(this).shadow_realm_scope_info());
return Handle<NativeContext>::cast(shadow_realm_context_handle);
}

4
src/heap/setup-heap-internal.cc
View File

@ -974,6 +974,10 @@ void Heap::CreateInitialReadOnlyObjects() {
ScopeInfo::CreateForNativeContext(isolate());
set_native_scope_info(*native_scope_info);
Handle<ScopeInfo> shadow_realm_scope_info =
ScopeInfo::CreateForShadowRealmNativeContext(isolate());
set_shadow_realm_scope_info(*shadow_realm_scope_info);
// Canonical off-heap trampoline data
auto reloc_info = Builtins::GenerateOffHeapTrampolineRelocInfo(isolate_);
set_off_heap_trampoline_relocation_info(*reloc_info);

16
src/objects/scope-info.cc
View File

@ -490,13 +490,21 @@ Handle<ScopeInfo> ScopeInfo::CreateForNativeContext(Isolate* isolate) {
return CreateForBootstrapping(isolate, BootstrappingType::kNative);
}
// static
Handle<ScopeInfo> ScopeInfo::CreateForShadowRealmNativeContext(
Isolate* isolate) {
return CreateForBootstrapping(isolate, BootstrappingType::kShadowRealm);
}
// static
Handle<ScopeInfo> ScopeInfo::CreateForBootstrapping(Isolate* isolate,
BootstrappingType type) {
const int parameter_count = 0;
const bool is_empty_function = type == BootstrappingType::kFunction;
const bool is_native_context = type == BootstrappingType::kNative;
const bool is_native_context = (type == BootstrappingType::kNative) ||
(type == BootstrappingType::kShadowRealm);
const bool is_script = type == BootstrappingType::kScript;
const bool is_shadow_realm = type == BootstrappingType::kShadowRealm;
const int context_local_count =
is_empty_function || is_native_context ? 0 : 1;
const bool has_inferred_function_name = is_empty_function;
@ -513,8 +521,12 @@ Handle<ScopeInfo> ScopeInfo::CreateForBootstrapping(Isolate* isolate,
factory->NewScopeInfo(length, AllocationType::kReadOnly);
DisallowGarbageCollection _nogc;
// Encode the flags.
DCHECK_IMPLIES(is_shadow_realm || is_script, !is_empty_function);
int flags =
ScopeTypeBits::encode(is_empty_function ? FUNCTION_SCOPE : SCRIPT_SCOPE) |
ScopeTypeBits::encode(
is_empty_function
? FUNCTION_SCOPE
: (is_shadow_realm ? SHADOW_REALM_SCOPE : SCRIPT_SCOPE)) |
SloppyEvalCanExtendVarsBit::encode(false) |
LanguageModeBit::encode(LanguageMode::kSloppy) |
DeclarationScopeBit::encode(true) |

3
src/objects/scope-info.h
View File

@ -271,6 +271,7 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
V8_EXPORT_PRIVATE static Handle<ScopeInfo> CreateForEmptyFunction(
Isolate* isolate);
static Handle<ScopeInfo> CreateForNativeContext(Isolate* isolate);
static Handle<ScopeInfo> CreateForShadowRealmNativeContext(Isolate* isolate);
static Handle<ScopeInfo> CreateGlobalThisBinding(Isolate* isolate);
// Creates a copy of a {ScopeInfo} but with the provided locals blocklist
@ -363,7 +364,7 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
return index;
}
enum class BootstrappingType { kScript, kFunction, kNative };
enum class BootstrappingType { kScript, kFunction, kNative, kShadowRealm };
static Handle<ScopeInfo> CreateForBootstrapping(Isolate* isolate,
BootstrappingType type);

4
src/objects/scope-info.tq
View File

@ -17,7 +17,8 @@ extern enum ScopeType extends uint32 {
SCRIPT_SCOPE,
CATCH_SCOPE,
BLOCK_SCOPE,
WITH_SCOPE
WITH_SCOPE,
SHADOW_REALM_SCOPE
}
extern enum VariableAllocationInfo extends uint32 {
@ -158,6 +159,7 @@ extern class ScopeInfo extends HeapObject {
flags.scope_type == ScopeType::SCRIPT_SCOPE ||
flags.scope_type == ScopeType::EVAL_SCOPE ||
flags.scope_type == ScopeType::MODULE_SCOPE ||
flags.scope_type == ScopeType::SHADOW_REALM_SCOPE ||
(flags.is_empty ? false : flags.scope_type == ScopeType::CLASS_SCOPE)]:
PositionInfo;

1
src/roots/roots.h
View File

@ -229,6 +229,7 @@ class Symbol;
V(ScopeInfo, global_this_binding_scope_info, GlobalThisBindingScopeInfo) \
V(ScopeInfo, empty_function_scope_info, EmptyFunctionScopeInfo) \
V(ScopeInfo, native_scope_info, NativeScopeInfo) \
V(ScopeInfo, shadow_realm_scope_info, ShadowRealmScopeInfo) \
V(RegisteredSymbolTable, empty_symbol_table, EmptySymbolTable) \
/* Hash seed */ \
V(ByteArray, hash_seed, HashSeed)

49
test/mjsunit/harmony/shadowrealm-callsite-throw.js Normal file
View File

@ -0,0 +1,49 @@
// Copyright 2022 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --harmony-shadow-realm
// Test that CallSite#getFunction and CallSite#getThis throw inside
// ShadowRealms, as otherwise we could violate the callable boundary invariant.
const shadowRealm = new ShadowRealm();
// The ShadowRealm won't have assertThrows, so use try-catch and accumulate a
// message string.
const wrapped = shadowRealm.evaluate(`
Error.prepareStackTrace = function(err, frames) {
let a = [];
for (let i = 0; i < frames.length; i++) {
try {
a.push(frames[i].getFunction());
} catch (e) {
a.push("getFunction threw");
}
try {
a.push(frames[i].getThis());
} catch (e) {
a.push("getThis threw");
}
}
return a.join(' ');
};
function inner() {
try {
throw new Error();
} catch (e) {
return e.stack;
}
}
inner;
`);
(function outer() {
// There are 3 frames: top-level, outer, inner, so getFunction/getThis should
// throw 3 times.
assertEquals("getFunction threw getThis threw " +
"getFunction threw getThis threw " +
"getFunction threw getThis threw", wrapped());
})();

8
test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden
View File

@ -83,7 +83,7 @@ bytecodes: [
/* 48 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0),
/* 53 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
/* 58 E> */ B(GetKeyedProperty), R(this), U8(2),
B(Wide), B(LdaSmi), I16(306),
B(Wide), B(LdaSmi), I16(307),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),
@ -115,7 +115,7 @@ bytecodes: [
/* 41 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0),
/* 46 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
/* 51 E> */ B(GetKeyedProperty), R(this), U8(2),
B(Wide), B(LdaSmi), I16(305),
B(Wide), B(LdaSmi), I16(306),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),
@ -149,7 +149,7 @@ bytecodes: [
B(Star2),
B(LdaImmutableCurrentContextSlot), U8(3),
/* 58 E> */ B(GetKeyedProperty), R(this), U8(2),
B(Wide), B(LdaSmi), I16(306),
B(Wide), B(LdaSmi), I16(307),
B(Star3),
B(LdaConstant), U8(0),
B(Star4),
@ -181,7 +181,7 @@ bytecodes: [
/* 41 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0),
/* 46 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
/* 51 E> */ B(GetKeyedProperty), R(this), U8(2),
B(Wide), B(LdaSmi), I16(305),
B(Wide), B(LdaSmi), I16(306),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),

4
test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden
View File

@ -58,7 +58,7 @@ bytecodes: [
B(Star2),
B(LdaImmutableCurrentContextSlot), U8(3),
/* 54 E> */ B(GetKeyedProperty), R(this), U8(2),
B(Wide), B(LdaSmi), I16(304),
B(Wide), B(LdaSmi), I16(305),
B(Star3),
B(LdaConstant), U8(0),
B(Star4),
@ -91,7 +91,7 @@ bytecodes: [
/* 44 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0),
/* 49 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
/* 54 E> */ B(GetKeyedProperty), R(this), U8(2),
B(Wide), B(LdaSmi), I16(304),
B(Wide), B(LdaSmi), I16(305),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),

30
test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden
View File

@ -24,7 +24,7 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(1),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),
@ -61,13 +61,13 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),
/* 61 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(2), U8(2),
B(Throw),
B(Wide), B(LdaSmi), I16(304),
B(Wide), B(LdaSmi), I16(305),
B(Star2),
B(LdaConstant), U8(1),
B(Star3),
@ -99,13 +99,13 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star1),
B(LdaConstant), U8(0),
B(Star2),
/* 61 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2),
B(Throw),
B(Wide), B(LdaSmi), I16(304),
B(Wide), B(LdaSmi), I16(305),
B(Star1),
B(LdaConstant), U8(1),
B(Star2),
@ -145,7 +145,7 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),
@ -167,7 +167,7 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star3),
B(LdaConstant), U8(0),
B(Star4),
@ -182,7 +182,7 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),
@ -216,13 +216,13 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star1),
B(LdaConstant), U8(0),
B(Star2),
/* 65 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2),
B(Throw),
B(Wide), B(LdaSmi), I16(306),
B(Wide), B(LdaSmi), I16(307),
B(Star1),
B(LdaConstant), U8(1),
B(Star2),
@ -253,13 +253,13 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star1),
B(LdaConstant), U8(0),
B(Star2),
/* 58 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2),
B(Throw),
B(Wide), B(LdaSmi), I16(305),
B(Wide), B(LdaSmi), I16(306),
B(Star1),
B(LdaConstant), U8(1),
B(Star2),
@ -292,13 +292,13 @@ bytecodes: [
B(TestReferenceEqual), R(this),
B(Mov), R(this), R(0),
B(JumpIfTrue), U8(16),
B(Wide), B(LdaSmi), I16(298),
B(Wide), B(LdaSmi), I16(299),
B(Star2),
B(LdaConstant), U8(0),
B(Star3),
/* 65 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(2), U8(2),
B(Throw),
B(Wide), B(LdaSmi), I16(306),
B(Wide), B(LdaSmi), I16(307),
B(Star2),
B(LdaConstant), U8(1),
B(Star3),
@ -327,7 +327,7 @@ bytecode array length: 19
bytecodes: [
/* 46 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
/* 51 E> */ B(GetKeyedProperty), R(this), U8(0),
B(Wide), B(LdaSmi), I16(305),
B(Wide), B(LdaSmi), I16(306),
B(Star1),
B(LdaConstant), U8(0),
B(Star2),

161
tools/v8heapconst.py
View File

@ -403,84 +403,84 @@ KNOWN_MAPS = {
("read_only_space", 0x03499): (131, "BasicBlockCountersMarkerMap"),
("read_only_space", 0x034dd): (146, "ArrayBoilerplateDescriptionMap"),
("read_only_space", 0x035dd): (158, "InterceptorInfoMap"),
("read_only_space", 0x0763d): (132, "PromiseFulfillReactionJobTaskMap"),
("read_only_space", 0x07665): (133, "PromiseRejectReactionJobTaskMap"),
("read_only_space", 0x0768d): (134, "CallableTaskMap"),
("read_only_space", 0x076b5): (135, "CallbackTaskMap"),
("read_only_space", 0x076dd): (136, "PromiseResolveThenableJobTaskMap"),
("read_only_space", 0x07705): (139, "FunctionTemplateInfoMap"),
("read_only_space", 0x0772d): (140, "ObjectTemplateInfoMap"),
("read_only_space", 0x07755): (141, "AccessCheckInfoMap"),
("read_only_space", 0x0777d): (142, "AccessorPairMap"),
("read_only_space", 0x077a5): (143, "AliasedArgumentsEntryMap"),
("read_only_space", 0x077cd): (144, "AllocationMementoMap"),
("read_only_space", 0x077f5): (147, "AsmWasmDataMap"),
("read_only_space", 0x0781d): (148, "AsyncGeneratorRequestMap"),
("read_only_space", 0x07845): (149, "BreakPointMap"),
("read_only_space", 0x0786d): (150, "BreakPointInfoMap"),
("read_only_space", 0x07895): (151, "CallSiteInfoMap"),
("read_only_space", 0x078bd): (152, "ClassPositionsMap"),
("read_only_space", 0x078e5): (153, "DebugInfoMap"),
("read_only_space", 0x0790d): (155, "ErrorStackDataMap"),
("read_only_space", 0x07935): (157, "FunctionTemplateRareDataMap"),
("read_only_space", 0x0795d): (159, "InterpreterDataMap"),
("read_only_space", 0x07985): (160, "ModuleRequestMap"),
("read_only_space", 0x079ad): (161, "PromiseCapabilityMap"),
("read_only_space", 0x079d5): (162, "PromiseOnStackMap"),
("read_only_space", 0x079fd): (163, "PromiseReactionMap"),
("read_only_space", 0x07a25): (164, "PropertyDescriptorObjectMap"),
("read_only_space", 0x07a4d): (165, "PrototypeInfoMap"),
("read_only_space", 0x07a75): (166, "RegExpBoilerplateDescriptionMap"),
("read_only_space", 0x07a9d): (167, "ScriptMap"),
("read_only_space", 0x07ac5): (168, "ScriptOrModuleMap"),
("read_only_space", 0x07aed): (169, "SourceTextModuleInfoEntryMap"),
("read_only_space", 0x07b15): (170, "StackFrameInfoMap"),
("read_only_space", 0x07b3d): (171, "TemplateObjectDescriptionMap"),
("read_only_space", 0x07b65): (172, "Tuple2Map"),
("read_only_space", 0x07b8d): (173, "WasmExceptionTagMap"),
("read_only_space", 0x07bb5): (174, "WasmIndirectFunctionTableMap"),
("read_only_space", 0x07bdd): (194, "SloppyArgumentsElementsMap"),
("read_only_space", 0x07c05): (236, "DescriptorArrayMap"),
("read_only_space", 0x07c2d): (222, "UncompiledDataWithoutPreparseDataMap"),
("read_only_space", 0x07c55): (220, "UncompiledDataWithPreparseDataMap"),
("read_only_space", 0x07c7d): (223, "UncompiledDataWithoutPreparseDataWithJobMap"),
("read_only_space", 0x07ca5): (221, "UncompiledDataWithPreparseDataAndJobMap"),
("read_only_space", 0x07ccd): (257, "OnHeapBasicBlockProfilerDataMap"),
("read_only_space", 0x07cf5): (215, "TurbofanBitsetTypeMap"),
("read_only_space", 0x07d1d): (219, "TurbofanUnionTypeMap"),
("read_only_space", 0x07d45): (218, "TurbofanRangeTypeMap"),
("read_only_space", 0x07d6d): (216, "TurbofanHeapConstantTypeMap"),
("read_only_space", 0x07d95): (217, "TurbofanOtherNumberConstantTypeMap"),
("read_only_space", 0x07dbd): (198, "TurboshaftWord32TypeMap"),
("read_only_space", 0x07de5): (199, "TurboshaftWord32RangeTypeMap"),
("read_only_space", 0x07e0d): (200, "TurboshaftWord32SetTypeMap"),
("read_only_space", 0x07e35): (201, "TurboshaftWord64TypeMap"),
("read_only_space", 0x07e5d): (202, "TurboshaftWord64RangeTypeMap"),
("read_only_space", 0x07e85): (203, "TurboshaftWord64SetTypeMap"),
("read_only_space", 0x07ead): (195, "TurboshaftFloat64TypeMap"),
("read_only_space", 0x07ed5): (196, "TurboshaftFloat64RangeTypeMap"),
("read_only_space", 0x07efd): (197, "TurboshaftFloat64SetTypeMap"),
("read_only_space", 0x07f25): (253, "InternalClassMap"),
("read_only_space", 0x07f4d): (264, "SmiPairMap"),
("read_only_space", 0x07f75): (263, "SmiBoxMap"),
("read_only_space", 0x07f9d): (228, "ExportedSubClassBaseMap"),
("read_only_space", 0x07fc5): (229, "ExportedSubClassMap"),
("read_only_space", 0x07fed): (234, "AbstractInternalClassSubclass1Map"),
("read_only_space", 0x08015): (235, "AbstractInternalClassSubclass2Map"),
("read_only_space", 0x0803d): (193, "InternalClassWithSmiElementsMap"),
("read_only_space", 0x08065): (254, "InternalClassWithStructElementsMap"),
("read_only_space", 0x0808d): (230, "ExportedSubClass2Map"),
("read_only_space", 0x080b5): (265, "SortStateMap"),
("read_only_space", 0x080dd): (271, "WasmStringViewIterMap"),
("read_only_space", 0x08105): (145, "AllocationSiteWithWeakNextMap"),
("read_only_space", 0x0812d): (145, "AllocationSiteWithoutWeakNextMap"),
("read_only_space", 0x081f9): (137, "LoadHandler1Map"),
("read_only_space", 0x08221): (137, "LoadHandler2Map"),
("read_only_space", 0x08249): (137, "LoadHandler3Map"),
("read_only_space", 0x08271): (138, "StoreHandler0Map"),
("read_only_space", 0x08299): (138, "StoreHandler1Map"),
("read_only_space", 0x082c1): (138, "StoreHandler2Map"),
("read_only_space", 0x082e9): (138, "StoreHandler3Map"),
("read_only_space", 0x07655): (132, "PromiseFulfillReactionJobTaskMap"),
("read_only_space", 0x0767d): (133, "PromiseRejectReactionJobTaskMap"),
("read_only_space", 0x076a5): (134, "CallableTaskMap"),
("read_only_space", 0x076cd): (135, "CallbackTaskMap"),
("read_only_space", 0x076f5): (136, "PromiseResolveThenableJobTaskMap"),
("read_only_space", 0x0771d): (139, "FunctionTemplateInfoMap"),
("read_only_space", 0x07745): (140, "ObjectTemplateInfoMap"),
("read_only_space", 0x0776d): (141, "AccessCheckInfoMap"),
("read_only_space", 0x07795): (142, "AccessorPairMap"),
("read_only_space", 0x077bd): (143, "AliasedArgumentsEntryMap"),
("read_only_space", 0x077e5): (144, "AllocationMementoMap"),
("read_only_space", 0x0780d): (147, "AsmWasmDataMap"),
("read_only_space", 0x07835): (148, "AsyncGeneratorRequestMap"),
("read_only_space", 0x0785d): (149, "BreakPointMap"),
("read_only_space", 0x07885): (150, "BreakPointInfoMap"),
("read_only_space", 0x078ad): (151, "CallSiteInfoMap"),
("read_only_space", 0x078d5): (152, "ClassPositionsMap"),
("read_only_space", 0x078fd): (153, "DebugInfoMap"),
("read_only_space", 0x07925): (155, "ErrorStackDataMap"),
("read_only_space", 0x0794d): (157, "FunctionTemplateRareDataMap"),
("read_only_space", 0x07975): (159, "InterpreterDataMap"),
("read_only_space", 0x0799d): (160, "ModuleRequestMap"),
("read_only_space", 0x079c5): (161, "PromiseCapabilityMap"),
("read_only_space", 0x079ed): (162, "PromiseOnStackMap"),
("read_only_space", 0x07a15): (163, "PromiseReactionMap"),
("read_only_space", 0x07a3d): (164, "PropertyDescriptorObjectMap"),
("read_only_space", 0x07a65): (165, "PrototypeInfoMap"),
("read_only_space", 0x07a8d): (166, "RegExpBoilerplateDescriptionMap"),
("read_only_space", 0x07ab5): (167, "ScriptMap"),
("read_only_space", 0x07add): (168, "ScriptOrModuleMap"),
("read_only_space", 0x07b05): (169, "SourceTextModuleInfoEntryMap"),
("read_only_space", 0x07b2d): (170, "StackFrameInfoMap"),
("read_only_space", 0x07b55): (171, "TemplateObjectDescriptionMap"),
("read_only_space", 0x07b7d): (172, "Tuple2Map"),
("read_only_space", 0x07ba5): (173, "WasmExceptionTagMap"),
("read_only_space", 0x07bcd): (174, "WasmIndirectFunctionTableMap"),
("read_only_space", 0x07bf5): (194, "SloppyArgumentsElementsMap"),
("read_only_space", 0x07c1d): (236, "DescriptorArrayMap"),
("read_only_space", 0x07c45): (222, "UncompiledDataWithoutPreparseDataMap"),
("read_only_space", 0x07c6d): (220, "UncompiledDataWithPreparseDataMap"),
("read_only_space", 0x07c95): (223, "UncompiledDataWithoutPreparseDataWithJobMap"),
("read_only_space", 0x07cbd): (221, "UncompiledDataWithPreparseDataAndJobMap"),
("read_only_space", 0x07ce5): (257, "OnHeapBasicBlockProfilerDataMap"),
("read_only_space", 0x07d0d): (215, "TurbofanBitsetTypeMap"),
("read_only_space", 0x07d35): (219, "TurbofanUnionTypeMap"),
("read_only_space", 0x07d5d): (218, "TurbofanRangeTypeMap"),
("read_only_space", 0x07d85): (216, "TurbofanHeapConstantTypeMap"),
("read_only_space", 0x07dad): (217, "TurbofanOtherNumberConstantTypeMap"),
("read_only_space", 0x07dd5): (198, "TurboshaftWord32TypeMap"),
("read_only_space", 0x07dfd): (199, "TurboshaftWord32RangeTypeMap"),
("read_only_space", 0x07e25): (200, "TurboshaftWord32SetTypeMap"),
("read_only_space", 0x07e4d): (201, "TurboshaftWord64TypeMap"),
("read_only_space", 0x07e75): (202, "TurboshaftWord64RangeTypeMap"),
("read_only_space", 0x07e9d): (203, "TurboshaftWord64SetTypeMap"),
("read_only_space", 0x07ec5): (195, "TurboshaftFloat64TypeMap"),
("read_only_space", 0x07eed): (196, "TurboshaftFloat64RangeTypeMap"),
("read_only_space", 0x07f15): (197, "TurboshaftFloat64SetTypeMap"),
("read_only_space", 0x07f3d): (253, "InternalClassMap"),
("read_only_space", 0x07f65): (264, "SmiPairMap"),
("read_only_space", 0x07f8d): (263, "SmiBoxMap"),
("read_only_space", 0x07fb5): (228, "ExportedSubClassBaseMap"),
("read_only_space", 0x07fdd): (229, "ExportedSubClassMap"),
("read_only_space", 0x08005): (234, "AbstractInternalClassSubclass1Map"),
("read_only_space", 0x0802d): (235, "AbstractInternalClassSubclass2Map"),
("read_only_space", 0x08055): (193, "InternalClassWithSmiElementsMap"),
("read_only_space", 0x0807d): (254, "InternalClassWithStructElementsMap"),
("read_only_space", 0x080a5): (230, "ExportedSubClass2Map"),
("read_only_space", 0x080cd): (265, "SortStateMap"),
("read_only_space", 0x080f5): (271, "WasmStringViewIterMap"),
("read_only_space", 0x0811d): (145, "AllocationSiteWithWeakNextMap"),
("read_only_space", 0x08145): (145, "AllocationSiteWithoutWeakNextMap"),
("read_only_space", 0x08211): (137, "LoadHandler1Map"),
("read_only_space", 0x08239): (137, "LoadHandler2Map"),
("read_only_space", 0x08261): (137, "LoadHandler3Map"),
("read_only_space", 0x08289): (138, "StoreHandler0Map"),
("read_only_space", 0x082b1): (138, "StoreHandler1Map"),
("read_only_space", 0x082d9): (138, "StoreHandler2Map"),
("read_only_space", 0x08301): (138, "StoreHandler3Map"),
("old_space", 0x0438d): (2116, "ExternalMap"),
("old_space", 0x043b5): (2120, "JSMessageObjectMap"),
}
@ -536,8 +536,9 @@ KNOWN_OBJECTS = {
("read_only_space", 0x04b35): "GlobalThisBindingScopeInfo",
("read_only_space", 0x04b65): "EmptyFunctionScopeInfo",
("read_only_space", 0x04b89): "NativeScopeInfo",
("read_only_space", 0x04ba1): "EmptySymbolTable",
("read_only_space", 0x04bbd): "HashSeed",
("read_only_space", 0x04ba1): "ShadowRealmScopeInfo",
("read_only_space", 0x04bb9): "EmptySymbolTable",
("read_only_space", 0x04bd5): "HashSeed",
("old_space", 0x0423d): "ArgumentsIteratorAccessor",
("old_space", 0x04255): "ArrayLengthAccessor",
("old_space", 0x0426d): "BoundFunctionLengthAccessor",