From ea429e40a4112781513b7750fa888f1b4e311ae7 Mon Sep 17 00:00:00 2001 From: Ulan Degenbaev Date: Thu, 21 Jan 2021 14:45:51 +0100 Subject: [Backport] Security bug 1161759 Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2639959: [heap] Fix alignment of large fixed double array. This ensures that large objects have alignment suitable for a fixed double arrays. Bug: chromium:1161759 Change-Id: I64fe88d641fedbb5e27c2b38c1b9a4e75cab535a Reviewed-by: Igor Sheludko Commit-Queue: Ulan Degenbaev Cr-Commit-Position: refs/heads/master@{#72251} Reviewed-by: Allan Sandfeld Jensen --- chromium/v8/src/heap/memory-chunk-layout.cc | 2 +- chromium/v8/tools/v8heapconst.py | 512 ++++++++++++++-------------- 2 files changed, 257 insertions(+), 257 deletions(-) diff --git a/chromium/v8/src/heap/memory-chunk-layout.cc b/chromium/v8/src/heap/memory-chunk-layout.cc index d4e1d1267eb..c4ba3d2f9d5 100644 --- a/chromium/v8/src/heap/memory-chunk-layout.cc +++ b/chromium/v8/src/heap/memory-chunk-layout.cc @@ -42,7 +42,7 @@ size_t MemoryChunkLayout::AllocatableMemoryInCodePage() { } intptr_t MemoryChunkLayout::ObjectStartOffsetInDataPage() { - return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kTaggedSize); + return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kDoubleSize); } size_t MemoryChunkLayout::ObjectStartOffsetInMemoryChunk( diff --git a/chromium/v8/tools/v8heapconst.py b/chromium/v8/tools/v8heapconst.py index d8e81c49096..363ea76165a 100644 --- a/chromium/v8/tools/v8heapconst.py +++ b/chromium/v8/tools/v8heapconst.py @@ -205,266 +205,266 @@ INSTANCE_TYPES = { # List of known V8 maps. KNOWN_MAPS = { - ("read_only_space", 0x02115): (170, "MetaMap"), - ("read_only_space", 0x0213d): (67, "NullMap"), - ("read_only_space", 0x02165): (162, "DescriptorArrayMap"), - ("read_only_space", 0x0218d): (156, "WeakFixedArrayMap"), - ("read_only_space", 0x021cd): (96, "EnumCacheMap"), - ("read_only_space", 0x02201): (117, "FixedArrayMap"), - ("read_only_space", 0x0224d): (8, "OneByteInternalizedStringMap"), - ("read_only_space", 0x02299): (167, "FreeSpaceMap"), - ("read_only_space", 0x022c1): (166, "OnePointerFillerMap"), - ("read_only_space", 0x022e9): (166, "TwoPointerFillerMap"), - ("read_only_space", 0x02311): (67, "UninitializedMap"), - ("read_only_space", 0x02389): (67, "UndefinedMap"), - ("read_only_space", 0x023cd): (66, "HeapNumberMap"), - ("read_only_space", 0x02401): (67, "TheHoleMap"), - ("read_only_space", 0x02461): (67, "BooleanMap"), - ("read_only_space", 0x02505): (131, "ByteArrayMap"), - ("read_only_space", 0x0252d): (117, "FixedCOWArrayMap"), - ("read_only_space", 0x02555): (118, "HashTableMap"), - ("read_only_space", 0x0257d): (64, "SymbolMap"), - ("read_only_space", 0x025a5): (40, "OneByteStringMap"), - ("read_only_space", 0x025cd): (129, "ScopeInfoMap"), - ("read_only_space", 0x025f5): (175, "SharedFunctionInfoMap"), - ("read_only_space", 0x0261d): (159, "CodeMap"), - ("read_only_space", 0x02645): (158, "CellMap"), - ("read_only_space", 0x0266d): (174, "GlobalPropertyCellMap"), - ("read_only_space", 0x02695): (70, "ForeignMap"), - ("read_only_space", 0x026bd): (157, "TransitionArrayMap"), - ("read_only_space", 0x026e5): (45, "ThinOneByteStringMap"), - ("read_only_space", 0x0270d): (165, "FeedbackVectorMap"), - ("read_only_space", 0x0273d): (67, "ArgumentsMarkerMap"), - ("read_only_space", 0x0279d): (67, "ExceptionMap"), - ("read_only_space", 0x027f9): (67, "TerminationExceptionMap"), - ("read_only_space", 0x02861): (67, "OptimizedOutMap"), - ("read_only_space", 0x028c1): (67, "StaleRegisterMap"), - ("read_only_space", 0x02921): (130, "ScriptContextTableMap"), - ("read_only_space", 0x02949): (127, "ClosureFeedbackCellArrayMap"), - ("read_only_space", 0x02971): (164, "FeedbackMetadataArrayMap"), - ("read_only_space", 0x02999): (117, "ArrayListMap"), - ("read_only_space", 0x029c1): (65, "BigIntMap"), - ("read_only_space", 0x029e9): (128, "ObjectBoilerplateDescriptionMap"), - ("read_only_space", 0x02a11): (132, "BytecodeArrayMap"), - ("read_only_space", 0x02a39): (160, "CodeDataContainerMap"), - ("read_only_space", 0x02a61): (161, "CoverageInfoMap"), - ("read_only_space", 0x02a89): (133, "FixedDoubleArrayMap"), - ("read_only_space", 0x02ab1): (120, "GlobalDictionaryMap"), - ("read_only_space", 0x02ad9): (97, "ManyClosuresCellMap"), - ("read_only_space", 0x02b01): (117, "ModuleInfoMap"), - ("read_only_space", 0x02b29): (121, "NameDictionaryMap"), - ("read_only_space", 0x02b51): (97, "NoClosuresCellMap"), - ("read_only_space", 0x02b79): (122, "NumberDictionaryMap"), - ("read_only_space", 0x02ba1): (97, "OneClosureCellMap"), - ("read_only_space", 0x02bc9): (123, "OrderedHashMapMap"), - ("read_only_space", 0x02bf1): (124, "OrderedHashSetMap"), - ("read_only_space", 0x02c19): (125, "OrderedNameDictionaryMap"), - ("read_only_space", 0x02c41): (172, "PreparseDataMap"), - ("read_only_space", 0x02c69): (173, "PropertyArrayMap"), - ("read_only_space", 0x02c91): (93, "SideEffectCallHandlerInfoMap"), - ("read_only_space", 0x02cb9): (93, "SideEffectFreeCallHandlerInfoMap"), - ("read_only_space", 0x02ce1): (93, "NextCallSideEffectFreeCallHandlerInfoMap"), - ("read_only_space", 0x02d09): (126, "SimpleNumberDictionaryMap"), - ("read_only_space", 0x02d31): (149, "SmallOrderedHashMapMap"), - ("read_only_space", 0x02d59): (150, "SmallOrderedHashSetMap"), - ("read_only_space", 0x02d81): (151, "SmallOrderedNameDictionaryMap"), - ("read_only_space", 0x02da9): (152, "SourceTextModuleMap"), - ("read_only_space", 0x02dd1): (153, "SyntheticModuleMap"), - ("read_only_space", 0x02df9): (155, "UncompiledDataWithoutPreparseDataMap"), - ("read_only_space", 0x02e21): (154, "UncompiledDataWithPreparseDataMap"), - ("read_only_space", 0x02e49): (71, "WasmTypeInfoMap"), - ("read_only_space", 0x02e71): (181, "WeakArrayListMap"), - ("read_only_space", 0x02e99): (119, "EphemeronHashTableMap"), - ("read_only_space", 0x02ec1): (163, "EmbedderDataArrayMap"), - ("read_only_space", 0x02ee9): (182, "WeakCellMap"), - ("read_only_space", 0x02f11): (32, "StringMap"), - ("read_only_space", 0x02f39): (41, "ConsOneByteStringMap"), - ("read_only_space", 0x02f61): (33, "ConsStringMap"), - ("read_only_space", 0x02f89): (37, "ThinStringMap"), - ("read_only_space", 0x02fb1): (35, "SlicedStringMap"), - ("read_only_space", 0x02fd9): (43, "SlicedOneByteStringMap"), - ("read_only_space", 0x03001): (34, "ExternalStringMap"), - ("read_only_space", 0x03029): (42, "ExternalOneByteStringMap"), - ("read_only_space", 0x03051): (50, "UncachedExternalStringMap"), - ("read_only_space", 0x03079): (0, "InternalizedStringMap"), - ("read_only_space", 0x030a1): (2, "ExternalInternalizedStringMap"), - ("read_only_space", 0x030c9): (10, "ExternalOneByteInternalizedStringMap"), - ("read_only_space", 0x030f1): (18, "UncachedExternalInternalizedStringMap"), - ("read_only_space", 0x03119): (26, "UncachedExternalOneByteInternalizedStringMap"), - ("read_only_space", 0x03141): (58, "UncachedExternalOneByteStringMap"), - ("read_only_space", 0x03169): (67, "SelfReferenceMarkerMap"), - ("read_only_space", 0x03191): (67, "BasicBlockCountersMarkerMap"), - ("read_only_space", 0x031d5): (87, "ArrayBoilerplateDescriptionMap"), - ("read_only_space", 0x032a5): (99, "InterceptorInfoMap"), - ("read_only_space", 0x05399): (72, "PromiseFulfillReactionJobTaskMap"), - ("read_only_space", 0x053c1): (73, "PromiseRejectReactionJobTaskMap"), - ("read_only_space", 0x053e9): (74, "CallableTaskMap"), - ("read_only_space", 0x05411): (75, "CallbackTaskMap"), - ("read_only_space", 0x05439): (76, "PromiseResolveThenableJobTaskMap"), - ("read_only_space", 0x05461): (79, "FunctionTemplateInfoMap"), - ("read_only_space", 0x05489): (80, "ObjectTemplateInfoMap"), - ("read_only_space", 0x054b1): (81, "AccessCheckInfoMap"), - ("read_only_space", 0x054d9): (82, "AccessorInfoMap"), - ("read_only_space", 0x05501): (83, "AccessorPairMap"), - ("read_only_space", 0x05529): (84, "AliasedArgumentsEntryMap"), - ("read_only_space", 0x05551): (85, "AllocationMementoMap"), - ("read_only_space", 0x05579): (88, "AsmWasmDataMap"), - ("read_only_space", 0x055a1): (89, "AsyncGeneratorRequestMap"), - ("read_only_space", 0x055c9): (90, "BreakPointMap"), - ("read_only_space", 0x055f1): (91, "BreakPointInfoMap"), - ("read_only_space", 0x05619): (92, "CachedTemplateObjectMap"), - ("read_only_space", 0x05641): (94, "ClassPositionsMap"), - ("read_only_space", 0x05669): (95, "DebugInfoMap"), - ("read_only_space", 0x05691): (98, "FunctionTemplateRareDataMap"), - ("read_only_space", 0x056b9): (100, "InterpreterDataMap"), - ("read_only_space", 0x056e1): (101, "PromiseCapabilityMap"), - ("read_only_space", 0x05709): (102, "PromiseReactionMap"), - ("read_only_space", 0x05731): (103, "PropertyDescriptorObjectMap"), - ("read_only_space", 0x05759): (104, "PrototypeInfoMap"), - ("read_only_space", 0x05781): (105, "ScriptMap"), - ("read_only_space", 0x057a9): (106, "SourceTextModuleInfoEntryMap"), - ("read_only_space", 0x057d1): (107, "StackFrameInfoMap"), - ("read_only_space", 0x057f9): (108, "StackTraceFrameMap"), - ("read_only_space", 0x05821): (109, "TemplateObjectDescriptionMap"), - ("read_only_space", 0x05849): (110, "Tuple2Map"), - ("read_only_space", 0x05871): (111, "WasmCapiFunctionDataMap"), - ("read_only_space", 0x05899): (112, "WasmExceptionTagMap"), - ("read_only_space", 0x058c1): (113, "WasmExportedFunctionDataMap"), - ("read_only_space", 0x058e9): (114, "WasmIndirectFunctionTableMap"), - ("read_only_space", 0x05911): (115, "WasmJSFunctionDataMap"), - ("read_only_space", 0x05939): (116, "WasmValueMap"), - ("read_only_space", 0x05961): (135, "SloppyArgumentsElementsMap"), - ("read_only_space", 0x05989): (171, "OnHeapBasicBlockProfilerDataMap"), - ("read_only_space", 0x059b1): (168, "InternalClassMap"), - ("read_only_space", 0x059d9): (177, "SmiPairMap"), - ("read_only_space", 0x05a01): (176, "SmiBoxMap"), - ("read_only_space", 0x05a29): (146, "ExportedSubClassBaseMap"), - ("read_only_space", 0x05a51): (147, "ExportedSubClassMap"), - ("read_only_space", 0x05a79): (68, "AbstractInternalClassSubclass1Map"), - ("read_only_space", 0x05aa1): (69, "AbstractInternalClassSubclass2Map"), - ("read_only_space", 0x05ac9): (134, "InternalClassWithSmiElementsMap"), - ("read_only_space", 0x05af1): (169, "InternalClassWithStructElementsMap"), - ("read_only_space", 0x05b19): (148, "ExportedSubClass2Map"), - ("read_only_space", 0x05b41): (178, "SortStateMap"), - ("read_only_space", 0x05b69): (86, "AllocationSiteWithWeakNextMap"), - ("read_only_space", 0x05b91): (86, "AllocationSiteWithoutWeakNextMap"), - ("read_only_space", 0x05bb9): (77, "LoadHandler1Map"), - ("read_only_space", 0x05be1): (77, "LoadHandler2Map"), - ("read_only_space", 0x05c09): (77, "LoadHandler3Map"), - ("read_only_space", 0x05c31): (78, "StoreHandler0Map"), - ("read_only_space", 0x05c59): (78, "StoreHandler1Map"), - ("read_only_space", 0x05c81): (78, "StoreHandler2Map"), - ("read_only_space", 0x05ca9): (78, "StoreHandler3Map"), - ("map_space", 0x02115): (1057, "ExternalMap"), - ("map_space", 0x0213d): (1072, "JSMessageObjectMap"), - ("map_space", 0x02165): (180, "WasmRttEqrefMap"), - ("map_space", 0x0218d): (180, "WasmRttExternrefMap"), - ("map_space", 0x021b5): (180, "WasmRttFuncrefMap"), - ("map_space", 0x021dd): (180, "WasmRttI31refMap"), + ("read_only_space", 0x02119): (170, "MetaMap"), + ("read_only_space", 0x02141): (67, "NullMap"), + ("read_only_space", 0x02169): (162, "DescriptorArrayMap"), + ("read_only_space", 0x02191): (156, "WeakFixedArrayMap"), + ("read_only_space", 0x021d1): (96, "EnumCacheMap"), + ("read_only_space", 0x02205): (117, "FixedArrayMap"), + ("read_only_space", 0x02251): (8, "OneByteInternalizedStringMap"), + ("read_only_space", 0x0229d): (167, "FreeSpaceMap"), + ("read_only_space", 0x022c5): (166, "OnePointerFillerMap"), + ("read_only_space", 0x022ed): (166, "TwoPointerFillerMap"), + ("read_only_space", 0x02315): (67, "UninitializedMap"), + ("read_only_space", 0x0238d): (67, "UndefinedMap"), + ("read_only_space", 0x023d1): (66, "HeapNumberMap"), + ("read_only_space", 0x02405): (67, "TheHoleMap"), + ("read_only_space", 0x02465): (67, "BooleanMap"), + ("read_only_space", 0x02509): (131, "ByteArrayMap"), + ("read_only_space", 0x02531): (117, "FixedCOWArrayMap"), + ("read_only_space", 0x02559): (118, "HashTableMap"), + ("read_only_space", 0x02581): (64, "SymbolMap"), + ("read_only_space", 0x025a9): (40, "OneByteStringMap"), + ("read_only_space", 0x025d1): (129, "ScopeInfoMap"), + ("read_only_space", 0x025f9): (175, "SharedFunctionInfoMap"), + ("read_only_space", 0x02621): (159, "CodeMap"), + ("read_only_space", 0x02649): (158, "CellMap"), + ("read_only_space", 0x02671): (174, "GlobalPropertyCellMap"), + ("read_only_space", 0x02699): (70, "ForeignMap"), + ("read_only_space", 0x026c1): (157, "TransitionArrayMap"), + ("read_only_space", 0x026e9): (45, "ThinOneByteStringMap"), + ("read_only_space", 0x02711): (165, "FeedbackVectorMap"), + ("read_only_space", 0x02741): (67, "ArgumentsMarkerMap"), + ("read_only_space", 0x027a1): (67, "ExceptionMap"), + ("read_only_space", 0x027fd): (67, "TerminationExceptionMap"), + ("read_only_space", 0x02865): (67, "OptimizedOutMap"), + ("read_only_space", 0x028c5): (67, "StaleRegisterMap"), + ("read_only_space", 0x02925): (130, "ScriptContextTableMap"), + ("read_only_space", 0x0294d): (127, "ClosureFeedbackCellArrayMap"), + ("read_only_space", 0x02975): (164, "FeedbackMetadataArrayMap"), + ("read_only_space", 0x0299d): (117, "ArrayListMap"), + ("read_only_space", 0x029c5): (65, "BigIntMap"), + ("read_only_space", 0x029ed): (128, "ObjectBoilerplateDescriptionMap"), + ("read_only_space", 0x02a15): (132, "BytecodeArrayMap"), + ("read_only_space", 0x02a3d): (160, "CodeDataContainerMap"), + ("read_only_space", 0x02a65): (161, "CoverageInfoMap"), + ("read_only_space", 0x02a8d): (133, "FixedDoubleArrayMap"), + ("read_only_space", 0x02ab5): (120, "GlobalDictionaryMap"), + ("read_only_space", 0x02add): (97, "ManyClosuresCellMap"), + ("read_only_space", 0x02b05): (117, "ModuleInfoMap"), + ("read_only_space", 0x02b2d): (121, "NameDictionaryMap"), + ("read_only_space", 0x02b55): (97, "NoClosuresCellMap"), + ("read_only_space", 0x02b7d): (122, "NumberDictionaryMap"), + ("read_only_space", 0x02ba5): (97, "OneClosureCellMap"), + ("read_only_space", 0x02bcd): (123, "OrderedHashMapMap"), + ("read_only_space", 0x02bf5): (124, "OrderedHashSetMap"), + ("read_only_space", 0x02c1d): (125, "OrderedNameDictionaryMap"), + ("read_only_space", 0x02c45): (172, "PreparseDataMap"), + ("read_only_space", 0x02c6d): (173, "PropertyArrayMap"), + ("read_only_space", 0x02c95): (93, "SideEffectCallHandlerInfoMap"), + ("read_only_space", 0x02cbd): (93, "SideEffectFreeCallHandlerInfoMap"), + ("read_only_space", 0x02ce5): (93, "NextCallSideEffectFreeCallHandlerInfoMap"), + ("read_only_space", 0x02d0d): (126, "SimpleNumberDictionaryMap"), + ("read_only_space", 0x02d35): (149, "SmallOrderedHashMapMap"), + ("read_only_space", 0x02d5d): (150, "SmallOrderedHashSetMap"), + ("read_only_space", 0x02d85): (151, "SmallOrderedNameDictionaryMap"), + ("read_only_space", 0x02dad): (152, "SourceTextModuleMap"), + ("read_only_space", 0x02dd5): (153, "SyntheticModuleMap"), + ("read_only_space", 0x02dfd): (155, "UncompiledDataWithoutPreparseDataMap"), + ("read_only_space", 0x02e25): (154, "UncompiledDataWithPreparseDataMap"), + ("read_only_space", 0x02e4d): (71, "WasmTypeInfoMap"), + ("read_only_space", 0x02e75): (181, "WeakArrayListMap"), + ("read_only_space", 0x02e9d): (119, "EphemeronHashTableMap"), + ("read_only_space", 0x02ec5): (163, "EmbedderDataArrayMap"), + ("read_only_space", 0x02eed): (182, "WeakCellMap"), + ("read_only_space", 0x02f15): (32, "StringMap"), + ("read_only_space", 0x02f3d): (41, "ConsOneByteStringMap"), + ("read_only_space", 0x02f65): (33, "ConsStringMap"), + ("read_only_space", 0x02f8d): (37, "ThinStringMap"), + ("read_only_space", 0x02fb5): (35, "SlicedStringMap"), + ("read_only_space", 0x02fdd): (43, "SlicedOneByteStringMap"), + ("read_only_space", 0x03005): (34, "ExternalStringMap"), + ("read_only_space", 0x0302d): (42, "ExternalOneByteStringMap"), + ("read_only_space", 0x03055): (50, "UncachedExternalStringMap"), + ("read_only_space", 0x0307d): (0, "InternalizedStringMap"), + ("read_only_space", 0x030a5): (2, "ExternalInternalizedStringMap"), + ("read_only_space", 0x030cd): (10, "ExternalOneByteInternalizedStringMap"), + ("read_only_space", 0x030f5): (18, "UncachedExternalInternalizedStringMap"), + ("read_only_space", 0x0311d): (26, "UncachedExternalOneByteInternalizedStringMap"), + ("read_only_space", 0x03145): (58, "UncachedExternalOneByteStringMap"), + ("read_only_space", 0x0316d): (67, "SelfReferenceMarkerMap"), + ("read_only_space", 0x03195): (67, "BasicBlockCountersMarkerMap"), + ("read_only_space", 0x031d9): (87, "ArrayBoilerplateDescriptionMap"), + ("read_only_space", 0x032a9): (99, "InterceptorInfoMap"), + ("read_only_space", 0x0539d): (72, "PromiseFulfillReactionJobTaskMap"), + ("read_only_space", 0x053c5): (73, "PromiseRejectReactionJobTaskMap"), + ("read_only_space", 0x053ed): (74, "CallableTaskMap"), + ("read_only_space", 0x05415): (75, "CallbackTaskMap"), + ("read_only_space", 0x0543d): (76, "PromiseResolveThenableJobTaskMap"), + ("read_only_space", 0x05465): (79, "FunctionTemplateInfoMap"), + ("read_only_space", 0x0548d): (80, "ObjectTemplateInfoMap"), + ("read_only_space", 0x054b5): (81, "AccessCheckInfoMap"), + ("read_only_space", 0x054dd): (82, "AccessorInfoMap"), + ("read_only_space", 0x05505): (83, "AccessorPairMap"), + ("read_only_space", 0x0552d): (84, "AliasedArgumentsEntryMap"), + ("read_only_space", 0x05555): (85, "AllocationMementoMap"), + ("read_only_space", 0x0557d): (88, "AsmWasmDataMap"), + ("read_only_space", 0x055a5): (89, "AsyncGeneratorRequestMap"), + ("read_only_space", 0x055cd): (90, "BreakPointMap"), + ("read_only_space", 0x055f5): (91, "BreakPointInfoMap"), + ("read_only_space", 0x0561d): (92, "CachedTemplateObjectMap"), + ("read_only_space", 0x05645): (94, "ClassPositionsMap"), + ("read_only_space", 0x0566d): (95, "DebugInfoMap"), + ("read_only_space", 0x05695): (98, "FunctionTemplateRareDataMap"), + ("read_only_space", 0x056bd): (100, "InterpreterDataMap"), + ("read_only_space", 0x056e5): (101, "PromiseCapabilityMap"), + ("read_only_space", 0x0570d): (102, "PromiseReactionMap"), + ("read_only_space", 0x05735): (103, "PropertyDescriptorObjectMap"), + ("read_only_space", 0x0575d): (104, "PrototypeInfoMap"), + ("read_only_space", 0x05785): (105, "ScriptMap"), + ("read_only_space", 0x057ad): (106, "SourceTextModuleInfoEntryMap"), + ("read_only_space", 0x057d5): (107, "StackFrameInfoMap"), + ("read_only_space", 0x057fd): (108, "StackTraceFrameMap"), + ("read_only_space", 0x05825): (109, "TemplateObjectDescriptionMap"), + ("read_only_space", 0x0584d): (110, "Tuple2Map"), + ("read_only_space", 0x05875): (111, "WasmCapiFunctionDataMap"), + ("read_only_space", 0x0589d): (112, "WasmExceptionTagMap"), + ("read_only_space", 0x058c5): (113, "WasmExportedFunctionDataMap"), + ("read_only_space", 0x058ed): (114, "WasmIndirectFunctionTableMap"), + ("read_only_space", 0x05915): (115, "WasmJSFunctionDataMap"), + ("read_only_space", 0x0593d): (116, "WasmValueMap"), + ("read_only_space", 0x05965): (135, "SloppyArgumentsElementsMap"), + ("read_only_space", 0x0598d): (171, "OnHeapBasicBlockProfilerDataMap"), + ("read_only_space", 0x059b5): (168, "InternalClassMap"), + ("read_only_space", 0x059dd): (177, "SmiPairMap"), + ("read_only_space", 0x05a05): (176, "SmiBoxMap"), + ("read_only_space", 0x05a2d): (146, "ExportedSubClassBaseMap"), + ("read_only_space", 0x05a54): (147, "ExportedSubClassMap"), + ("read_only_space", 0x05a7d): (68, "AbstractInternalClassSubclass1Map"), + ("read_only_space", 0x05aa5): (69, "AbstractInternalClassSubclass2Map"), + ("read_only_space", 0x05acd): (134, "InternalClassWithSmiElementsMap"), + ("read_only_space", 0x05af5): (169, "InternalClassWithStructElementsMap"), + ("read_only_space", 0x05b1d): (148, "ExportedSubClass2Map"), + ("read_only_space", 0x05b45): (178, "SortStateMap"), + ("read_only_space", 0x05b6d): (86, "AllocationSiteWithWeakNextMap"), + ("read_only_space", 0x05b95): (86, "AllocationSiteWithoutWeakNextMap"), + ("read_only_space", 0x05bbd): (77, "LoadHandler1Map"), + ("read_only_space", 0x05be5): (77, "LoadHandler2Map"), + ("read_only_space", 0x05c0d): (77, "LoadHandler3Map"), + ("read_only_space", 0x05c35): (78, "StoreHandler0Map"), + ("read_only_space", 0x05c5d): (78, "StoreHandler1Map"), + ("read_only_space", 0x05c85): (78, "StoreHandler2Map"), + ("read_only_space", 0x05cad): (78, "StoreHandler3Map"), + ("map_space", 0x02119): (1057, "ExternalMap"), + ("map_space", 0x02141): (1072, "JSMessageObjectMap"), + ("map_space", 0x02169): (180, "WasmRttEqrefMap"), + ("map_space", 0x02191): (180, "WasmRttExternrefMap"), + ("map_space", 0x021b9): (180, "WasmRttFuncrefMap"), + ("map_space", 0x021e1): (180, "WasmRttI31refMap"), } # List of known V8 objects. KNOWN_OBJECTS = { - ("read_only_space", 0x021b5): "EmptyWeakFixedArray", - ("read_only_space", 0x021bd): "EmptyDescriptorArray", - ("read_only_space", 0x021f5): "EmptyEnumCache", - ("read_only_space", 0x02229): "EmptyFixedArray", - ("read_only_space", 0x02231): "NullValue", - ("read_only_space", 0x02339): "UninitializedValue", - ("read_only_space", 0x023b1): "UndefinedValue", - ("read_only_space", 0x023f5): "NanValue", - ("read_only_space", 0x02429): "TheHoleValue", - ("read_only_space", 0x02455): "HoleNanValue", - ("read_only_space", 0x02489): "TrueValue", - ("read_only_space", 0x024c9): "FalseValue", - ("read_only_space", 0x024f9): "empty_string", - ("read_only_space", 0x02735): "EmptyScopeInfo", - ("read_only_space", 0x02765): "ArgumentsMarker", - ("read_only_space", 0x027c5): "Exception", - ("read_only_space", 0x02821): "TerminationException", - ("read_only_space", 0x02889): "OptimizedOut", - ("read_only_space", 0x028e9): "StaleRegister", - ("read_only_space", 0x031b9): "EmptyPropertyArray", - ("read_only_space", 0x031c1): "EmptyByteArray", - ("read_only_space", 0x031c9): "EmptyObjectBoilerplateDescription", - ("read_only_space", 0x031fd): "EmptyArrayBoilerplateDescription", - ("read_only_space", 0x03209): "EmptyClosureFeedbackCellArray", - ("read_only_space", 0x03211): "EmptySlowElementDictionary", - ("read_only_space", 0x03235): "EmptyOrderedHashMap", - ("read_only_space", 0x03249): "EmptyOrderedHashSet", - ("read_only_space", 0x0325d): "EmptyFeedbackMetadata", - ("read_only_space", 0x03269): "EmptyPropertyCell", - ("read_only_space", 0x0327d): "EmptyPropertyDictionary", - ("read_only_space", 0x032cd): "NoOpInterceptorInfo", - ("read_only_space", 0x032f5): "EmptyWeakArrayList", - ("read_only_space", 0x03301): "InfinityValue", - ("read_only_space", 0x0330d): "MinusZeroValue", - ("read_only_space", 0x03319): "MinusInfinityValue", - ("read_only_space", 0x03325): "SelfReferenceMarker", - ("read_only_space", 0x03365): "BasicBlockCountersMarker", - ("read_only_space", 0x033a9): "OffHeapTrampolineRelocationInfo", - ("read_only_space", 0x033b5): "TrampolineTrivialCodeDataContainer", - ("read_only_space", 0x033c1): "TrampolinePromiseRejectionCodeDataContainer", - ("read_only_space", 0x033cd): "GlobalThisBindingScopeInfo", - ("read_only_space", 0x03405): "EmptyFunctionScopeInfo", - ("read_only_space", 0x0342d): "NativeScopeInfo", - ("read_only_space", 0x03449): "HashSeed", - ("old_space", 0x02115): "ArgumentsIteratorAccessor", - ("old_space", 0x02159): "ArrayLengthAccessor", - ("old_space", 0x0219d): "BoundFunctionLengthAccessor", - ("old_space", 0x021e1): "BoundFunctionNameAccessor", - ("old_space", 0x02225): "ErrorStackAccessor", - ("old_space", 0x02269): "FunctionArgumentsAccessor", - ("old_space", 0x022ad): "FunctionCallerAccessor", - ("old_space", 0x022f1): "FunctionNameAccessor", - ("old_space", 0x02335): "FunctionLengthAccessor", - ("old_space", 0x02379): "FunctionPrototypeAccessor", - ("old_space", 0x023bd): "RegExpResultIndicesAccessor", - ("old_space", 0x02401): "StringLengthAccessor", - ("old_space", 0x02445): "InvalidPrototypeValidityCell", - ("old_space", 0x024cd): "EmptyScript", - ("old_space", 0x0250d): "ManyClosuresCell", - ("old_space", 0x02519): "ArrayConstructorProtector", - ("old_space", 0x0252d): "NoElementsProtector", - ("old_space", 0x02541): "IsConcatSpreadableProtector", - ("old_space", 0x02555): "ArraySpeciesProtector", - ("old_space", 0x02569): "TypedArraySpeciesProtector", - ("old_space", 0x0257d): "PromiseSpeciesProtector", - ("old_space", 0x02591): "RegExpSpeciesProtector", - ("old_space", 0x025a5): "StringLengthProtector", - ("old_space", 0x025b9): "ArrayIteratorProtector", - ("old_space", 0x025cd): "ArrayBufferDetachingProtector", - ("old_space", 0x025e1): "PromiseHookProtector", - ("old_space", 0x025f5): "PromiseResolveProtector", - ("old_space", 0x02609): "MapIteratorProtector", - ("old_space", 0x0261d): "PromiseThenProtector", - ("old_space", 0x02631): "SetIteratorProtector", - ("old_space", 0x02645): "StringIteratorProtector", - ("old_space", 0x02659): "SingleCharacterStringCache", - ("old_space", 0x02a61): "StringSplitCache", - ("old_space", 0x02e69): "RegExpMultipleCache", - ("old_space", 0x03271): "BuiltinsConstantsTable", - ("old_space", 0x0364d): "AsyncFunctionAwaitRejectSharedFun", - ("old_space", 0x03675): "AsyncFunctionAwaitResolveSharedFun", - ("old_space", 0x0369d): "AsyncGeneratorAwaitRejectSharedFun", - ("old_space", 0x036c5): "AsyncGeneratorAwaitResolveSharedFun", - ("old_space", 0x036ed): "AsyncGeneratorYieldResolveSharedFun", - ("old_space", 0x03715): "AsyncGeneratorReturnResolveSharedFun", - ("old_space", 0x0373d): "AsyncGeneratorReturnClosedRejectSharedFun", - ("old_space", 0x03765): "AsyncGeneratorReturnClosedResolveSharedFun", - ("old_space", 0x0378d): "AsyncIteratorValueUnwrapSharedFun", - ("old_space", 0x037b5): "PromiseAllResolveElementSharedFun", - ("old_space", 0x037dd): "PromiseAllSettledResolveElementSharedFun", - ("old_space", 0x03805): "PromiseAllSettledRejectElementSharedFun", - ("old_space", 0x0382d): "PromiseAnyRejectElementSharedFun", - ("old_space", 0x03855): "PromiseCapabilityDefaultRejectSharedFun", - ("old_space", 0x0387d): "PromiseCapabilityDefaultResolveSharedFun", - ("old_space", 0x038a5): "PromiseCatchFinallySharedFun", - ("old_space", 0x038cd): "PromiseGetCapabilitiesExecutorSharedFun", - ("old_space", 0x038f5): "PromiseThenFinallySharedFun", - ("old_space", 0x0391d): "PromiseThrowerFinallySharedFun", - ("old_space", 0x03945): "PromiseValueThunkFinallySharedFun", - ("old_space", 0x0396d): "ProxyRevokeSharedFun", + ("read_only_space", 0x021b9): "EmptyWeakFixedArray", + ("read_only_space", 0x021c1): "EmptyDescriptorArray", + ("read_only_space", 0x021f9): "EmptyEnumCache", + ("read_only_space", 0x0222d): "EmptyFixedArray", + ("read_only_space", 0x02235): "NullValue", + ("read_only_space", 0x0233d): "UninitializedValue", + ("read_only_space", 0x023b5): "UndefinedValue", + ("read_only_space", 0x023f9): "NanValue", + ("read_only_space", 0x0242d): "TheHoleValue", + ("read_only_space", 0x02459): "HoleNanValue", + ("read_only_space", 0x0248d): "TrueValue", + ("read_only_space", 0x024cd): "FalseValue", + ("read_only_space", 0x024fd): "empty_string", + ("read_only_space", 0x02739): "EmptyScopeInfo", + ("read_only_space", 0x02769): "ArgumentsMarker", + ("read_only_space", 0x027c9): "Exception", + ("read_only_space", 0x02825): "TerminationException", + ("read_only_space", 0x0288d): "OptimizedOut", + ("read_only_space", 0x028ed): "StaleRegister", + ("read_only_space", 0x031bd): "EmptyPropertyArray", + ("read_only_space", 0x031c5): "EmptyByteArray", + ("read_only_space", 0x031cd): "EmptyObjectBoilerplateDescription", + ("read_only_space", 0x03201): "EmptyArrayBoilerplateDescription", + ("read_only_space", 0x0320d): "EmptyClosureFeedbackCellArray", + ("read_only_space", 0x03215): "EmptySlowElementDictionary", + ("read_only_space", 0x03239): "EmptyOrderedHashMap", + ("read_only_space", 0x0324d): "EmptyOrderedHashSet", + ("read_only_space", 0x03261): "EmptyFeedbackMetadata", + ("read_only_space", 0x0326d): "EmptyPropertyCell", + ("read_only_space", 0x03281): "EmptyPropertyDictionary", + ("read_only_space", 0x032d1): "NoOpInterceptorInfo", + ("read_only_space", 0x032f9): "EmptyWeakArrayList", + ("read_only_space", 0x03305): "InfinityValue", + ("read_only_space", 0x03311): "MinusZeroValue", + ("read_only_space", 0x0331d): "MinusInfinityValue", + ("read_only_space", 0x03329): "SelfReferenceMarker", + ("read_only_space", 0x03369): "BasicBlockCountersMarker", + ("read_only_space", 0x033ad): "OffHeapTrampolineRelocationInfo", + ("read_only_space", 0x033b9): "TrampolineTrivialCodeDataContainer", + ("read_only_space", 0x033c5): "TrampolinePromiseRejectionCodeDataContainer", + ("read_only_space", 0x033d1): "GlobalThisBindingScopeInfo", + ("read_only_space", 0x03409): "EmptyFunctionScopeInfo", + ("read_only_space", 0x03432): "NativeScopeInfo", + ("read_only_space", 0x0344d): "HashSeed", + ("old_space", 0x02119): "ArgumentsIteratorAccessor", + ("old_space", 0x0215d): "ArrayLengthAccessor", + ("old_space", 0x021a1): "BoundFunctionLengthAccessor", + ("old_space", 0x021e5): "BoundFunctionNameAccessor", + ("old_space", 0x02229): "ErrorStackAccessor", + ("old_space", 0x0226d): "FunctionArgumentsAccessor", + ("old_space", 0x022b1): "FunctionCallerAccessor", + ("old_space", 0x022f5): "FunctionNameAccessor", + ("old_space", 0x02339): "FunctionLengthAccessor", + ("old_space", 0x0237d): "FunctionPrototypeAccessor", + ("old_space", 0x023c1): "RegExpResultIndicesAccessor", + ("old_space", 0x02405): "StringLengthAccessor", + ("old_space", 0x02449): "InvalidPrototypeValidityCell", + ("old_space", 0x024d1): "EmptyScript", + ("old_space", 0x02511): "ManyClosuresCell", + ("old_space", 0x0251d): "ArrayConstructorProtector", + ("old_space", 0x02531): "NoElementsProtector", + ("old_space", 0x02545): "IsConcatSpreadableProtector", + ("old_space", 0x02559): "ArraySpeciesProtector", + ("old_space", 0x0256d): "TypedArraySpeciesProtector", + ("old_space", 0x02581): "PromiseSpeciesProtector", + ("old_space", 0x02595): "RegExpSpeciesProtector", + ("old_space", 0x025a9): "StringLengthProtector", + ("old_space", 0x025bd): "ArrayIteratorProtector", + ("old_space", 0x025d1): "ArrayBufferDetachingProtector", + ("old_space", 0x025e5): "PromiseHookProtector", + ("old_space", 0x025f9): "PromiseResolveProtector", + ("old_space", 0x0260d): "MapIteratorProtector", + ("old_space", 0x02621): "PromiseThenProtector", + ("old_space", 0x02635): "SetIteratorProtector", + ("old_space", 0x02649): "StringIteratorProtector", + ("old_space", 0x0265d): "SingleCharacterStringCache", + ("old_space", 0x02a65): "StringSplitCache", + ("old_space", 0x02e6d): "RegExpMultipleCache", + ("old_space", 0x03275): "BuiltinsConstantsTable", + ("old_space", 0x03651): "AsyncFunctionAwaitRejectSharedFun", + ("old_space", 0x03679): "AsyncFunctionAwaitResolveSharedFun", + ("old_space", 0x036a1): "AsyncGeneratorAwaitRejectSharedFun", + ("old_space", 0x036c9): "AsyncGeneratorAwaitResolveSharedFun", + ("old_space", 0x036f1): "AsyncGeneratorYieldResolveSharedFun", + ("old_space", 0x03719): "AsyncGeneratorReturnResolveSharedFun", + ("old_space", 0x03741): "AsyncGeneratorReturnClosedRejectSharedFun", + ("old_space", 0x03769): "AsyncGeneratorReturnClosedResolveSharedFun", + ("old_space", 0x03791): "AsyncIteratorValueUnwrapSharedFun", + ("old_space", 0x037b9): "PromiseAllResolveElementSharedFun", + ("old_space", 0x037e1): "PromiseAllSettledResolveElementSharedFun", + ("old_space", 0x03809): "PromiseAllSettledRejectElementSharedFun", + ("old_space", 0x03831): "PromiseAnyRejectElementSharedFun", + ("old_space", 0x03859): "PromiseCapabilityDefaultRejectSharedFun", + ("old_space", 0x03881): "PromiseCapabilityDefaultResolveSharedFun", + ("old_space", 0x038a9): "PromiseCatchFinallySharedFun", + ("old_space", 0x038d1): "PromiseGetCapabilitiesExecutorSharedFun", + ("old_space", 0x038f9): "PromiseThenFinallySharedFun", + ("old_space", 0x03921): "PromiseThrowerFinallySharedFun", + ("old_space", 0x03949): "PromiseValueThunkFinallySharedFun", + ("old_space", 0x03971): "ProxyRevokeSharedFun", } # Lower 32 bits of first page addresses for various heap spaces. -- cgit v1.2.3