From d097af6635a9773079d00cd9845c22f48a074c24 Mon Sep 17 00:00:00 2001 From: Omer Katz Date: Wed, 5 Oct 2022 13:56:34 +0200 Subject: [PATCH] [heap] Fix tsan races when accessing page flag WAS_USED_FOR_ALLOCATION is set whenever we allocate on a new-space page. This may happen while concurrent compilation is running in the background, which may race with checking other page flags during compilation. Bug: v8:13356 Change-Id: Id3d7f0904c61b18b5675e8c0351e17679f3c76ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3932165 Commit-Queue: Omer Katz Reviewed-by: Michael Lippautz Cr-Commit-Position: refs/heads/main@{#83538} --- src/heap/basic-memory-chunk.h | 6 +- src/heap/memory-chunk-layout.h | 3 + src/heap/memory-chunk.h | 12 +- tools/v8heapconst.py | 580 ++++++++++++++++----------------- 4 files changed, 301 insertions(+), 300 deletions(-) diff --git a/src/heap/basic-memory-chunk.h b/src/heap/basic-memory-chunk.h index 08bb6a7932..60a711b622 100644 --- a/src/heap/basic-memory-chunk.h +++ b/src/heap/basic-memory-chunk.h @@ -110,10 +110,6 @@ class BasicMemoryChunk { // A Page with code objects. IS_EXECUTABLE = 1u << 21, - - // A page that used for allocation since it was last swept. Used only for - // new space pages. - WAS_USED_FOR_ALLOCATION = 1u << 22, }; using MainThreadFlags = base::Flags; @@ -357,7 +353,7 @@ class BasicMemoryChunk { size_t size_; // Flags that are only mutable from the main thread when no concurrent - // component (e.g. marker, sweeper) is running. + // component (e.g. marker, sweeper, compilation, allocation) is running. MainThreadFlags main_thread_flags_{NO_FLAGS}; // TODO(v8:7464): Find a way to remove this. diff --git a/src/heap/memory-chunk-layout.h b/src/heap/memory-chunk-layout.h index 053f35f309..2e1d0e52bb 100644 --- a/src/heap/memory-chunk-layout.h +++ b/src/heap/memory-chunk-layout.h @@ -72,6 +72,7 @@ class V8_EXPORT_PRIVATE MemoryChunkLayout { #ifdef V8_ENABLE_INNER_POINTER_RESOLUTION_OSB FIELD(ObjectStartBitmap, ObjectStartBitmap), #endif // V8_ENABLE_INNER_POINTER_RESOLUTION_OSB + FIELD(size_t, WasUsedForAllocation), kMarkingBitmapOffset, kMemoryChunkHeaderSize = kMarkingBitmapOffset, kMemoryChunkHeaderStart = kSlotSetOffset, @@ -89,6 +90,8 @@ class V8_EXPORT_PRIVATE MemoryChunkLayout { static size_t AllocatableMemoryInMemoryChunk(AllocationSpace space); static int MaxRegularCodeObjectSize(); + + static_assert(kMemoryChunkHeaderSize % alignof(size_t) == 0); }; } // namespace internal diff --git a/src/heap/memory-chunk.h b/src/heap/memory-chunk.h index 99ff7a6a70..906ff6a23e 100644 --- a/src/heap/memory-chunk.h +++ b/src/heap/memory-chunk.h @@ -220,11 +220,9 @@ class MemoryChunk : public BasicMemoryChunk { } #endif // V8_ENABLE_INNER_POINTER_RESOLUTION_OSB - void MarkWasUsedForAllocation() { SetFlag(WAS_USED_FOR_ALLOCATION); } - void ClearWasUsedForAllocation() { ClearFlag(WAS_USED_FOR_ALLOCATION); } - bool WasUsedForAllocation() const { - return IsFlagSet(WAS_USED_FOR_ALLOCATION); - } + void MarkWasUsedForAllocation() { was_used_for_allocation_ = true; } + void ClearWasUsedForAllocation() { was_used_for_allocation_ = false; } + bool WasUsedForAllocation() const { return was_used_for_allocation_; } protected: // Release all memory allocated by the chunk. Should be called when memory @@ -293,6 +291,10 @@ class MemoryChunk : public BasicMemoryChunk { ObjectStartBitmap object_start_bitmap_; #endif // V8_ENABLE_INNER_POINTER_RESOLUTION_OSB + // Marks a chunk that was used for allocation since it was last swept. Used + // only for new space pages. + size_t was_used_for_allocation_ = false; + private: friend class ConcurrentMarkingState; friend class MarkingState; diff --git a/tools/v8heapconst.py b/tools/v8heapconst.py index e07c9035a8..aac90993d3 100644 --- a/tools/v8heapconst.py +++ b/tools/v8heapconst.py @@ -285,300 +285,300 @@ INSTANCE_TYPES = { # List of known V8 maps. KNOWN_MAPS = { - ("read_only_space", 0x02139): (247, "MetaMap"), - ("read_only_space", 0x02161): (131, "NullMap"), - ("read_only_space", 0x02189): (229, "StrongDescriptorArrayMap"), - ("read_only_space", 0x021b1): (265, "WeakArrayListMap"), - ("read_only_space", 0x021f5): (155, "EnumCacheMap"), - ("read_only_space", 0x02229): (176, "FixedArrayMap"), - ("read_only_space", 0x02275): (8, "OneByteInternalizedStringMap"), - ("read_only_space", 0x022c1): (244, "FreeSpaceMap"), - ("read_only_space", 0x022e9): (243, "OnePointerFillerMap"), - ("read_only_space", 0x02311): (243, "TwoPointerFillerMap"), - ("read_only_space", 0x02339): (131, "UninitializedMap"), - ("read_only_space", 0x023b1): (131, "UndefinedMap"), - ("read_only_space", 0x023f5): (130, "HeapNumberMap"), - ("read_only_space", 0x02429): (131, "TheHoleMap"), - ("read_only_space", 0x02489): (131, "BooleanMap"), - ("read_only_space", 0x0252d): (191, "ByteArrayMap"), - ("read_only_space", 0x02555): (176, "FixedCOWArrayMap"), - ("read_only_space", 0x0257d): (177, "HashTableMap"), - ("read_only_space", 0x025a5): (128, "SymbolMap"), - ("read_only_space", 0x025cd): (40, "OneByteStringMap"), - ("read_only_space", 0x025f5): (253, "ScopeInfoMap"), - ("read_only_space", 0x0261d): (254, "SharedFunctionInfoMap"), - ("read_only_space", 0x02645): (237, "CodeMap"), - ("read_only_space", 0x0266d): (236, "CellMap"), - ("read_only_space", 0x02695): (252, "GlobalPropertyCellMap"), - ("read_only_space", 0x026bd): (204, "ForeignMap"), - ("read_only_space", 0x026e5): (233, "TransitionArrayMap"), - ("read_only_space", 0x0270d): (45, "ThinOneByteStringMap"), - ("read_only_space", 0x02735): (242, "FeedbackVectorMap"), - ("read_only_space", 0x0276d): (131, "ArgumentsMarkerMap"), - ("read_only_space", 0x027cd): (131, "ExceptionMap"), - ("read_only_space", 0x02829): (131, "TerminationExceptionMap"), - ("read_only_space", 0x02891): (131, "OptimizedOutMap"), - ("read_only_space", 0x028f1): (131, "StaleRegisterMap"), - ("read_only_space", 0x02951): (190, "ScriptContextTableMap"), - ("read_only_space", 0x02979): (188, "ClosureFeedbackCellArrayMap"), - ("read_only_space", 0x029a1): (241, "FeedbackMetadataArrayMap"), - ("read_only_space", 0x029c9): (176, "ArrayListMap"), - ("read_only_space", 0x029f1): (129, "BigIntMap"), - ("read_only_space", 0x02a19): (189, "ObjectBoilerplateDescriptionMap"), - ("read_only_space", 0x02a41): (192, "BytecodeArrayMap"), - ("read_only_space", 0x02a69): (238, "CodeDataContainerMap"), - ("read_only_space", 0x02a91): (239, "CoverageInfoMap"), - ("read_only_space", 0x02ab9): (193, "FixedDoubleArrayMap"), - ("read_only_space", 0x02ae1): (179, "GlobalDictionaryMap"), - ("read_only_space", 0x02b09): (157, "ManyClosuresCellMap"), - ("read_only_space", 0x02b31): (248, "MegaDomHandlerMap"), - ("read_only_space", 0x02b59): (176, "ModuleInfoMap"), - ("read_only_space", 0x02b81): (180, "NameDictionaryMap"), - ("read_only_space", 0x02ba9): (157, "NoClosuresCellMap"), - ("read_only_space", 0x02bd1): (182, "NumberDictionaryMap"), - ("read_only_space", 0x02bf9): (157, "OneClosureCellMap"), - ("read_only_space", 0x02c21): (183, "OrderedHashMapMap"), - ("read_only_space", 0x02c49): (184, "OrderedHashSetMap"), - ("read_only_space", 0x02c71): (181, "NameToIndexHashTableMap"), - ("read_only_space", 0x02c99): (186, "RegisteredSymbolTableMap"), - ("read_only_space", 0x02cc1): (185, "OrderedNameDictionaryMap"), - ("read_only_space", 0x02ce9): (250, "PreparseDataMap"), - ("read_only_space", 0x02d11): (251, "PropertyArrayMap"), - ("read_only_space", 0x02d39): (234, "AccessorInfoMap"), - ("read_only_space", 0x02d61): (235, "SideEffectCallHandlerInfoMap"), - ("read_only_space", 0x02d89): (235, "SideEffectFreeCallHandlerInfoMap"), - ("read_only_space", 0x02db1): (235, "NextCallSideEffectFreeCallHandlerInfoMap"), - ("read_only_space", 0x02dd9): (187, "SimpleNumberDictionaryMap"), - ("read_only_space", 0x02e01): (223, "SmallOrderedHashMapMap"), - ("read_only_space", 0x02e29): (224, "SmallOrderedHashSetMap"), - ("read_only_space", 0x02e51): (225, "SmallOrderedNameDictionaryMap"), - ("read_only_space", 0x02e79): (230, "SourceTextModuleMap"), - ("read_only_space", 0x02ea1): (258, "SwissNameDictionaryMap"), - ("read_only_space", 0x02ec9): (231, "SyntheticModuleMap"), - ("read_only_space", 0x02ef1): (259, "WasmApiFunctionRefMap"), - ("read_only_space", 0x02f19): (220, "WasmCapiFunctionDataMap"), - ("read_only_space", 0x02f41): (221, "WasmExportedFunctionDataMap"), - ("read_only_space", 0x02f69): (261, "WasmInternalFunctionMap"), - ("read_only_space", 0x02f91): (222, "WasmJSFunctionDataMap"), - ("read_only_space", 0x02fb9): (262, "WasmResumeDataMap"), - ("read_only_space", 0x02fe1): (264, "WasmTypeInfoMap"), - ("read_only_space", 0x03009): (260, "WasmContinuationObjectMap"), - ("read_only_space", 0x03031): (232, "WeakFixedArrayMap"), - ("read_only_space", 0x03059): (178, "EphemeronHashTableMap"), - ("read_only_space", 0x03081): (240, "EmbedderDataArrayMap"), - ("read_only_space", 0x030a9): (266, "WeakCellMap"), - ("read_only_space", 0x030d1): (32, "StringMap"), - ("read_only_space", 0x030f9): (41, "ConsOneByteStringMap"), - ("read_only_space", 0x03121): (33, "ConsStringMap"), - ("read_only_space", 0x03149): (37, "ThinStringMap"), - ("read_only_space", 0x03171): (35, "SlicedStringMap"), - ("read_only_space", 0x03199): (43, "SlicedOneByteStringMap"), - ("read_only_space", 0x031c1): (34, "ExternalStringMap"), - ("read_only_space", 0x031e9): (42, "ExternalOneByteStringMap"), - ("read_only_space", 0x03211): (50, "UncachedExternalStringMap"), - ("read_only_space", 0x03239): (0, "InternalizedStringMap"), - ("read_only_space", 0x03261): (2, "ExternalInternalizedStringMap"), - ("read_only_space", 0x03289): (10, "ExternalOneByteInternalizedStringMap"), - ("read_only_space", 0x032b1): (18, "UncachedExternalInternalizedStringMap"), - ("read_only_space", 0x032d9): (26, "UncachedExternalOneByteInternalizedStringMap"), - ("read_only_space", 0x03301): (58, "UncachedExternalOneByteStringMap"), - ("read_only_space", 0x03329): (104, "SharedOneByteStringMap"), - ("read_only_space", 0x03351): (96, "SharedStringMap"), - ("read_only_space", 0x03379): (106, "SharedExternalOneByteStringMap"), - ("read_only_space", 0x033a1): (98, "SharedExternalStringMap"), - ("read_only_space", 0x033c9): (122, "SharedUncachedExternalOneByteStringMap"), - ("read_only_space", 0x033f1): (114, "SharedUncachedExternalStringMap"), - ("read_only_space", 0x03419): (109, "SharedThinOneByteStringMap"), - ("read_only_space", 0x03441): (101, "SharedThinStringMap"), - ("read_only_space", 0x03469): (131, "SelfReferenceMarkerMap"), - ("read_only_space", 0x03491): (131, "BasicBlockCountersMarkerMap"), - ("read_only_space", 0x034d5): (146, "ArrayBoilerplateDescriptionMap"), - ("read_only_space", 0x035d5): (159, "InterceptorInfoMap"), - ("read_only_space", 0x075ad): (132, "PromiseFulfillReactionJobTaskMap"), - ("read_only_space", 0x075d5): (133, "PromiseRejectReactionJobTaskMap"), - ("read_only_space", 0x075fd): (134, "CallableTaskMap"), - ("read_only_space", 0x07625): (135, "CallbackTaskMap"), - ("read_only_space", 0x0764d): (136, "PromiseResolveThenableJobTaskMap"), - ("read_only_space", 0x07675): (139, "FunctionTemplateInfoMap"), - ("read_only_space", 0x0769d): (140, "ObjectTemplateInfoMap"), - ("read_only_space", 0x076c5): (141, "AccessCheckInfoMap"), - ("read_only_space", 0x076ed): (142, "AccessorPairMap"), - ("read_only_space", 0x07715): (143, "AliasedArgumentsEntryMap"), - ("read_only_space", 0x0773d): (144, "AllocationMementoMap"), - ("read_only_space", 0x07765): (147, "AsmWasmDataMap"), - ("read_only_space", 0x0778d): (148, "AsyncGeneratorRequestMap"), - ("read_only_space", 0x077b5): (149, "BreakPointMap"), - ("read_only_space", 0x077dd): (150, "BreakPointInfoMap"), - ("read_only_space", 0x07805): (151, "CachedTemplateObjectMap"), - ("read_only_space", 0x0782d): (152, "CallSiteInfoMap"), - ("read_only_space", 0x07855): (153, "ClassPositionsMap"), - ("read_only_space", 0x0787d): (154, "DebugInfoMap"), - ("read_only_space", 0x078a5): (156, "ErrorStackDataMap"), - ("read_only_space", 0x078cd): (158, "FunctionTemplateRareDataMap"), - ("read_only_space", 0x078f5): (160, "InterpreterDataMap"), - ("read_only_space", 0x0791d): (161, "ModuleRequestMap"), - ("read_only_space", 0x07945): (162, "PromiseCapabilityMap"), - ("read_only_space", 0x0796d): (163, "PromiseOnStackMap"), - ("read_only_space", 0x07995): (164, "PromiseReactionMap"), - ("read_only_space", 0x079bd): (165, "PropertyDescriptorObjectMap"), - ("read_only_space", 0x079e5): (166, "PrototypeInfoMap"), - ("read_only_space", 0x07a0d): (167, "RegExpBoilerplateDescriptionMap"), - ("read_only_space", 0x07a35): (168, "ScriptMap"), - ("read_only_space", 0x07a5d): (169, "ScriptOrModuleMap"), - ("read_only_space", 0x07a85): (170, "SourceTextModuleInfoEntryMap"), - ("read_only_space", 0x07aad): (171, "StackFrameInfoMap"), - ("read_only_space", 0x07ad5): (172, "TemplateObjectDescriptionMap"), - ("read_only_space", 0x07afd): (173, "Tuple2Map"), - ("read_only_space", 0x07b25): (174, "WasmExceptionTagMap"), - ("read_only_space", 0x07b4d): (175, "WasmIndirectFunctionTableMap"), - ("read_only_space", 0x07b75): (195, "SloppyArgumentsElementsMap"), - ("read_only_space", 0x07b9d): (228, "DescriptorArrayMap"), - ("read_only_space", 0x07bc5): (217, "UncompiledDataWithoutPreparseDataMap"), - ("read_only_space", 0x07bed): (215, "UncompiledDataWithPreparseDataMap"), - ("read_only_space", 0x07c15): (218, "UncompiledDataWithoutPreparseDataWithJobMap"), - ("read_only_space", 0x07c3d): (216, "UncompiledDataWithPreparseDataAndJobMap"), - ("read_only_space", 0x07c65): (249, "OnHeapBasicBlockProfilerDataMap"), - ("read_only_space", 0x07c8d): (196, "TurbofanBitsetTypeMap"), - ("read_only_space", 0x07cb5): (200, "TurbofanUnionTypeMap"), - ("read_only_space", 0x07cdd): (199, "TurbofanRangeTypeMap"), - ("read_only_space", 0x07d05): (197, "TurbofanHeapConstantTypeMap"), - ("read_only_space", 0x07d2d): (198, "TurbofanOtherNumberConstantTypeMap"), - ("read_only_space", 0x07d55): (245, "InternalClassMap"), - ("read_only_space", 0x07d7d): (256, "SmiPairMap"), - ("read_only_space", 0x07da5): (255, "SmiBoxMap"), - ("read_only_space", 0x07dcd): (201, "ExportedSubClassBaseMap"), - ("read_only_space", 0x07df5): (202, "ExportedSubClassMap"), - ("read_only_space", 0x07e1d): (226, "AbstractInternalClassSubclass1Map"), - ("read_only_space", 0x07e45): (227, "AbstractInternalClassSubclass2Map"), - ("read_only_space", 0x07e6d): (194, "InternalClassWithSmiElementsMap"), - ("read_only_space", 0x07e95): (246, "InternalClassWithStructElementsMap"), - ("read_only_space", 0x07ebd): (203, "ExportedSubClass2Map"), - ("read_only_space", 0x07ee5): (257, "SortStateMap"), - ("read_only_space", 0x07f0d): (263, "WasmStringViewIterMap"), - ("read_only_space", 0x07f35): (145, "AllocationSiteWithWeakNextMap"), - ("read_only_space", 0x07f5d): (145, "AllocationSiteWithoutWeakNextMap"), - ("read_only_space", 0x08029): (137, "LoadHandler1Map"), - ("read_only_space", 0x08051): (137, "LoadHandler2Map"), - ("read_only_space", 0x08079): (137, "LoadHandler3Map"), - ("read_only_space", 0x080a1): (138, "StoreHandler0Map"), - ("read_only_space", 0x080c9): (138, "StoreHandler1Map"), - ("read_only_space", 0x080f1): (138, "StoreHandler2Map"), - ("read_only_space", 0x08119): (138, "StoreHandler3Map"), - ("old_space", 0x0439d): (2116, "ExternalMap"), - ("old_space", 0x043cd): (2120, "JSMessageObjectMap"), + ("read_only_space", 0x02141): (247, "MetaMap"), + ("read_only_space", 0x02169): (131, "NullMap"), + ("read_only_space", 0x02191): (229, "StrongDescriptorArrayMap"), + ("read_only_space", 0x021b9): (265, "WeakArrayListMap"), + ("read_only_space", 0x021fd): (155, "EnumCacheMap"), + ("read_only_space", 0x02231): (176, "FixedArrayMap"), + ("read_only_space", 0x0227d): (8, "OneByteInternalizedStringMap"), + ("read_only_space", 0x022c9): (244, "FreeSpaceMap"), + ("read_only_space", 0x022f1): (243, "OnePointerFillerMap"), + ("read_only_space", 0x02319): (243, "TwoPointerFillerMap"), + ("read_only_space", 0x02341): (131, "UninitializedMap"), + ("read_only_space", 0x023b9): (131, "UndefinedMap"), + ("read_only_space", 0x023fd): (130, "HeapNumberMap"), + ("read_only_space", 0x02431): (131, "TheHoleMap"), + ("read_only_space", 0x02491): (131, "BooleanMap"), + ("read_only_space", 0x02535): (191, "ByteArrayMap"), + ("read_only_space", 0x0255d): (176, "FixedCOWArrayMap"), + ("read_only_space", 0x02585): (177, "HashTableMap"), + ("read_only_space", 0x025ad): (128, "SymbolMap"), + ("read_only_space", 0x025d5): (40, "OneByteStringMap"), + ("read_only_space", 0x025fd): (253, "ScopeInfoMap"), + ("read_only_space", 0x02625): (254, "SharedFunctionInfoMap"), + ("read_only_space", 0x0264d): (237, "CodeMap"), + ("read_only_space", 0x02675): (236, "CellMap"), + ("read_only_space", 0x0269d): (252, "GlobalPropertyCellMap"), + ("read_only_space", 0x026c5): (204, "ForeignMap"), + ("read_only_space", 0x026ed): (233, "TransitionArrayMap"), + ("read_only_space", 0x02715): (45, "ThinOneByteStringMap"), + ("read_only_space", 0x0273d): (242, "FeedbackVectorMap"), + ("read_only_space", 0x02775): (131, "ArgumentsMarkerMap"), + ("read_only_space", 0x027d5): (131, "ExceptionMap"), + ("read_only_space", 0x02831): (131, "TerminationExceptionMap"), + ("read_only_space", 0x02899): (131, "OptimizedOutMap"), + ("read_only_space", 0x028f9): (131, "StaleRegisterMap"), + ("read_only_space", 0x02959): (190, "ScriptContextTableMap"), + ("read_only_space", 0x02981): (188, "ClosureFeedbackCellArrayMap"), + ("read_only_space", 0x029a9): (241, "FeedbackMetadataArrayMap"), + ("read_only_space", 0x029d1): (176, "ArrayListMap"), + ("read_only_space", 0x029f9): (129, "BigIntMap"), + ("read_only_space", 0x02a21): (189, "ObjectBoilerplateDescriptionMap"), + ("read_only_space", 0x02a49): (192, "BytecodeArrayMap"), + ("read_only_space", 0x02a71): (238, "CodeDataContainerMap"), + ("read_only_space", 0x02a99): (239, "CoverageInfoMap"), + ("read_only_space", 0x02ac1): (193, "FixedDoubleArrayMap"), + ("read_only_space", 0x02ae9): (179, "GlobalDictionaryMap"), + ("read_only_space", 0x02b11): (157, "ManyClosuresCellMap"), + ("read_only_space", 0x02b39): (248, "MegaDomHandlerMap"), + ("read_only_space", 0x02b61): (176, "ModuleInfoMap"), + ("read_only_space", 0x02b89): (180, "NameDictionaryMap"), + ("read_only_space", 0x02bb1): (157, "NoClosuresCellMap"), + ("read_only_space", 0x02bd9): (182, "NumberDictionaryMap"), + ("read_only_space", 0x02c01): (157, "OneClosureCellMap"), + ("read_only_space", 0x02c29): (183, "OrderedHashMapMap"), + ("read_only_space", 0x02c51): (184, "OrderedHashSetMap"), + ("read_only_space", 0x02c79): (181, "NameToIndexHashTableMap"), + ("read_only_space", 0x02ca1): (186, "RegisteredSymbolTableMap"), + ("read_only_space", 0x02cc9): (185, "OrderedNameDictionaryMap"), + ("read_only_space", 0x02cf1): (250, "PreparseDataMap"), + ("read_only_space", 0x02d19): (251, "PropertyArrayMap"), + ("read_only_space", 0x02d41): (234, "AccessorInfoMap"), + ("read_only_space", 0x02d69): (235, "SideEffectCallHandlerInfoMap"), + ("read_only_space", 0x02d91): (235, "SideEffectFreeCallHandlerInfoMap"), + ("read_only_space", 0x02db9): (235, "NextCallSideEffectFreeCallHandlerInfoMap"), + ("read_only_space", 0x02de1): (187, "SimpleNumberDictionaryMap"), + ("read_only_space", 0x02e09): (223, "SmallOrderedHashMapMap"), + ("read_only_space", 0x02e31): (224, "SmallOrderedHashSetMap"), + ("read_only_space", 0x02e59): (225, "SmallOrderedNameDictionaryMap"), + ("read_only_space", 0x02e81): (230, "SourceTextModuleMap"), + ("read_only_space", 0x02ea9): (258, "SwissNameDictionaryMap"), + ("read_only_space", 0x02ed1): (231, "SyntheticModuleMap"), + ("read_only_space", 0x02ef9): (259, "WasmApiFunctionRefMap"), + ("read_only_space", 0x02f21): (220, "WasmCapiFunctionDataMap"), + ("read_only_space", 0x02f49): (221, "WasmExportedFunctionDataMap"), + ("read_only_space", 0x02f71): (261, "WasmInternalFunctionMap"), + ("read_only_space", 0x02f99): (222, "WasmJSFunctionDataMap"), + ("read_only_space", 0x02fc1): (262, "WasmResumeDataMap"), + ("read_only_space", 0x02fe9): (264, "WasmTypeInfoMap"), + ("read_only_space", 0x03011): (260, "WasmContinuationObjectMap"), + ("read_only_space", 0x03039): (232, "WeakFixedArrayMap"), + ("read_only_space", 0x03061): (178, "EphemeronHashTableMap"), + ("read_only_space", 0x03089): (240, "EmbedderDataArrayMap"), + ("read_only_space", 0x030b1): (266, "WeakCellMap"), + ("read_only_space", 0x030d9): (32, "StringMap"), + ("read_only_space", 0x03101): (41, "ConsOneByteStringMap"), + ("read_only_space", 0x03129): (33, "ConsStringMap"), + ("read_only_space", 0x03151): (37, "ThinStringMap"), + ("read_only_space", 0x03179): (35, "SlicedStringMap"), + ("read_only_space", 0x031a1): (43, "SlicedOneByteStringMap"), + ("read_only_space", 0x031c9): (34, "ExternalStringMap"), + ("read_only_space", 0x031f1): (42, "ExternalOneByteStringMap"), + ("read_only_space", 0x03219): (50, "UncachedExternalStringMap"), + ("read_only_space", 0x03241): (0, "InternalizedStringMap"), + ("read_only_space", 0x03269): (2, "ExternalInternalizedStringMap"), + ("read_only_space", 0x03291): (10, "ExternalOneByteInternalizedStringMap"), + ("read_only_space", 0x032b9): (18, "UncachedExternalInternalizedStringMap"), + ("read_only_space", 0x032e1): (26, "UncachedExternalOneByteInternalizedStringMap"), + ("read_only_space", 0x03309): (58, "UncachedExternalOneByteStringMap"), + ("read_only_space", 0x03331): (104, "SharedOneByteStringMap"), + ("read_only_space", 0x03359): (96, "SharedStringMap"), + ("read_only_space", 0x03381): (106, "SharedExternalOneByteStringMap"), + ("read_only_space", 0x033a9): (98, "SharedExternalStringMap"), + ("read_only_space", 0x033d1): (122, "SharedUncachedExternalOneByteStringMap"), + ("read_only_space", 0x033f9): (114, "SharedUncachedExternalStringMap"), + ("read_only_space", 0x03421): (109, "SharedThinOneByteStringMap"), + ("read_only_space", 0x03449): (101, "SharedThinStringMap"), + ("read_only_space", 0x03471): (131, "SelfReferenceMarkerMap"), + ("read_only_space", 0x03499): (131, "BasicBlockCountersMarkerMap"), + ("read_only_space", 0x034dd): (146, "ArrayBoilerplateDescriptionMap"), + ("read_only_space", 0x035dd): (159, "InterceptorInfoMap"), + ("read_only_space", 0x075b5): (132, "PromiseFulfillReactionJobTaskMap"), + ("read_only_space", 0x075dd): (133, "PromiseRejectReactionJobTaskMap"), + ("read_only_space", 0x07605): (134, "CallableTaskMap"), + ("read_only_space", 0x0762d): (135, "CallbackTaskMap"), + ("read_only_space", 0x07655): (136, "PromiseResolveThenableJobTaskMap"), + ("read_only_space", 0x0767d): (139, "FunctionTemplateInfoMap"), + ("read_only_space", 0x076a5): (140, "ObjectTemplateInfoMap"), + ("read_only_space", 0x076cd): (141, "AccessCheckInfoMap"), + ("read_only_space", 0x076f5): (142, "AccessorPairMap"), + ("read_only_space", 0x0771d): (143, "AliasedArgumentsEntryMap"), + ("read_only_space", 0x07745): (144, "AllocationMementoMap"), + ("read_only_space", 0x0776d): (147, "AsmWasmDataMap"), + ("read_only_space", 0x07795): (148, "AsyncGeneratorRequestMap"), + ("read_only_space", 0x077bd): (149, "BreakPointMap"), + ("read_only_space", 0x077e5): (150, "BreakPointInfoMap"), + ("read_only_space", 0x0780d): (151, "CachedTemplateObjectMap"), + ("read_only_space", 0x07835): (152, "CallSiteInfoMap"), + ("read_only_space", 0x0785d): (153, "ClassPositionsMap"), + ("read_only_space", 0x07885): (154, "DebugInfoMap"), + ("read_only_space", 0x078ad): (156, "ErrorStackDataMap"), + ("read_only_space", 0x078d5): (158, "FunctionTemplateRareDataMap"), + ("read_only_space", 0x078fd): (160, "InterpreterDataMap"), + ("read_only_space", 0x07925): (161, "ModuleRequestMap"), + ("read_only_space", 0x0794d): (162, "PromiseCapabilityMap"), + ("read_only_space", 0x07975): (163, "PromiseOnStackMap"), + ("read_only_space", 0x0799d): (164, "PromiseReactionMap"), + ("read_only_space", 0x079c5): (165, "PropertyDescriptorObjectMap"), + ("read_only_space", 0x079ed): (166, "PrototypeInfoMap"), + ("read_only_space", 0x07a15): (167, "RegExpBoilerplateDescriptionMap"), + ("read_only_space", 0x07a3d): (168, "ScriptMap"), + ("read_only_space", 0x07a65): (169, "ScriptOrModuleMap"), + ("read_only_space", 0x07a8d): (170, "SourceTextModuleInfoEntryMap"), + ("read_only_space", 0x07ab5): (171, "StackFrameInfoMap"), + ("read_only_space", 0x07add): (172, "TemplateObjectDescriptionMap"), + ("read_only_space", 0x07b05): (173, "Tuple2Map"), + ("read_only_space", 0x07b2d): (174, "WasmExceptionTagMap"), + ("read_only_space", 0x07b55): (175, "WasmIndirectFunctionTableMap"), + ("read_only_space", 0x07b7d): (195, "SloppyArgumentsElementsMap"), + ("read_only_space", 0x07ba5): (228, "DescriptorArrayMap"), + ("read_only_space", 0x07bcd): (217, "UncompiledDataWithoutPreparseDataMap"), + ("read_only_space", 0x07bf5): (215, "UncompiledDataWithPreparseDataMap"), + ("read_only_space", 0x07c1d): (218, "UncompiledDataWithoutPreparseDataWithJobMap"), + ("read_only_space", 0x07c45): (216, "UncompiledDataWithPreparseDataAndJobMap"), + ("read_only_space", 0x07c6d): (249, "OnHeapBasicBlockProfilerDataMap"), + ("read_only_space", 0x07c95): (196, "TurbofanBitsetTypeMap"), + ("read_only_space", 0x07cbd): (200, "TurbofanUnionTypeMap"), + ("read_only_space", 0x07ce5): (199, "TurbofanRangeTypeMap"), + ("read_only_space", 0x07d0d): (197, "TurbofanHeapConstantTypeMap"), + ("read_only_space", 0x07d35): (198, "TurbofanOtherNumberConstantTypeMap"), + ("read_only_space", 0x07d5d): (245, "InternalClassMap"), + ("read_only_space", 0x07d85): (256, "SmiPairMap"), + ("read_only_space", 0x07dad): (255, "SmiBoxMap"), + ("read_only_space", 0x07dd5): (201, "ExportedSubClassBaseMap"), + ("read_only_space", 0x07dfd): (202, "ExportedSubClassMap"), + ("read_only_space", 0x07e25): (226, "AbstractInternalClassSubclass1Map"), + ("read_only_space", 0x07e4d): (227, "AbstractInternalClassSubclass2Map"), + ("read_only_space", 0x07e75): (194, "InternalClassWithSmiElementsMap"), + ("read_only_space", 0x07e9d): (246, "InternalClassWithStructElementsMap"), + ("read_only_space", 0x07ec5): (203, "ExportedSubClass2Map"), + ("read_only_space", 0x07eed): (257, "SortStateMap"), + ("read_only_space", 0x07f15): (263, "WasmStringViewIterMap"), + ("read_only_space", 0x07f3d): (145, "AllocationSiteWithWeakNextMap"), + ("read_only_space", 0x07f65): (145, "AllocationSiteWithoutWeakNextMap"), + ("read_only_space", 0x08031): (137, "LoadHandler1Map"), + ("read_only_space", 0x08059): (137, "LoadHandler2Map"), + ("read_only_space", 0x08081): (137, "LoadHandler3Map"), + ("read_only_space", 0x080a9): (138, "StoreHandler0Map"), + ("read_only_space", 0x080d1): (138, "StoreHandler1Map"), + ("read_only_space", 0x080f9): (138, "StoreHandler2Map"), + ("read_only_space", 0x08121): (138, "StoreHandler3Map"), + ("old_space", 0x043a5): (2116, "ExternalMap"), + ("old_space", 0x043d5): (2120, "JSMessageObjectMap"), } # List of known V8 objects. KNOWN_OBJECTS = { - ("read_only_space", 0x021d9): "EmptyWeakArrayList", - ("read_only_space", 0x021e5): "EmptyDescriptorArray", - ("read_only_space", 0x0221d): "EmptyEnumCache", - ("read_only_space", 0x02251): "EmptyFixedArray", - ("read_only_space", 0x02259): "NullValue", - ("read_only_space", 0x02361): "UninitializedValue", - ("read_only_space", 0x023d9): "UndefinedValue", - ("read_only_space", 0x0241d): "NanValue", - ("read_only_space", 0x02451): "TheHoleValue", - ("read_only_space", 0x0247d): "HoleNanValue", - ("read_only_space", 0x024b1): "TrueValue", - ("read_only_space", 0x024f1): "FalseValue", - ("read_only_space", 0x02521): "empty_string", - ("read_only_space", 0x0275d): "EmptyScopeInfo", - ("read_only_space", 0x02795): "ArgumentsMarker", - ("read_only_space", 0x027f5): "Exception", - ("read_only_space", 0x02851): "TerminationException", - ("read_only_space", 0x028b9): "OptimizedOut", - ("read_only_space", 0x02919): "StaleRegister", - ("read_only_space", 0x034b9): "EmptyPropertyArray", - ("read_only_space", 0x034c1): "EmptyByteArray", - ("read_only_space", 0x034c9): "EmptyObjectBoilerplateDescription", - ("read_only_space", 0x034fd): "EmptyArrayBoilerplateDescription", - ("read_only_space", 0x03509): "EmptyClosureFeedbackCellArray", - ("read_only_space", 0x03511): "EmptySlowElementDictionary", - ("read_only_space", 0x03535): "EmptyOrderedHashMap", - ("read_only_space", 0x03549): "EmptyOrderedHashSet", - ("read_only_space", 0x0355d): "EmptyFeedbackMetadata", - ("read_only_space", 0x03569): "EmptyPropertyDictionary", - ("read_only_space", 0x03591): "EmptyOrderedPropertyDictionary", - ("read_only_space", 0x035a9): "EmptySwissPropertyDictionary", - ("read_only_space", 0x035fd): "NoOpInterceptorInfo", - ("read_only_space", 0x03625): "EmptyArrayList", - ("read_only_space", 0x03631): "EmptyWeakFixedArray", - ("read_only_space", 0x03639): "InfinityValue", - ("read_only_space", 0x03645): "MinusZeroValue", - ("read_only_space", 0x03651): "MinusInfinityValue", - ("read_only_space", 0x0365d): "SingleCharacterStringTable", - ("read_only_space", 0x04a65): "SelfReferenceMarker", - ("read_only_space", 0x04aa5): "BasicBlockCountersMarker", - ("read_only_space", 0x04ae9): "OffHeapTrampolineRelocationInfo", - ("read_only_space", 0x04af5): "GlobalThisBindingScopeInfo", - ("read_only_space", 0x04b25): "EmptyFunctionScopeInfo", - ("read_only_space", 0x04b49): "NativeScopeInfo", - ("read_only_space", 0x04b61): "HashSeed", - ("old_space", 0x04235): "ArgumentsIteratorAccessor", - ("old_space", 0x0424d): "ArrayLengthAccessor", - ("old_space", 0x04265): "BoundFunctionLengthAccessor", - ("old_space", 0x0427d): "BoundFunctionNameAccessor", - ("old_space", 0x04295): "ErrorStackAccessor", - ("old_space", 0x042ad): "FunctionArgumentsAccessor", - ("old_space", 0x042c5): "FunctionCallerAccessor", - ("old_space", 0x042dd): "FunctionNameAccessor", - ("old_space", 0x042f5): "FunctionLengthAccessor", - ("old_space", 0x0430d): "FunctionPrototypeAccessor", - ("old_space", 0x04325): "SharedArrayLengthAccessor", - ("old_space", 0x0433d): "StringLengthAccessor", - ("old_space", 0x04355): "ValueUnavailableAccessor", - ("old_space", 0x0436d): "WrappedFunctionLengthAccessor", - ("old_space", 0x04385): "WrappedFunctionNameAccessor", - ("old_space", 0x0439d): "ExternalMap", - ("old_space", 0x043c5): "InvalidPrototypeValidityCell", - ("old_space", 0x043cd): "JSMessageObjectMap", - ("old_space", 0x043f5): "EmptyScript", - ("old_space", 0x04439): "ManyClosuresCell", - ("old_space", 0x04445): "ArrayConstructorProtector", - ("old_space", 0x04459): "NoElementsProtector", - ("old_space", 0x0446d): "MegaDOMProtector", - ("old_space", 0x04481): "IsConcatSpreadableProtector", - ("old_space", 0x04495): "ArraySpeciesProtector", - ("old_space", 0x044a9): "TypedArraySpeciesProtector", - ("old_space", 0x044bd): "PromiseSpeciesProtector", - ("old_space", 0x044d1): "RegExpSpeciesProtector", - ("old_space", 0x044e5): "StringLengthProtector", - ("old_space", 0x044f9): "ArrayIteratorProtector", - ("old_space", 0x0450d): "ArrayBufferDetachingProtector", - ("old_space", 0x04521): "PromiseHookProtector", - ("old_space", 0x04535): "PromiseResolveProtector", - ("old_space", 0x04549): "MapIteratorProtector", - ("old_space", 0x0455d): "PromiseThenProtector", - ("old_space", 0x04571): "SetIteratorProtector", - ("old_space", 0x04585): "StringIteratorProtector", - ("old_space", 0x04599): "StringSplitCache", - ("old_space", 0x049a1): "RegExpMultipleCache", - ("old_space", 0x04da9): "BuiltinsConstantsTable", - ("old_space", 0x05205): "AsyncFunctionAwaitRejectSharedFun", - ("old_space", 0x05229): "AsyncFunctionAwaitResolveSharedFun", - ("old_space", 0x0524d): "AsyncGeneratorAwaitRejectSharedFun", - ("old_space", 0x05271): "AsyncGeneratorAwaitResolveSharedFun", - ("old_space", 0x05295): "AsyncGeneratorYieldResolveSharedFun", - ("old_space", 0x052b9): "AsyncGeneratorReturnResolveSharedFun", - ("old_space", 0x052dd): "AsyncGeneratorReturnClosedRejectSharedFun", - ("old_space", 0x05301): "AsyncGeneratorReturnClosedResolveSharedFun", - ("old_space", 0x05325): "AsyncIteratorValueUnwrapSharedFun", - ("old_space", 0x05349): "PromiseAllResolveElementSharedFun", - ("old_space", 0x0536d): "PromiseAllSettledResolveElementSharedFun", - ("old_space", 0x05391): "PromiseAllSettledRejectElementSharedFun", - ("old_space", 0x053b5): "PromiseAnyRejectElementSharedFun", - ("old_space", 0x053d9): "PromiseCapabilityDefaultRejectSharedFun", - ("old_space", 0x053fd): "PromiseCapabilityDefaultResolveSharedFun", - ("old_space", 0x05421): "PromiseCatchFinallySharedFun", - ("old_space", 0x05445): "PromiseGetCapabilitiesExecutorSharedFun", - ("old_space", 0x05469): "PromiseThenFinallySharedFun", - ("old_space", 0x0548d): "PromiseThrowerFinallySharedFun", - ("old_space", 0x054b1): "PromiseValueThunkFinallySharedFun", - ("old_space", 0x054d5): "ProxyRevokeSharedFun", - ("old_space", 0x054f9): "ShadowRealmImportValueFulfilledSFI", - ("old_space", 0x0551d): "SourceTextModuleExecuteAsyncModuleFulfilledSFI", - ("old_space", 0x05541): "SourceTextModuleExecuteAsyncModuleRejectedSFI", + ("read_only_space", 0x021e1): "EmptyWeakArrayList", + ("read_only_space", 0x021ed): "EmptyDescriptorArray", + ("read_only_space", 0x02225): "EmptyEnumCache", + ("read_only_space", 0x02259): "EmptyFixedArray", + ("read_only_space", 0x02261): "NullValue", + ("read_only_space", 0x02369): "UninitializedValue", + ("read_only_space", 0x023e1): "UndefinedValue", + ("read_only_space", 0x02425): "NanValue", + ("read_only_space", 0x02459): "TheHoleValue", + ("read_only_space", 0x02485): "HoleNanValue", + ("read_only_space", 0x024b9): "TrueValue", + ("read_only_space", 0x024f9): "FalseValue", + ("read_only_space", 0x02529): "empty_string", + ("read_only_space", 0x02765): "EmptyScopeInfo", + ("read_only_space", 0x0279d): "ArgumentsMarker", + ("read_only_space", 0x027fd): "Exception", + ("read_only_space", 0x02859): "TerminationException", + ("read_only_space", 0x028c1): "OptimizedOut", + ("read_only_space", 0x02921): "StaleRegister", + ("read_only_space", 0x034c1): "EmptyPropertyArray", + ("read_only_space", 0x034c9): "EmptyByteArray", + ("read_only_space", 0x034d1): "EmptyObjectBoilerplateDescription", + ("read_only_space", 0x03505): "EmptyArrayBoilerplateDescription", + ("read_only_space", 0x03511): "EmptyClosureFeedbackCellArray", + ("read_only_space", 0x03519): "EmptySlowElementDictionary", + ("read_only_space", 0x0353d): "EmptyOrderedHashMap", + ("read_only_space", 0x03551): "EmptyOrderedHashSet", + ("read_only_space", 0x03565): "EmptyFeedbackMetadata", + ("read_only_space", 0x03571): "EmptyPropertyDictionary", + ("read_only_space", 0x03599): "EmptyOrderedPropertyDictionary", + ("read_only_space", 0x035b1): "EmptySwissPropertyDictionary", + ("read_only_space", 0x03605): "NoOpInterceptorInfo", + ("read_only_space", 0x0362d): "EmptyArrayList", + ("read_only_space", 0x03639): "EmptyWeakFixedArray", + ("read_only_space", 0x03641): "InfinityValue", + ("read_only_space", 0x0364d): "MinusZeroValue", + ("read_only_space", 0x03659): "MinusInfinityValue", + ("read_only_space", 0x03665): "SingleCharacterStringTable", + ("read_only_space", 0x04a6d): "SelfReferenceMarker", + ("read_only_space", 0x04aad): "BasicBlockCountersMarker", + ("read_only_space", 0x04af1): "OffHeapTrampolineRelocationInfo", + ("read_only_space", 0x04afd): "GlobalThisBindingScopeInfo", + ("read_only_space", 0x04b2d): "EmptyFunctionScopeInfo", + ("read_only_space", 0x04b51): "NativeScopeInfo", + ("read_only_space", 0x04b69): "HashSeed", + ("old_space", 0x0423d): "ArgumentsIteratorAccessor", + ("old_space", 0x04255): "ArrayLengthAccessor", + ("old_space", 0x0426d): "BoundFunctionLengthAccessor", + ("old_space", 0x04285): "BoundFunctionNameAccessor", + ("old_space", 0x0429d): "ErrorStackAccessor", + ("old_space", 0x042b5): "FunctionArgumentsAccessor", + ("old_space", 0x042cd): "FunctionCallerAccessor", + ("old_space", 0x042e5): "FunctionNameAccessor", + ("old_space", 0x042fd): "FunctionLengthAccessor", + ("old_space", 0x04315): "FunctionPrototypeAccessor", + ("old_space", 0x0432d): "SharedArrayLengthAccessor", + ("old_space", 0x04345): "StringLengthAccessor", + ("old_space", 0x0435d): "ValueUnavailableAccessor", + ("old_space", 0x04375): "WrappedFunctionLengthAccessor", + ("old_space", 0x0438d): "WrappedFunctionNameAccessor", + ("old_space", 0x043a5): "ExternalMap", + ("old_space", 0x043cd): "InvalidPrototypeValidityCell", + ("old_space", 0x043d5): "JSMessageObjectMap", + ("old_space", 0x043fd): "EmptyScript", + ("old_space", 0x04441): "ManyClosuresCell", + ("old_space", 0x0444d): "ArrayConstructorProtector", + ("old_space", 0x04461): "NoElementsProtector", + ("old_space", 0x04475): "MegaDOMProtector", + ("old_space", 0x04489): "IsConcatSpreadableProtector", + ("old_space", 0x0449d): "ArraySpeciesProtector", + ("old_space", 0x044b1): "TypedArraySpeciesProtector", + ("old_space", 0x044c5): "PromiseSpeciesProtector", + ("old_space", 0x044d9): "RegExpSpeciesProtector", + ("old_space", 0x044ed): "StringLengthProtector", + ("old_space", 0x04501): "ArrayIteratorProtector", + ("old_space", 0x04515): "ArrayBufferDetachingProtector", + ("old_space", 0x04529): "PromiseHookProtector", + ("old_space", 0x0453d): "PromiseResolveProtector", + ("old_space", 0x04551): "MapIteratorProtector", + ("old_space", 0x04565): "PromiseThenProtector", + ("old_space", 0x04579): "SetIteratorProtector", + ("old_space", 0x0458d): "StringIteratorProtector", + ("old_space", 0x045a1): "StringSplitCache", + ("old_space", 0x049a9): "RegExpMultipleCache", + ("old_space", 0x04db1): "BuiltinsConstantsTable", + ("old_space", 0x0520d): "AsyncFunctionAwaitRejectSharedFun", + ("old_space", 0x05231): "AsyncFunctionAwaitResolveSharedFun", + ("old_space", 0x05255): "AsyncGeneratorAwaitRejectSharedFun", + ("old_space", 0x05279): "AsyncGeneratorAwaitResolveSharedFun", + ("old_space", 0x0529d): "AsyncGeneratorYieldResolveSharedFun", + ("old_space", 0x052c1): "AsyncGeneratorReturnResolveSharedFun", + ("old_space", 0x052e5): "AsyncGeneratorReturnClosedRejectSharedFun", + ("old_space", 0x05309): "AsyncGeneratorReturnClosedResolveSharedFun", + ("old_space", 0x0532d): "AsyncIteratorValueUnwrapSharedFun", + ("old_space", 0x05351): "PromiseAllResolveElementSharedFun", + ("old_space", 0x05375): "PromiseAllSettledResolveElementSharedFun", + ("old_space", 0x05399): "PromiseAllSettledRejectElementSharedFun", + ("old_space", 0x053bd): "PromiseAnyRejectElementSharedFun", + ("old_space", 0x053e1): "PromiseCapabilityDefaultRejectSharedFun", + ("old_space", 0x05405): "PromiseCapabilityDefaultResolveSharedFun", + ("old_space", 0x05429): "PromiseCatchFinallySharedFun", + ("old_space", 0x0544d): "PromiseGetCapabilitiesExecutorSharedFun", + ("old_space", 0x05471): "PromiseThenFinallySharedFun", + ("old_space", 0x05495): "PromiseThrowerFinallySharedFun", + ("old_space", 0x054b9): "PromiseValueThunkFinallySharedFun", + ("old_space", 0x054dd): "ProxyRevokeSharedFun", + ("old_space", 0x05501): "ShadowRealmImportValueFulfilledSFI", + ("old_space", 0x05525): "SourceTextModuleExecuteAsyncModuleFulfilledSFI", + ("old_space", 0x05549): "SourceTextModuleExecuteAsyncModuleRejectedSFI", } # Lower 32 bits of first page addresses for various heap spaces.