[Backport] Security bug 1161759

Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2639959: [heap] Fix alignment of large fixed double array. This ensures that large objects have alignment suitable for a fixed double arrays. Bug: chromium:1161759 Change-Id: I64fe88d641fedbb5e27c2b38c1b9a4e75cab535a Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72251} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Ulan Degenbaev <ulan@chromium.org> 2021-01-21 14:45:51 +0100
committer: Michael Brüning <michael.bruning@qt.io> 2021-04-19 22:46:07 +0000
commit: ea429e40a4112781513b7750fa888f1b4e311ae7 (patch)
tree: abe54bef7d0e091dce408c91ce9af8b26c089186
parent: ecc53407b84a64a6a8039978e5c7dc2831d68755 (diff)
2 files changed, 257 insertions, 257 deletions
diff --git a/chromium/v8/src/heap/memory-chunk-layout.cc b/chromium/v8/src/heap/memory-chunk-layout.cc
index d4e1d1267eb..c4ba3d2f9d5 100644
--- a/chromium/v8/src/heap/memory-chunk-layout.cc
+++ b/chromium/v8/src/heap/memory-chunk-layout.cc
@@ -42,7 +42,7 @@ size_t MemoryChunkLayout::AllocatableMemoryInCodePage() {
 }
 
 intptr_t MemoryChunkLayout::ObjectStartOffsetInDataPage() {
-  return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kTaggedSize);
+  return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kDoubleSize);
 }
 
 size_t MemoryChunkLayout::ObjectStartOffsetInMemoryChunk(
diff --git a/chromium/v8/tools/v8heapconst.py b/chromium/v8/tools/v8heapconst.py
index d8e81c49096..363ea76165a 100644
--- a/chromium/v8/tools/v8heapconst.py
+++ b/chromium/v8/tools/v8heapconst.py
@@ -205,266 +205,266 @@ INSTANCE_TYPES = {
 
 # List of known V8 maps.
 KNOWN_MAPS = {
-  ("read_only_space", 0x02115): (170, "MetaMap"),
-  ("read_only_space", 0x0213d): (67, "NullMap"),
-  ("read_only_space", 0x02165): (162, "DescriptorArrayMap"),
-  ("read_only_space", 0x0218d): (156, "WeakFixedArrayMap"),
-  ("read_only_space", 0x021cd): (96, "EnumCacheMap"),
-  ("read_only_space", 0x02201): (117, "FixedArrayMap"),
-  ("read_only_space", 0x0224d): (8, "OneByteInternalizedStringMap"),
-  ("read_only_space", 0x02299): (167, "FreeSpaceMap"),
-  ("read_only_space", 0x022c1): (166, "OnePointerFillerMap"),
-  ("read_only_space", 0x022e9): (166, "TwoPointerFillerMap"),
-  ("read_only_space", 0x02311): (67, "UninitializedMap"),
-  ("read_only_space", 0x02389): (67, "UndefinedMap"),
-  ("read_only_space", 0x023cd): (66, "HeapNumberMap"),
-  ("read_only_space", 0x02401): (67, "TheHoleMap"),
-  ("read_only_space", 0x02461): (67, "BooleanMap"),
-  ("read_only_space", 0x02505): (131, "ByteArrayMap"),
-  ("read_only_space", 0x0252d): (117, "FixedCOWArrayMap"),
-  ("read_only_space", 0x02555): (118, "HashTableMap"),
-  ("read_only_space", 0x0257d): (64, "SymbolMap"),
-  ("read_only_space", 0x025a5): (40, "OneByteStringMap"),
-  ("read_only_space", 0x025cd): (129, "ScopeInfoMap"),
-  ("read_only_space", 0x025f5): (175, "SharedFunctionInfoMap"),
-  ("read_only_space", 0x0261d): (159, "CodeMap"),
-  ("read_only_space", 0x02645): (158, "CellMap"),
-  ("read_only_space", 0x0266d): (174, "GlobalPropertyCellMap"),
-  ("read_only_space", 0x02695): (70, "ForeignMap"),
-  ("read_only_space", 0x026bd): (157, "TransitionArrayMap"),
-  ("read_only_space", 0x026e5): (45, "ThinOneByteStringMap"),
-  ("read_only_space", 0x0270d): (165, "FeedbackVectorMap"),
-  ("read_only_space", 0x0273d): (67, "ArgumentsMarkerMap"),
-  ("read_only_space", 0x0279d): (67, "ExceptionMap"),
-  ("read_only_space", 0x027f9): (67, "TerminationExceptionMap"),
-  ("read_only_space", 0x02861): (67, "OptimizedOutMap"),
-  ("read_only_space", 0x028c1): (67, "StaleRegisterMap"),
-  ("read_only_space", 0x02921): (130, "ScriptContextTableMap"),
-  ("read_only_space", 0x02949): (127, "ClosureFeedbackCellArrayMap"),
-  ("read_only_space", 0x02971): (164, "FeedbackMetadataArrayMap"),
-  ("read_only_space", 0x02999): (117, "ArrayListMap"),
-  ("read_only_space", 0x029c1): (65, "BigIntMap"),
-  ("read_only_space", 0x029e9): (128, "ObjectBoilerplateDescriptionMap"),
-  ("read_only_space", 0x02a11): (132, "BytecodeArrayMap"),
-  ("read_only_space", 0x02a39): (160, "CodeDataContainerMap"),
-  ("read_only_space", 0x02a61): (161, "CoverageInfoMap"),
-  ("read_only_space", 0x02a89): (133, "FixedDoubleArrayMap"),
-  ("read_only_space", 0x02ab1): (120, "GlobalDictionaryMap"),
-  ("read_only_space", 0x02ad9): (97, "ManyClosuresCellMap"),
-  ("read_only_space", 0x02b01): (117, "ModuleInfoMap"),
-  ("read_only_space", 0x02b29): (121, "NameDictionaryMap"),
-  ("read_only_space", 0x02b51): (97, "NoClosuresCellMap"),
-  ("read_only_space", 0x02b79): (122, "NumberDictionaryMap"),
-  ("read_only_space", 0x02ba1): (97, "OneClosureCellMap"),
-  ("read_only_space", 0x02bc9): (123, "OrderedHashMapMap"),
-  ("read_only_space", 0x02bf1): (124, "OrderedHashSetMap"),
-  ("read_only_space", 0x02c19): (125, "OrderedNameDictionaryMap"),
-  ("read_only_space", 0x02c41): (172, "PreparseDataMap"),
-  ("read_only_space", 0x02c69): (173, "PropertyArrayMap"),
-  ("read_only_space", 0x02c91): (93, "SideEffectCallHandlerInfoMap"),
-  ("read_only_space", 0x02cb9): (93, "SideEffectFreeCallHandlerInfoMap"),
-  ("read_only_space", 0x02ce1): (93, "NextCallSideEffectFreeCallHandlerInfoMap"),
-  ("read_only_space", 0x02d09): (126, "SimpleNumberDictionaryMap"),
-  ("read_only_space", 0x02d31): (149, "SmallOrderedHashMapMap"),
-  ("read_only_space", 0x02d59): (150, "SmallOrderedHashSetMap"),
-  ("read_only_space", 0x02d81): (151, "SmallOrderedNameDictionaryMap"),
-  ("read_only_space", 0x02da9): (152, "SourceTextModuleMap"),
-  ("read_only_space", 0x02dd1): (153, "SyntheticModuleMap"),
-  ("read_only_space", 0x02df9): (155, "UncompiledDataWithoutPreparseDataMap"),
-  ("read_only_space", 0x02e21): (154, "UncompiledDataWithPreparseDataMap"),
-  ("read_only_space", 0x02e49): (71, "WasmTypeInfoMap"),
-  ("read_only_space", 0x02e71): (181, "WeakArrayListMap"),
-  ("read_only_space", 0x02e99): (119, "EphemeronHashTableMap"),
-  ("read_only_space", 0x02ec1): (163, "EmbedderDataArrayMap"),
-  ("read_only_space", 0x02ee9): (182, "WeakCellMap"),
-  ("read_only_space", 0x02f11): (32, "StringMap"),
-  ("read_only_space", 0x02f39): (41, "ConsOneByteStringMap"),
-  ("read_only_space", 0x02f61): (33, "ConsStringMap"),
-  ("read_only_space", 0x02f89): (37, "ThinStringMap"),
-  ("read_only_space", 0x02fb1): (35, "SlicedStringMap"),
-  ("read_only_space", 0x02fd9): (43, "SlicedOneByteStringMap"),
-  ("read_only_space", 0x03001): (34, "ExternalStringMap"),
-  ("read_only_space", 0x03029): (42, "ExternalOneByteStringMap"),
-  ("read_only_space", 0x03051): (50, "UncachedExternalStringMap"),
-  ("read_only_space", 0x03079): (0, "InternalizedStringMap"),
-  ("read_only_space", 0x030a1): (2, "ExternalInternalizedStringMap"),
-  ("read_only_space", 0x030c9): (10, "ExternalOneByteInternalizedStringMap"),
-  ("read_only_space", 0x030f1): (18, "UncachedExternalInternalizedStringMap"),
-  ("read_only_space", 0x03119): (26, "UncachedExternalOneByteInternalizedStringMap"),
-  ("read_only_space", 0x03141): (58, "UncachedExternalOneByteStringMap"),
-  ("read_only_space", 0x03169): (67, "SelfReferenceMarkerMap"),
-  ("read_only_space", 0x03191): (67, "BasicBlockCountersMarkerMap"),
-  ("read_only_space", 0x031d5): (87, "ArrayBoilerplateDescriptionMap"),
-  ("read_only_space", 0x032a5): (99, "InterceptorInfoMap"),
-  ("read_only_space", 0x05399): (72, "PromiseFulfillReactionJobTaskMap"),
-  ("read_only_space", 0x053c1): (73, "PromiseRejectReactionJobTaskMap"),
-  ("read_only_space", 0x053e9): (74, "CallableTaskMap"),
-  ("read_only_space", 0x05411): (75, "CallbackTaskMap"),
-  ("read_only_space", 0x05439): (76, "PromiseResolveThenableJobTaskMap"),
-  ("read_only_space", 0x05461): (79, "FunctionTemplateInfoMap"),
-  ("read_only_space", 0x05489): (80, "ObjectTemplateInfoMap"),
-  ("read_only_space", 0x054b1): (81, "AccessCheckInfoMap"),
-  ("read_only_space", 0x054d9): (82, "AccessorInfoMap"),
-  ("read_only_space", 0x05501): (83, "AccessorPairMap"),
-  ("read_only_space", 0x05529): (84, "AliasedArgumentsEntryMap"),
-  ("read_only_space", 0x05551): (85, "AllocationMementoMap"),
-  ("read_only_space", 0x05579): (88, "AsmWasmDataMap"),
-  ("read_only_space", 0x055a1): (89, "AsyncGeneratorRequestMap"),
-  ("read_only_space", 0x055c9): (90, "BreakPointMap"),
-  ("read_only_space", 0x055f1): (91, "BreakPointInfoMap"),
-  ("read_only_space", 0x05619): (92, "CachedTemplateObjectMap"),
-  ("read_only_space", 0x05641): (94, "ClassPositionsMap"),
-  ("read_only_space", 0x05669): (95, "DebugInfoMap"),
-  ("read_only_space", 0x05691): (98, "FunctionTemplateRareDataMap"),
-  ("read_only_space", 0x056b9): (100, "InterpreterDataMap"),
-  ("read_only_space", 0x056e1): (101, "PromiseCapabilityMap"),
-  ("read_only_space", 0x05709): (102, "PromiseReactionMap"),
-  ("read_only_space", 0x05731): (103, "PropertyDescriptorObjectMap"),
-  ("read_only_space", 0x05759): (104, "PrototypeInfoMap"),
-  ("read_only_space", 0x05781): (105, "ScriptMap"),
-  ("read_only_space", 0x057a9): (106, "SourceTextModuleInfoEntryMap"),
-  ("read_only_space", 0x057d1): (107, "StackFrameInfoMap"),
-  ("read_only_space", 0x057f9): (108, "StackTraceFrameMap"),
-  ("read_only_space", 0x05821): (109, "TemplateObjectDescriptionMap"),
-  ("read_only_space", 0x05849): (110, "Tuple2Map"),
-  ("read_only_space", 0x05871): (111, "WasmCapiFunctionDataMap"),
-  ("read_only_space", 0x05899): (112, "WasmExceptionTagMap"),
-  ("read_only_space", 0x058c1): (113, "WasmExportedFunctionDataMap"),
-  ("read_only_space", 0x058e9): (114, "WasmIndirectFunctionTableMap"),
-  ("read_only_space", 0x05911): (115, "WasmJSFunctionDataMap"),
-  ("read_only_space", 0x05939): (116, "WasmValueMap"),
-  ("read_only_space", 0x05961): (135, "SloppyArgumentsElementsMap"),
-  ("read_only_space", 0x05989): (171, "OnHeapBasicBlockProfilerDataMap"),
-  ("read_only_space", 0x059b1): (168, "InternalClassMap"),
-  ("read_only_space", 0x059d9): (177, "SmiPairMap"),
-  ("read_only_space", 0x05a01): (176, "SmiBoxMap"),
-  ("read_only_space", 0x05a29): (146, "ExportedSubClassBaseMap"),
-  ("read_only_space", 0x05a51): (147, "ExportedSubClassMap"),
-  ("read_only_space", 0x05a79): (68, "AbstractInternalClassSubclass1Map"),
-  ("read_only_space", 0x05aa1): (69, "AbstractInternalClassSubclass2Map"),
-  ("read_only_space", 0x05ac9): (134, "InternalClassWithSmiElementsMap"),
-  ("read_only_space", 0x05af1): (169, "InternalClassWithStructElementsMap"),
-  ("read_only_space", 0x05b19): (148, "ExportedSubClass2Map"),
-  ("read_only_space", 0x05b41): (178, "SortStateMap"),
-  ("read_only_space", 0x05b69): (86, "AllocationSiteWithWeakNextMap"),
-  ("read_only_space", 0x05b91): (86, "AllocationSiteWithoutWeakNextMap"),
-  ("read_only_space", 0x05bb9): (77, "LoadHandler1Map"),
-  ("read_only_space", 0x05be1): (77, "LoadHandler2Map"),
-  ("read_only_space", 0x05c09): (77, "LoadHandler3Map"),
-  ("read_only_space", 0x05c31): (78, "StoreHandler0Map"),
-  ("read_only_space", 0x05c59): (78, "StoreHandler1Map"),
-  ("read_only_space", 0x05c81): (78, "StoreHandler2Map"),
-  ("read_only_space", 0x05ca9): (78, "StoreHandler3Map"),
-  ("map_space", 0x02115): (1057, "ExternalMap"),
-  ("map_space", 0x0213d): (1072, "JSMessageObjectMap"),
-  ("map_space", 0x02165): (180, "WasmRttEqrefMap"),
-  ("map_space", 0x0218d): (180, "WasmRttExternrefMap"),
-  ("map_space", 0x021b5): (180, "WasmRttFuncrefMap"),
-  ("map_space", 0x021dd): (180, "WasmRttI31refMap"),
+  ("read_only_space", 0x02119): (170, "MetaMap"),
+  ("read_only_space", 0x02141): (67, "NullMap"),
+  ("read_only_space", 0x02169): (162, "DescriptorArrayMap"),
+  ("read_only_space", 0x02191): (156, "WeakFixedArrayMap"),
+  ("read_only_space", 0x021d1): (96, "EnumCacheMap"),
+  ("read_only_space", 0x02205): (117, "FixedArrayMap"),
+  ("read_only_space", 0x02251): (8, "OneByteInternalizedStringMap"),
+  ("read_only_space", 0x0229d): (167, "FreeSpaceMap"),
+  ("read_only_space", 0x022c5): (166, "OnePointerFillerMap"),
+  ("read_only_space", 0x022ed): (166, "TwoPointerFillerMap"),
+  ("read_only_space", 0x02315): (67, "UninitializedMap"),
+  ("read_only_space", 0x0238d): (67, "UndefinedMap"),
+  ("read_only_space", 0x023d1): (66, "HeapNumberMap"),
+  ("read_only_space", 0x02405): (67, "TheHoleMap"),
+  ("read_only_space", 0x02465): (67, "BooleanMap"),
+  ("read_only_space", 0x02509): (131, "ByteArrayMap"),
+  ("read_only_space", 0x02531): (117, "FixedCOWArrayMap"),
+  ("read_only_space", 0x02559): (118, "HashTableMap"),
+  ("read_only_space", 0x02581): (64, "SymbolMap"),
+  ("read_only_space", 0x025a9): (40, "OneByteStringMap"),
+  ("read_only_space", 0x025d1): (129, "ScopeInfoMap"),
+  ("read_only_space", 0x025f9): (175, "SharedFunctionInfoMap"),
+  ("read_only_space", 0x02621): (159, "CodeMap"),
+  ("read_only_space", 0x02649): (158, "CellMap"),
+  ("read_only_space", 0x02671): (174, "GlobalPropertyCellMap"),
+  ("read_only_space", 0x02699): (70, "ForeignMap"),
+  ("read_only_space", 0x026c1): (157, "TransitionArrayMap"),
+  ("read_only_space", 0x026e9): (45, "ThinOneByteStringMap"),
+  ("read_only_space", 0x02711): (165, "FeedbackVectorMap"),
+  ("read_only_space", 0x02741): (67, "ArgumentsMarkerMap"),
+  ("read_only_space", 0x027a1): (67, "ExceptionMap"),
+  ("read_only_space", 0x027fd): (67, "TerminationExceptionMap"),
+  ("read_only_space", 0x02865): (67, "OptimizedOutMap"),
+  ("read_only_space", 0x028c5): (67, "StaleRegisterMap"),
+  ("read_only_space", 0x02925): (130, "ScriptContextTableMap"),
+  ("read_only_space", 0x0294d): (127, "ClosureFeedbackCellArrayMap"),
+  ("read_only_space", 0x02975): (164, "FeedbackMetadataArrayMap"),
+  ("read_only_space", 0x0299d): (117, "ArrayListMap"),
+  ("read_only_space", 0x029c5): (65, "BigIntMap"),
+  ("read_only_space", 0x029ed): (128, "ObjectBoilerplateDescriptionMap"),
+  ("read_only_space", 0x02a15): (132, "BytecodeArrayMap"),
+  ("read_only_space", 0x02a3d): (160, "CodeDataContainerMap"),
+  ("read_only_space", 0x02a65): (161, "CoverageInfoMap"),
+  ("read_only_space", 0x02a8d): (133, "FixedDoubleArrayMap"),
+  ("read_only_space", 0x02ab5): (120, "GlobalDictionaryMap"),
+  ("read_only_space", 0x02add): (97, "ManyClosuresCellMap"),
+  ("read_only_space", 0x02b05): (117, "ModuleInfoMap"),
+  ("read_only_space", 0x02b2d): (121, "NameDictionaryMap"),
+  ("read_only_space", 0x02b55): (97, "NoClosuresCellMap"),
+  ("read_only_space", 0x02b7d): (122, "NumberDictionaryMap"),
+  ("read_only_space", 0x02ba5): (97, "OneClosureCellMap"),
+  ("read_only_space", 0x02bcd): (123, "OrderedHashMapMap"),
+  ("read_only_space", 0x02bf5): (124, "OrderedHashSetMap"),
+  ("read_only_space", 0x02c1d): (125, "OrderedNameDictionaryMap"),
+  ("read_only_space", 0x02c45): (172, "PreparseDataMap"),
+  ("read_only_space", 0x02c6d): (173, "PropertyArrayMap"),
+  ("read_only_space", 0x02c95): (93, "SideEffectCallHandlerInfoMap"),
+  ("read_only_space", 0x02cbd): (93, "SideEffectFreeCallHandlerInfoMap"),
+  ("read_only_space", 0x02ce5): (93, "NextCallSideEffectFreeCallHandlerInfoMap"),
+  ("read_only_space", 0x02d0d): (126, "SimpleNumberDictionaryMap"),
+  ("read_only_space", 0x02d35): (149, "SmallOrderedHashMapMap"),
+  ("read_only_space", 0x02d5d): (150, "SmallOrderedHashSetMap"),
+  ("read_only_space", 0x02d85): (151, "SmallOrderedNameDictionaryMap"),
+  ("read_only_space", 0x02dad): (152, "SourceTextModuleMap"),
+  ("read_only_space", 0x02dd5): (153, "SyntheticModuleMap"),
+  ("read_only_space", 0x02dfd): (155, "UncompiledDataWithoutPreparseDataMap"),
+  ("read_only_space", 0x02e25): (154, "UncompiledDataWithPreparseDataMap"),
+  ("read_only_space", 0x02e4d): (71, "WasmTypeInfoMap"),
+  ("read_only_space", 0x02e75): (181, "WeakArrayListMap"),
+  ("read_only_space", 0x02e9d): (119, "EphemeronHashTableMap"),
+  ("read_only_space", 0x02ec5): (163, "EmbedderDataArrayMap"),
+  ("read_only_space", 0x02eed): (182, "WeakCellMap"),
+  ("read_only_space", 0x02f15): (32, "StringMap"),
+  ("read_only_space", 0x02f3d): (41, "ConsOneByteStringMap"),
+  ("read_only_space", 0x02f65): (33, "ConsStringMap"),
+  ("read_only_space", 0x02f8d): (37, "ThinStringMap"),
+  ("read_only_space", 0x02fb5): (35, "SlicedStringMap"),
+  ("read_only_space", 0x02fdd): (43, "SlicedOneByteStringMap"),
+  ("read_only_space", 0x03005): (34, "ExternalStringMap"),
+  ("read_only_space", 0x0302d): (42, "ExternalOneByteStringMap"),
+  ("read_only_space", 0x03055): (50, "UncachedExternalStringMap"),
+  ("read_only_space", 0x0307d): (0, "InternalizedStringMap"),
+  ("read_only_space", 0x030a5): (2, "ExternalInternalizedStringMap"),
+  ("read_only_space", 0x030cd): (10, "ExternalOneByteInternalizedStringMap"),
+  ("read_only_space", 0x030f5): (18, "UncachedExternalInternalizedStringMap"),
+  ("read_only_space", 0x0311d): (26, "UncachedExternalOneByteInternalizedStringMap"),
+  ("read_only_space", 0x03145): (58, "UncachedExternalOneByteStringMap"),
+  ("read_only_space", 0x0316d): (67, "SelfReferenceMarkerMap"),
+  ("read_only_space", 0x03195): (67, "BasicBlockCountersMarkerMap"),
+  ("read_only_space", 0x031d9): (87, "ArrayBoilerplateDescriptionMap"),
+  ("read_only_space", 0x032a9): (99, "InterceptorInfoMap"),
+  ("read_only_space", 0x0539d): (72, "PromiseFulfillReactionJobTaskMap"),
+  ("read_only_space", 0x053c5): (73, "PromiseRejectReactionJobTaskMap"),
+  ("read_only_space", 0x053ed): (74, "CallableTaskMap"),
+  ("read_only_space", 0x05415): (75, "CallbackTaskMap"),
+  ("read_only_space", 0x0543d): (76, "PromiseResolveThenableJobTaskMap"),
+  ("read_only_space", 0x05465): (79, "FunctionTemplateInfoMap"),
+  ("read_only_space", 0x0548d): (80, "ObjectTemplateInfoMap"),
+  ("read_only_space", 0x054b5): (81, "AccessCheckInfoMap"),
+  ("read_only_space", 0x054dd): (82, "AccessorInfoMap"),
+  ("read_only_space", 0x05505): (83, "AccessorPairMap"),
+  ("read_only_space", 0x0552d): (84, "AliasedArgumentsEntryMap"),
+  ("read_only_space", 0x05555): (85, "AllocationMementoMap"),
+  ("read_only_space", 0x0557d): (88, "AsmWasmDataMap"),
+  ("read_only_space", 0x055a5): (89, "AsyncGeneratorRequestMap"),
+  ("read_only_space", 0x055cd): (90, "BreakPointMap"),
+  ("read_only_space", 0x055f5): (91, "BreakPointInfoMap"),
+  ("read_only_space", 0x0561d): (92, "CachedTemplateObjectMap"),
+  ("read_only_space", 0x05645): (94, "ClassPositionsMap"),
+  ("read_only_space", 0x0566d): (95, "DebugInfoMap"),
+  ("read_only_space", 0x05695): (98, "FunctionTemplateRareDataMap"),
+  ("read_only_space", 0x056bd): (100, "InterpreterDataMap"),
+  ("read_only_space", 0x056e5): (101, "PromiseCapabilityMap"),
+  ("read_only_space", 0x0570d): (102, "PromiseReactionMap"),
+  ("read_only_space", 0x05735): (103, "PropertyDescriptorObjectMap"),
+  ("read_only_space", 0x0575d): (104, "PrototypeInfoMap"),
+  ("read_only_space", 0x05785): (105, "ScriptMap"),
+  ("read_only_space", 0x057ad): (106, "SourceTextModuleInfoEntryMap"),
+  ("read_only_space", 0x057d5): (107, "StackFrameInfoMap"),
+  ("read_only_space", 0x057fd): (108, "StackTraceFrameMap"),
+  ("read_only_space", 0x05825): (109, "TemplateObjectDescriptionMap"),
+  ("read_only_space", 0x0584d): (110, "Tuple2Map"),
+  ("read_only_space", 0x05875): (111, "WasmCapiFunctionDataMap"),
+  ("read_only_space", 0x0589d): (112, "WasmExceptionTagMap"),
+  ("read_only_space", 0x058c5): (113, "WasmExportedFunctionDataMap"),
+  ("read_only_space", 0x058ed): (114, "WasmIndirectFunctionTableMap"),
+  ("read_only_space", 0x05915): (115, "WasmJSFunctionDataMap"),
+  ("read_only_space", 0x0593d): (116, "WasmValueMap"),
+  ("read_only_space", 0x05965): (135, "SloppyArgumentsElementsMap"),
+  ("read_only_space", 0x0598d): (171, "OnHeapBasicBlockProfilerDataMap"),
+  ("read_only_space", 0x059b5): (168, "InternalClassMap"),
+  ("read_only_space", 0x059dd): (177, "SmiPairMap"),
+  ("read_only_space", 0x05a05): (176, "SmiBoxMap"),
+  ("read_only_space", 0x05a2d): (146, "ExportedSubClassBaseMap"),
+  ("read_only_space", 0x05a54): (147, "ExportedSubClassMap"),
+  ("read_only_space", 0x05a7d): (68, "AbstractInternalClassSubclass1Map"),
+  ("read_only_space", 0x05aa5): (69, "AbstractInternalClassSubclass2Map"),
+  ("read_only_space", 0x05acd): (134, "InternalClassWithSmiElementsMap"),
+  ("read_only_space", 0x05af5): (169, "InternalClassWithStructElementsMap"),
+  ("read_only_space", 0x05b1d): (148, "ExportedSubClass2Map"),
+  ("read_only_space", 0x05b45): (178, "SortStateMap"),
+  ("read_only_space", 0x05b6d): (86, "AllocationSiteWithWeakNextMap"),
+  ("read_only_space", 0x05b95): (86, "AllocationSiteWithoutWeakNextMap"),
+  ("read_only_space", 0x05bbd): (77, "LoadHandler1Map"),
+  ("read_only_space", 0x05be5): (77, "LoadHandler2Map"),
+  ("read_only_space", 0x05c0d): (77, "LoadHandler3Map"),
+  ("read_only_space", 0x05c35): (78, "StoreHandler0Map"),
+  ("read_only_space", 0x05c5d): (78, "StoreHandler1Map"),
+  ("read_only_space", 0x05c85): (78, "StoreHandler2Map"),
+  ("read_only_space", 0x05cad): (78, "StoreHandler3Map"),
+  ("map_space", 0x02119): (1057, "ExternalMap"),
+  ("map_space", 0x02141): (1072, "JSMessageObjectMap"),
+  ("map_space", 0x02169): (180, "WasmRttEqrefMap"),
+  ("map_space", 0x02191): (180, "WasmRttExternrefMap"),
+  ("map_space", 0x021b9): (180, "WasmRttFuncrefMap"),
+  ("map_space", 0x021e1): (180, "WasmRttI31refMap"),
 }
 
 # List of known V8 objects.
 KNOWN_OBJECTS = {
-  ("read_only_space", 0x021b5): "EmptyWeakFixedArray",
-  ("read_only_space", 0x021bd): "EmptyDescriptorArray",
-  ("read_only_space", 0x021f5): "EmptyEnumCache",
-  ("read_only_space", 0x02229): "EmptyFixedArray",
-  ("read_only_space", 0x02231): "NullValue",
-  ("read_only_space", 0x02339): "UninitializedValue",
-  ("read_only_space", 0x023b1): "UndefinedValue",
-  ("read_only_space", 0x023f5): "NanValue",
-  ("read_only_space", 0x02429): "TheHoleValue",
-  ("read_only_space", 0x02455): "HoleNanValue",
-  ("read_only_space", 0x02489): "TrueValue",
-  ("read_only_space", 0x024c9): "FalseValue",
-  ("read_only_space", 0x024f9): "empty_string",
-  ("read_only_space", 0x02735): "EmptyScopeInfo",
-  ("read_only_space", 0x02765): "ArgumentsMarker",
-  ("read_only_space", 0x027c5): "Exception",
-  ("read_only_space", 0x02821): "TerminationException",
-  ("read_only_space", 0x02889): "OptimizedOut",
-  ("read_only_space", 0x028e9): "StaleRegister",
-  ("read_only_space", 0x031b9): "EmptyPropertyArray",
-  ("read_only_space", 0x031c1): "EmptyByteArray",
-  ("read_only_space", 0x031c9): "EmptyObjectBoilerplateDescription",
-  ("read_only_space", 0x031fd): "EmptyArrayBoilerplateDescription",
-  ("read_only_space", 0x03209): "EmptyClosureFeedbackCellArray",
-  ("read_only_space", 0x03211): "EmptySlowElementDictionary",
-  ("read_only_space", 0x03235): "EmptyOrderedHashMap",
-  ("read_only_space", 0x03249): "EmptyOrderedHashSet",
-  ("read_only_space", 0x0325d): "EmptyFeedbackMetadata",
-  ("read_only_space", 0x03269): "EmptyPropertyCell",
-  ("read_only_space", 0x0327d): "EmptyPropertyDictionary",
-  ("read_only_space", 0x032cd): "NoOpInterceptorInfo",
-  ("read_only_space", 0x032f5): "EmptyWeakArrayList",
-  ("read_only_space", 0x03301): "InfinityValue",
-  ("read_only_space", 0x0330d): "MinusZeroValue",
-  ("read_only_space", 0x03319): "MinusInfinityValue",
-  ("read_only_space", 0x03325): "SelfReferenceMarker",
-  ("read_only_space", 0x03365): "BasicBlockCountersMarker",
-  ("read_only_space", 0x033a9): "OffHeapTrampolineRelocationInfo",
-  ("read_only_space", 0x033b5): "TrampolineTrivialCodeDataContainer",
-  ("read_only_space", 0x033c1): "TrampolinePromiseRejectionCodeDataContainer",
-  ("read_only_space", 0x033cd): "GlobalThisBindingScopeInfo",
-  ("read_only_space", 0x03405): "EmptyFunctionScopeInfo",
-  ("read_only_space", 0x0342d): "NativeScopeInfo",
-  ("read_only_space", 0x03449): "HashSeed",
-  ("old_space", 0x02115): "ArgumentsIteratorAccessor",
-  ("old_space", 0x02159): "ArrayLengthAccessor",
-  ("old_space", 0x0219d): "BoundFunctionLengthAccessor",
-  ("old_space", 0x021e1): "BoundFunctionNameAccessor",
-  ("old_space", 0x02225): "ErrorStackAccessor",
-  ("old_space", 0x02269): "FunctionArgumentsAccessor",
-  ("old_space", 0x022ad): "FunctionCallerAccessor",
-  ("old_space", 0x022f1): "FunctionNameAccessor",
-  ("old_space", 0x02335): "FunctionLengthAccessor",
-  ("old_space", 0x02379): "FunctionPrototypeAccessor",
-  ("old_space", 0x023bd): "RegExpResultIndicesAccessor",
-  ("old_space", 0x02401): "StringLengthAccessor",
-  ("old_space", 0x02445): "InvalidPrototypeValidityCell",
-  ("old_space", 0x024cd): "EmptyScript",
-  ("old_space", 0x0250d): "ManyClosuresCell",
-  ("old_space", 0x02519): "ArrayConstructorProtector",
-  ("old_space", 0x0252d): "NoElementsProtector",
-  ("old_space", 0x02541): "IsConcatSpreadableProtector",
-  ("old_space", 0x02555): "ArraySpeciesProtector",
-  ("old_space", 0x02569): "TypedArraySpeciesProtector",
-  ("old_space", 0x0257d): "PromiseSpeciesProtector",
-  ("old_space", 0x02591): "RegExpSpeciesProtector",
-  ("old_space", 0x025a5): "StringLengthProtector",
-  ("old_space", 0x025b9): "ArrayIteratorProtector",
-  ("old_space", 0x025cd): "ArrayBufferDetachingProtector",
-  ("old_space", 0x025e1): "PromiseHookProtector",
-  ("old_space", 0x025f5): "PromiseResolveProtector",
-  ("old_space", 0x02609): "MapIteratorProtector",
-  ("old_space", 0x0261d): "PromiseThenProtector",
-  ("old_space", 0x02631): "SetIteratorProtector",
-  ("old_space", 0x02645): "StringIteratorProtector",
-  ("old_space", 0x02659): "SingleCharacterStringCache",
-  ("old_space", 0x02a61): "StringSplitCache",
-  ("old_space", 0x02e69): "RegExpMultipleCache",
-  ("old_space", 0x03271): "BuiltinsConstantsTable",
-  ("old_space", 0x0364d): "AsyncFunctionAwaitRejectSharedFun",
-  ("old_space", 0x03675): "AsyncFunctionAwaitResolveSharedFun",
-  ("old_space", 0x0369d): "AsyncGeneratorAwaitRejectSharedFun",
-  ("old_space", 0x036c5): "AsyncGeneratorAwaitResolveSharedFun",
-  ("old_space", 0x036ed): "AsyncGeneratorYieldResolveSharedFun",
-  ("old_space", 0x03715): "AsyncGeneratorReturnResolveSharedFun",
-  ("old_space", 0x0373d): "AsyncGeneratorReturnClosedRejectSharedFun",
-  ("old_space", 0x03765): "AsyncGeneratorReturnClosedResolveSharedFun",
-  ("old_space", 0x0378d): "AsyncIteratorValueUnwrapSharedFun",
-  ("old_space", 0x037b5): "PromiseAllResolveElementSharedFun",
-  ("old_space", 0x037dd): "PromiseAllSettledResolveElementSharedFun",
-  ("old_space", 0x03805): "PromiseAllSettledRejectElementSharedFun",
-  ("old_space", 0x0382d): "PromiseAnyRejectElementSharedFun",
-  ("old_space", 0x03855): "PromiseCapabilityDefaultRejectSharedFun",
-  ("old_space", 0x0387d): "PromiseCapabilityDefaultResolveSharedFun",
-  ("old_space", 0x038a5): "PromiseCatchFinallySharedFun",
-  ("old_space", 0x038cd): "PromiseGetCapabilitiesExecutorSharedFun",
-  ("old_space", 0x038f5): "PromiseThenFinallySharedFun",
-  ("old_space", 0x0391d): "PromiseThrowerFinallySharedFun",
-  ("old_space", 0x03945): "PromiseValueThunkFinallySharedFun",
-  ("old_space", 0x0396d): "ProxyRevokeSharedFun",
+  ("read_only_space", 0x021b9): "EmptyWeakFixedArray",
+  ("read_only_space", 0x021c1): "EmptyDescriptorArray",
+  ("read_only_space", 0x021f9): "EmptyEnumCache",
+  ("read_only_space", 0x0222d): "EmptyFixedArray",
+  ("read_only_space", 0x02235): "NullValue",
+  ("read_only_space", 0x0233d): "UninitializedValue",
+  ("read_only_space", 0x023b5): "UndefinedValue",
+  ("read_only_space", 0x023f9): "NanValue",
+  ("read_only_space", 0x0242d): "TheHoleValue",
+  ("read_only_space", 0x02459): "HoleNanValue",
+  ("read_only_space", 0x0248d): "TrueValue",
+  ("read_only_space", 0x024cd): "FalseValue",
+  ("read_only_space", 0x024fd): "empty_string",
+  ("read_only_space", 0x02739): "EmptyScopeInfo",
+  ("read_only_space", 0x02769): "ArgumentsMarker",
+  ("read_only_space", 0x027c9): "Exception",
+  ("read_only_space", 0x02825): "TerminationException",
+  ("read_only_space", 0x0288d): "OptimizedOut",
+  ("read_only_space", 0x028ed): "StaleRegister",
+  ("read_only_space", 0x031bd): "EmptyPropertyArray",
+  ("read_only_space", 0x031c5): "EmptyByteArray",
+  ("read_only_space", 0x031cd): "EmptyObjectBoilerplateDescription",
+  ("read_only_space", 0x03201): "EmptyArrayBoilerplateDescription",
+  ("read_only_space", 0x0320d): "EmptyClosureFeedbackCellArray",
+  ("read_only_space", 0x03215): "EmptySlowElementDictionary",
+  ("read_only_space", 0x03239): "EmptyOrderedHashMap",
+  ("read_only_space", 0x0324d): "EmptyOrderedHashSet",
+  ("read_only_space", 0x03261): "EmptyFeedbackMetadata",
+  ("read_only_space", 0x0326d): "EmptyPropertyCell",
+  ("read_only_space", 0x03281): "EmptyPropertyDictionary",
+  ("read_only_space", 0x032d1): "NoOpInterceptorInfo",
+  ("read_only_space", 0x032f9): "EmptyWeakArrayList",
+  ("read_only_space", 0x03305): "InfinityValue",
+  ("read_only_space", 0x03311): "MinusZeroValue",
+  ("read_only_space", 0x0331d): "MinusInfinityValue",
+  ("read_only_space", 0x03329): "SelfReferenceMarker",
+  ("read_only_space", 0x03369): "BasicBlockCountersMarker",
+  ("read_only_space", 0x033ad): "OffHeapTrampolineRelocationInfo",
+  ("read_only_space", 0x033b9): "TrampolineTrivialCodeDataContainer",
+  ("read_only_space", 0x033c5): "TrampolinePromiseRejectionCodeDataContainer",
+  ("read_only_space", 0x033d1): "GlobalThisBindingScopeInfo",
+  ("read_only_space", 0x03409): "EmptyFunctionScopeInfo",
+  ("read_only_space", 0x03432): "NativeScopeInfo",
+  ("read_only_space", 0x0344d): "HashSeed",
+  ("old_space", 0x02119): "ArgumentsIteratorAccessor",
+  ("old_space", 0x0215d): "ArrayLengthAccessor",
+  ("old_space", 0x021a1): "BoundFunctionLengthAccessor",
+  ("old_space", 0x021e5): "BoundFunctionNameAccessor",
+  ("old_space", 0x02229): "ErrorStackAccessor",
+  ("old_space", 0x0226d): "FunctionArgumentsAccessor",
+  ("old_space", 0x022b1): "FunctionCallerAccessor",
+  ("old_space", 0x022f5): "FunctionNameAccessor",
+  ("old_space", 0x02339): "FunctionLengthAccessor",
+  ("old_space", 0x0237d): "FunctionPrototypeAccessor",
+  ("old_space", 0x023c1): "RegExpResultIndicesAccessor",
+  ("old_space", 0x02405): "StringLengthAccessor",
+  ("old_space", 0x02449): "InvalidPrototypeValidityCell",
+  ("old_space", 0x024d1): "EmptyScript",
+  ("old_space", 0x02511): "ManyClosuresCell",
+  ("old_space", 0x0251d): "ArrayConstructorProtector",
+  ("old_space", 0x02531): "NoElementsProtector",
+  ("old_space", 0x02545): "IsConcatSpreadableProtector",
+  ("old_space", 0x02559): "ArraySpeciesProtector",
+  ("old_space", 0x0256d): "TypedArraySpeciesProtector",
+  ("old_space", 0x02581): "PromiseSpeciesProtector",
+  ("old_space", 0x02595): "RegExpSpeciesProtector",
+  ("old_space", 0x025a9): "StringLengthProtector",
+  ("old_space", 0x025bd): "ArrayIteratorProtector",
+  ("old_space", 0x025d1): "ArrayBufferDetachingProtector",
+  ("old_space", 0x025e5): "PromiseHookProtector",
+  ("old_space", 0x025f9): "PromiseResolveProtector",
+  ("old_space", 0x0260d): "MapIteratorProtector",
+  ("old_space", 0x02621): "PromiseThenProtector",
+  ("old_space", 0x02635): "SetIteratorProtector",
+  ("old_space", 0x02649): "StringIteratorProtector",
+  ("old_space", 0x0265d): "SingleCharacterStringCache",
+  ("old_space", 0x02a65): "StringSplitCache",
+  ("old_space", 0x02e6d): "RegExpMultipleCache",
+  ("old_space", 0x03275): "BuiltinsConstantsTable",
+  ("old_space", 0x03651): "AsyncFunctionAwaitRejectSharedFun",
+  ("old_space", 0x03679): "AsyncFunctionAwaitResolveSharedFun",
+  ("old_space", 0x036a1): "AsyncGeneratorAwaitRejectSharedFun",
+  ("old_space", 0x036c9): "AsyncGeneratorAwaitResolveSharedFun",
+  ("old_space", 0x036f1): "AsyncGeneratorYieldResolveSharedFun",
+  ("old_space", 0x03719): "AsyncGeneratorReturnResolveSharedFun",
+  ("old_space", 0x03741): "AsyncGeneratorReturnClosedRejectSharedFun",
+  ("old_space", 0x03769): "AsyncGeneratorReturnClosedResolveSharedFun",
+  ("old_space", 0x03791): "AsyncIteratorValueUnwrapSharedFun",
+  ("old_space", 0x037b9): "PromiseAllResolveElementSharedFun",
+  ("old_space", 0x037e1): "PromiseAllSettledResolveElementSharedFun",
+  ("old_space", 0x03809): "PromiseAllSettledRejectElementSharedFun",
+  ("old_space", 0x03831): "PromiseAnyRejectElementSharedFun",
+  ("old_space", 0x03859): "PromiseCapabilityDefaultRejectSharedFun",
+  ("old_space", 0x03881): "PromiseCapabilityDefaultResolveSharedFun",
+  ("old_space", 0x038a9): "PromiseCatchFinallySharedFun",
+  ("old_space", 0x038d1): "PromiseGetCapabilitiesExecutorSharedFun",
+  ("old_space", 0x038f9): "PromiseThenFinallySharedFun",
+  ("old_space", 0x03921): "PromiseThrowerFinallySharedFun",
+  ("old_space", 0x03949): "PromiseValueThunkFinallySharedFun",
+  ("old_space", 0x03971): "ProxyRevokeSharedFun",
 }
 
 # Lower 32 bits of first page addresses for various heap spaces.
author	Ulan Degenbaev <ulan@chromium.org>	2021-01-21 14:45:51 +0100
committer	Michael Brüning <michael.bruning@qt.io>	2021-04-19 22:46:07 +0000
commit	ea429e40a4112781513b7750fa888f1b4e311ae7 (patch)
tree	abe54bef7d0e091dce408c91ce9af8b26c089186
parent	ecc53407b84a64a6a8039978e5c7dc2831d68755 (diff)