libv8-node 20.12.1.0-aarch64-linux → 22.5.1.0-aarch64-linux

data/vendor/v8/include/v8-internal.h

@@ -10,10 +10,11 @@
 #include <string.h>
 
 #include <atomic>
+#include <iterator>
+#include <memory>
 #include <type_traits>
 
-#include "v8-version.h"  // NOLINT(build/include_directory)
-#include "v8config.h"    // NOLINT(build/include_directory)
+#include "v8config.h"  // NOLINT(build/include_directory)
 
 namespace v8 {
 
@@ -24,6 +25,7 @@ class Isolate;
 
 namespace internal {
 
+class Heap;
 class Isolate;
 
 typedef uintptr_t Address;
@@ -80,7 +82,7 @@ struct SmiTagging<4> {
       static_cast<intptr_t>(kUintptrAllBitsSet << (kSmiValueSize - 1));
   static constexpr intptr_t kSmiMaxValue = -(kSmiMinValue + 1);
 
-  V8_INLINE static int SmiToInt(Address value) {
+  V8_INLINE static constexpr int SmiToInt(Address value) {
     int shift_bits = kSmiTagSize + kSmiShiftSize;
     // Truncate and shift down (requires >> to be sign extending).
     return static_cast<int32_t>(static_cast<uint32_t>(value)) >> shift_bits;
@@ -105,7 +107,7 @@ struct SmiTagging<8> {
       static_cast<intptr_t>(kUintptrAllBitsSet << (kSmiValueSize - 1));
   static constexpr intptr_t kSmiMaxValue = -(kSmiMinValue + 1);
 
-  V8_INLINE static int SmiToInt(Address value) {
+  V8_INLINE static constexpr int SmiToInt(Address value) {
     int shift_bits = kSmiTagSize + kSmiShiftSize;
     // Shift down and throw away top 32 bits.
     return static_cast<int>(static_cast<intptr_t>(value) >> shift_bits);
@@ -173,11 +175,15 @@ using SandboxedPointer_t = Address;
 #ifdef V8_ENABLE_SANDBOX
 
 // Size of the sandbox, excluding the guard regions surrounding it.
-#ifdef V8_TARGET_OS_ANDROID
+#if defined(V8_TARGET_OS_ANDROID)
 // On Android, most 64-bit devices seem to be configured with only 39 bits of
 // virtual address space for userspace. As such, limit the sandbox to 128GB (a
 // quarter of the total available address space).
 constexpr size_t kSandboxSizeLog2 = 37;  // 128 GB
+#elif defined(V8_TARGET_ARCH_LOONG64)
+// Some Linux distros on LoongArch64 configured with only 40 bits of virtual
+// address space for userspace. Limit the sandbox to 256GB here.
+constexpr size_t kSandboxSizeLog2 = 38;  // 256 GB
 #else
 // Everywhere else use a 1TB sandbox.
 constexpr size_t kSandboxSizeLog2 = 40;  // 1 TB
@@ -247,20 +253,22 @@ static_assert(1ULL << (64 - kBoundedSizeShift) ==
 // size allows omitting bounds checks on table accesses if the indices are
 // guaranteed (e.g. through shifting) to be below the maximum index. This
 // value must be a power of two.
-static const size_t kExternalPointerTableReservationSize = 512 * MB;
+constexpr size_t kExternalPointerTableReservationSize = 512 * MB;
 
 // The external pointer table indices stored in HeapObjects as external
 // pointers are shifted to the left by this amount to guarantee that they are
 // smaller than the maximum table size.
-static const uint32_t kExternalPointerIndexShift = 6;
+constexpr uint32_t kExternalPointerIndexShift = 6;
 #else
-static const size_t kExternalPointerTableReservationSize = 1024 * MB;
-static const uint32_t kExternalPointerIndexShift = 5;
+constexpr size_t kExternalPointerTableReservationSize = 1024 * MB;
+constexpr uint32_t kExternalPointerIndexShift = 5;
 #endif  // V8_TARGET_OS_ANDROID
 
 // The maximum number of entries in an external pointer table.
-static const size_t kMaxExternalPointers =
-    kExternalPointerTableReservationSize / kApiSystemPointerSize;
+constexpr int kExternalPointerTableEntrySize = 8;
+constexpr int kExternalPointerTableEntrySizeLog2 = 3;
+constexpr size_t kMaxExternalPointers =
+    kExternalPointerTableReservationSize / kExternalPointerTableEntrySize;
 static_assert((1 << (32 - kExternalPointerIndexShift)) == kMaxExternalPointers,
               "kExternalPointerTableReservationSize and "
               "kExternalPointerIndexShift don't match");
@@ -268,7 +276,7 @@ static_assert((1 << (32 - kExternalPointerIndexShift)) == kMaxExternalPointers,
 #else  // !V8_COMPRESS_POINTERS
 
 // Needed for the V8.SandboxedExternalPointersCount histogram.
-static const size_t kMaxExternalPointers = 0;
+constexpr size_t kMaxExternalPointers = 0;
 
 #endif  // V8_COMPRESS_POINTERS
 
@@ -281,15 +289,21 @@ static const size_t kMaxExternalPointers = 0;
 // that it is smaller than the size of the table.
 using ExternalPointerHandle = uint32_t;
 
-// ExternalPointers point to objects located outside the sandbox. When
-// sandboxed external pointers are enabled, these are stored on heap as
-// ExternalPointerHandles, otherwise they are simply raw pointers.
+// ExternalPointers point to objects located outside the sandbox. When the V8
+// sandbox is enabled, these are stored on heap as ExternalPointerHandles,
+// otherwise they are simply raw pointers.
 #ifdef V8_ENABLE_SANDBOX
 using ExternalPointer_t = ExternalPointerHandle;
 #else
 using ExternalPointer_t = Address;
 #endif
 
+constexpr ExternalPointer_t kNullExternalPointer = 0;
+constexpr ExternalPointerHandle kNullExternalPointerHandle = 0;
+
+//
+// External Pointers.
+//
 // When the sandbox is enabled, external pointers are stored in an external
 // pointer table and are referenced from HeapObjects through an index (a
 // "handle"). When stored in the table, the pointers are tagged with per-type
@@ -359,6 +373,7 @@ using ExternalPointer_t = Address;
 // ExternalPointerTable.
 constexpr uint64_t kExternalPointerMarkBit = 1ULL << 62;
 constexpr uint64_t kExternalPointerTagMask = 0x40ff000000000000;
+constexpr uint64_t kExternalPointerTagMaskWithoutMarkBit = 0xff000000000000;
 constexpr uint64_t kExternalPointerTagShift = 48;
 
 // All possible 8-bit type tags.
@@ -410,14 +425,15 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
 /* it is the Embedder's responsibility to ensure type safety (against */   \
 /* substitution) and lifetime validity of these objects. */                \
   V(kExternalObjectValueTag,                    TAG(13)) \
-  V(kCallHandlerInfoCallbackTag,                TAG(14)) \
+  V(kFunctionTemplateInfoCallbackTag,           TAG(14)) \
   V(kAccessorInfoGetterTag,                     TAG(15)) \
   V(kAccessorInfoSetterTag,                     TAG(16)) \
   V(kWasmInternalFunctionCallTargetTag,         TAG(17)) \
   V(kWasmTypeInfoNativeTypeTag,                 TAG(18)) \
   V(kWasmExportedFunctionDataSignatureTag,      TAG(19)) \
   V(kWasmContinuationJmpbufTag,                 TAG(20)) \
-  V(kArrayBufferExtensionTag,                   TAG(21))
+  V(kWasmIndirectFunctionTargetTag,             TAG(21)) \
+  V(kArrayBufferExtensionTag,                   TAG(22))
 
 // All external pointer tags.
 #define ALL_EXTERNAL_POINTER_TAGS(V) \
@@ -430,7 +446,7 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
   (HasMarkBit ? kExternalPointerMarkBit : 0))
 enum ExternalPointerTag : uint64_t {
   // Empty tag value. Mostly used as placeholder.
-  kExternalPointerNullTag =            MAKE_TAG(0, 0b00000000),
+  kExternalPointerNullTag =            MAKE_TAG(1, 0b00000000),
   // External pointer tag that will match any external pointer. Use with care!
   kAnyExternalPointerTag =             MAKE_TAG(1, 0b11111111),
   // The free entry tag has all type bits set so every type check with a
@@ -456,6 +472,15 @@ V8_INLINE static constexpr bool IsSharedExternalPointerType(
   return tag >= kFirstSharedTag && tag <= kLastSharedTag;
 }
 
+// True if the external pointer may live in a read-only object, in which case
+// the table entry will be in the shared read-only segment of the external
+// pointer table.
+V8_INLINE static constexpr bool IsMaybeReadOnlyExternalPointerType(
+    ExternalPointerTag tag) {
+  return tag == kAccessorInfoGetterTag || tag == kAccessorInfoSetterTag ||
+         tag == kFunctionTemplateInfoCallbackTag;
+}
+
 // Sanity checks.
 #define CHECK_SHARED_EXTERNAL_POINTER_TAGS(Tag, ...) \
   static_assert(IsSharedExternalPointerType(Tag));
@@ -471,6 +496,126 @@ PER_ISOLATE_EXTERNAL_POINTER_TAGS(CHECK_NON_SHARED_EXTERNAL_POINTER_TAGS)
 #undef SHARED_EXTERNAL_POINTER_TAGS
 #undef EXTERNAL_POINTER_TAGS
 
+//
+// Indirect Pointers.
+//
+// When the sandbox is enabled, indirect pointers are used to reference
+// HeapObjects that live outside of the sandbox (but are still managed by V8's
+// garbage collector). When object A references an object B through an indirect
+// pointer, object A will contain a IndirectPointerHandle, i.e. a shifted
+// 32-bit index, which identifies an entry in a pointer table (either the
+// trusted pointer table for TrustedObjects, or the code pointer table if it is
+// a Code object). This table entry then contains the actual pointer to object
+// B. Further, object B owns this pointer table entry, and it is responsible
+// for updating the "self-pointer" in the entry when it is relocated in memory.
+// This way, in contrast to "normal" pointers, indirect pointers never need to
+// be tracked by the GC (i.e. there is no remembered set for them).
+// These pointers do not exist when the sandbox is disabled.
+
+// An IndirectPointerHandle represents a 32-bit index into a pointer table.
+using IndirectPointerHandle = uint32_t;
+
+// A null handle always references an entry that contains nullptr.
+constexpr IndirectPointerHandle kNullIndirectPointerHandle = 0;
+
+// When the sandbox is enabled, indirect pointers are used to implement:
+// - TrustedPointers: an indirect pointer using the trusted pointer table (TPT)
+//   and referencing a TrustedObject in one of the trusted heap spaces.
+// - CodePointers, an indirect pointer using the code pointer table (CPT) and
+//   referencing a Code object together with its instruction stream.
+
+//
+// Trusted Pointers.
+//
+// A pointer to a TrustedObject.
+// When the sandbox is enabled, these are indirect pointers using the trusted
+// pointer table (TPT). They are used to reference trusted objects (located in
+// one of V8's trusted heap spaces, outside of the sandbox) from inside the
+// sandbox in a memory-safe way. When the sandbox is disabled, these are
+// regular tagged pointers.
+using TrustedPointerHandle = IndirectPointerHandle;
+
+// The size of the virtual memory reservation for the trusted pointer table.
+// As with the external pointer table, a maximum table size in combination with
+// shifted indices allows omitting bounds checks.
+constexpr size_t kTrustedPointerTableReservationSize = 64 * MB;
+
+// The trusted pointer handles are stores shifted to the left by this amount
+// to guarantee that they are smaller than the maximum table size.
+constexpr uint32_t kTrustedPointerHandleShift = 9;
+
+// A null handle always references an entry that contains nullptr.
+constexpr TrustedPointerHandle kNullTrustedPointerHandle =
+    kNullIndirectPointerHandle;
+
+// The maximum number of entries in an trusted pointer table.
+constexpr int kTrustedPointerTableEntrySize = 8;
+constexpr int kTrustedPointerTableEntrySizeLog2 = 3;
+constexpr size_t kMaxTrustedPointers =
+    kTrustedPointerTableReservationSize / kTrustedPointerTableEntrySize;
+static_assert((1 << (32 - kTrustedPointerHandleShift)) == kMaxTrustedPointers,
+              "kTrustedPointerTableReservationSize and "
+              "kTrustedPointerHandleShift don't match");
+
+//
+// Code Pointers.
+//
+// A pointer to a Code object.
+// Essentially a specialized version of a trusted pointer that (when the
+// sandbox is enabled) uses the code pointer table (CPT) instead of the TPT.
+// Each entry in the CPT contains both a pointer to a Code object as well as a
+// pointer to the Code's entrypoint. This allows calling/jumping into Code with
+// one fewer memory access (compared to the case where the entrypoint pointer
+// first needs to be loaded from the Code object). As such, a CodePointerHandle
+// can be used both to obtain the referenced Code object and to directly load
+// its entrypoint.
+//
+// When the sandbox is disabled, these are regular tagged pointers.
+using CodePointerHandle = IndirectPointerHandle;
+
+// The size of the virtual memory reservation for the code pointer table.
+// As with the other tables, a maximum table size in combination with shifted
+// indices allows omitting bounds checks.
+constexpr size_t kCodePointerTableReservationSize = 16 * MB;
+
+// Code pointer handles are shifted by a different amount than indirect pointer
+// handles as the tables have a different maximum size.
+constexpr uint32_t kCodePointerHandleShift = 12;
+
+// A null handle always references an entry that contains nullptr.
+constexpr CodePointerHandle kNullCodePointerHandle = kNullIndirectPointerHandle;
+
+// It can sometimes be necessary to distinguish a code pointer handle from a
+// trusted pointer handle. A typical example would be a union trusted pointer
+// field that can refer to both Code objects and other trusted objects. To
+// support these use-cases, we use a simple marking scheme where some of the
+// low bits of a code pointer handle are set, while they will be unset on a
+// trusted pointer handle. This way, the correct table to resolve the handle
+// can be determined even in the absence of a type tag.
+constexpr uint32_t kCodePointerHandleMarker = 0x1;
+static_assert(kCodePointerHandleShift > 0);
+static_assert(kTrustedPointerHandleShift > 0);
+
+// The maximum number of entries in a code pointer table.
+constexpr int kCodePointerTableEntrySize = 16;
+constexpr int kCodePointerTableEntrySizeLog2 = 4;
+constexpr size_t kMaxCodePointers =
+    kCodePointerTableReservationSize / kCodePointerTableEntrySize;
+static_assert(
+    (1 << (32 - kCodePointerHandleShift)) == kMaxCodePointers,
+    "kCodePointerTableReservationSize and kCodePointerHandleShift don't match");
+
+constexpr int kCodePointerTableEntryEntrypointOffset = 0;
+constexpr int kCodePointerTableEntryCodeObjectOffset = 8;
+
+// Constants that can be used to mark places that should be modified once
+// certain types of objects are moved out of the sandbox and into trusted space.
+constexpr bool kRuntimeGeneratedCodeObjectsLiveInTrustedSpace = true;
+constexpr bool kBuiltinCodeObjectsLiveInTrustedSpace = false;
+constexpr bool kAllCodeObjectsLiveInTrustedSpace =
+    kRuntimeGeneratedCodeObjectsLiveInTrustedSpace &&
+    kBuiltinCodeObjectsLiveInTrustedSpace;
+
 // {obj} must be the raw tagged pointer representation of a HeapObject
 // that's guaranteed to never be in ReadOnlySpace.
 V8_EXPORT internal::Isolate* IsolateFromNeverReadOnlySpaceObject(Address obj);
@@ -517,15 +662,22 @@ class Internals {
   static const int kExternalOneByteRepresentationTag = 0x0a;
 
   static const uint32_t kNumIsolateDataSlots = 4;
-  static const int kStackGuardSize = 7 * kApiSystemPointerSize;
+  static const int kStackGuardSize = 8 * kApiSystemPointerSize;
+  static const int kNumberOfBooleanFlags = 6;
+  static const int kErrorMessageParamSize = 1;
+  static const int kTablesAlignmentPaddingSize = 1;
   static const int kBuiltinTier0EntryTableSize = 7 * kApiSystemPointerSize;
   static const int kBuiltinTier0TableSize = 7 * kApiSystemPointerSize;
   static const int kLinearAllocationAreaSize = 3 * kApiSystemPointerSize;
-  static const int kThreadLocalTopSize = 25 * kApiSystemPointerSize;
+  static const int kThreadLocalTopSize = 30 * kApiSystemPointerSize;
+  static const int kHandleScopeDataSize =
+      2 * kApiSystemPointerSize + 2 * kApiInt32Size;
 
-  // ExternalPointerTable layout guarantees.
-  static const int kExternalPointerTableBufferOffset = 0;
-  static const int kExternalPointerTableSize = 4 * kApiSystemPointerSize;
+  // ExternalPointerTable and TrustedPointerTable layout guarantees.
+  static const int kExternalPointerTableBasePointerOffset = 0;
+  static const int kExternalPointerTableSize = 2 * kApiSystemPointerSize;
+  static const int kTrustedPointerTableSize = 2 * kApiSystemPointerSize;
+  static const int kTrustedPointerTableBasePointerOffset = 0;
 
   // IsolateData layout guarantees.
   static const int kIsolateCageBaseOffset = 0;
@@ -533,16 +685,23 @@ class Internals {
       kIsolateCageBaseOffset + kApiSystemPointerSize;
   static const int kVariousBooleanFlagsOffset =
       kIsolateStackGuardOffset + kStackGuardSize;
-  static const int kBuiltinTier0EntryTableOffset =
-      kVariousBooleanFlagsOffset + 8;
+  static const int kErrorMessageParamOffset =
+      kVariousBooleanFlagsOffset + kNumberOfBooleanFlags;
+  static const int kBuiltinTier0EntryTableOffset = kErrorMessageParamOffset +
+                                                   kErrorMessageParamSize +
+                                                   kTablesAlignmentPaddingSize;
   static const int kBuiltinTier0TableOffset =
       kBuiltinTier0EntryTableOffset + kBuiltinTier0EntryTableSize;
   static const int kNewAllocationInfoOffset =
       kBuiltinTier0TableOffset + kBuiltinTier0TableSize;
   static const int kOldAllocationInfoOffset =
       kNewAllocationInfoOffset + kLinearAllocationAreaSize;
+
+  static const int kFastCCallAlignmentPaddingSize =
+      kApiSystemPointerSize == 8 ? 0 : kApiSystemPointerSize;
   static const int kIsolateFastCCallCallerFpOffset =
-      kOldAllocationInfoOffset + kLinearAllocationAreaSize;
+      kOldAllocationInfoOffset + kLinearAllocationAreaSize +
+      kFastCCallAlignmentPaddingSize;
   static const int kIsolateFastCCallCallerPcOffset =
       kIsolateFastCCallCallerFpOffset + kApiSystemPointerSize;
   static const int kIsolateFastApiCallTargetOffset =
@@ -551,39 +710,64 @@ class Internals {
       kIsolateFastApiCallTargetOffset + kApiSystemPointerSize;
   static const int kIsolateThreadLocalTopOffset =
       kIsolateLongTaskStatsCounterOffset + kApiSizetSize;
-  static const int kIsolateEmbedderDataOffset =
+  static const int kIsolateHandleScopeDataOffset =
       kIsolateThreadLocalTopOffset + kThreadLocalTopSize;
+  static const int kIsolateEmbedderDataOffset =
+      kIsolateHandleScopeDataOffset + kHandleScopeDataSize;
 #ifdef V8_COMPRESS_POINTERS
   static const int kIsolateExternalPointerTableOffset =
       kIsolateEmbedderDataOffset + kNumIsolateDataSlots * kApiSystemPointerSize;
   static const int kIsolateSharedExternalPointerTableAddressOffset =
       kIsolateExternalPointerTableOffset + kExternalPointerTableSize;
-  static const int kIsolateRootsOffset =
+#ifdef V8_ENABLE_SANDBOX
+  static const int kIsolateTrustedCageBaseOffset =
       kIsolateSharedExternalPointerTableAddressOffset + kApiSystemPointerSize;
+  static const int kIsolateTrustedPointerTableOffset =
+      kIsolateTrustedCageBaseOffset + kApiSystemPointerSize;
+  static const int kIsolateApiCallbackThunkArgumentOffset =
+      kIsolateTrustedPointerTableOffset + kTrustedPointerTableSize;
 #else
-  static const int kIsolateRootsOffset =
+  static const int kIsolateApiCallbackThunkArgumentOffset =
+      kIsolateSharedExternalPointerTableAddressOffset + kApiSystemPointerSize;
+#endif  // V8_ENABLE_SANDBOX
+#else
+  static const int kIsolateApiCallbackThunkArgumentOffset =
       kIsolateEmbedderDataOffset + kNumIsolateDataSlots * kApiSystemPointerSize;
-#endif
+#endif  // V8_COMPRESS_POINTERS
+  static const int kContinuationPreservedEmbedderDataOffset =
+      kIsolateApiCallbackThunkArgumentOffset + kApiSystemPointerSize;
+
+  static const int kWasm64OOBOffsetAlignmentPaddingSize = 0;
+  static const int kWasm64OOBOffsetOffset =
+      kContinuationPreservedEmbedderDataOffset + kApiSystemPointerSize +
+      kWasm64OOBOffsetAlignmentPaddingSize;
+  static const int kIsolateRootsOffset =
+      kWasm64OOBOffsetOffset + sizeof(int64_t);
 
 #if V8_STATIC_ROOTS_BOOL
 
-// These constants need to be initialized in api.cc.
+// These constants are copied from static-roots.h and guarded by static asserts.
 #define EXPORTED_STATIC_ROOTS_PTR_LIST(V) \
-  V(UndefinedValue)                       \
-  V(NullValue)                            \
-  V(TrueValue)                            \
-  V(FalseValue)                           \
-  V(EmptyString)                          \
-  V(TheHoleValue)
+  V(UndefinedValue, 0x69)                 \
+  V(NullValue, 0x85)                      \
+  V(TrueValue, 0xc9)                      \
+  V(FalseValue, 0xad)                     \
+  V(EmptyString, 0xa1)                    \
+  V(TheHoleValue, 0x719)
 
   using Tagged_t = uint32_t;
   struct StaticReadOnlyRoot {
-#define DEF_ROOT(name) V8_EXPORT static const Tagged_t k##name;
+#define DEF_ROOT(name, value) static constexpr Tagged_t k##name = value;
     EXPORTED_STATIC_ROOTS_PTR_LIST(DEF_ROOT)
 #undef DEF_ROOT
 
-    V8_EXPORT static const Tagged_t kFirstStringMap;
-    V8_EXPORT static const Tagged_t kLastStringMap;
+    static constexpr Tagged_t kFirstStringMap = 0xe5;
+    static constexpr Tagged_t kLastStringMap = 0x47d;
+
+#define PLUSONE(...) +1
+    static constexpr size_t kNumberOfExportedStaticRoots =
+        2 + EXPORTED_STATIC_ROOTS_PTR_LIST(PLUSONE);
+#undef PLUSONE
   };
 
 #endif  // V8_STATIC_ROOTS_BOOL
@@ -600,8 +784,6 @@ class Internals {
   static const int kNodeStateMask = 0x3;
   static const int kNodeStateIsWeakValue = 2;
 
-  static const int kTracedNodeClassIdOffset = kApiSystemPointerSize;
-
   static const int kFirstNonstringType = 0x80;
   static const int kOddballType = 0x83;
   static const int kForeignType = 0xcc;
@@ -609,8 +791,13 @@ class Internals {
   static const int kJSObjectType = 0x421;
   static const int kFirstJSApiObjectType = 0x422;
   static const int kLastJSApiObjectType = 0x80A;
+  // Defines a range [kFirstEmbedderJSApiObjectType, kJSApiObjectTypesCount]
+  // of JSApiObject instance type values that an embedder can use.
+  static const int kFirstEmbedderJSApiObjectType = 0;
+  static const int kLastEmbedderJSApiObjectType =
+      kLastJSApiObjectType - kFirstJSApiObjectType;
 
-  static const int kUndefinedOddballKind = 5;
+  static const int kUndefinedOddballKind = 4;
   static const int kNullOddballKind = 3;
 
   // Constants used by PropertyCallbackInfo to check if we should throw when an
@@ -641,11 +828,11 @@ class Internals {
 #endif
   }
 
-  V8_INLINE static bool HasHeapObjectTag(Address value) {
+  V8_INLINE static constexpr bool HasHeapObjectTag(Address value) {
     return (value & kHeapObjectTagMask) == static_cast<Address>(kHeapObjectTag);
   }
 
-  V8_INLINE static int SmiValue(Address value) {
+  V8_INLINE static constexpr int SmiValue(Address value) {
     return PlatformSmiTagging::SmiToInt(value);
   }
 
@@ -680,6 +867,15 @@ class Internals {
     return ReadRawField<uint16_t>(map, kMapInstanceTypeOffset);
   }
 
+  V8_INLINE static Address LoadMap(Address obj) {
+    if (!HasHeapObjectTag(obj)) return kNullAddress;
+    Address map = ReadTaggedPointerField(obj, kHeapObjectMapOffset);
+#ifdef V8_MAP_PACKING
+    map = UnpackMapWord(map);
+#endif
+    return map;
+  }
+
   V8_INLINE static int GetOddballKind(Address obj) {
     return SmiValue(ReadTaggedSignedField(obj, kOddballKindOffset));
   }
@@ -753,15 +949,15 @@ class Internals {
     Address base = *reinterpret_cast<Address*>(
         reinterpret_cast<uintptr_t>(isolate) + kIsolateCageBaseOffset);
     switch (index) {
-#define DECOMPRESS_ROOT(name) \
-  case k##name##RootIndex:    \
+#define DECOMPRESS_ROOT(name, ...) \
+  case k##name##RootIndex:         \
     return base + StaticReadOnlyRoot::k##name;
       EXPORTED_STATIC_ROOTS_PTR_LIST(DECOMPRESS_ROOT)
 #undef DECOMPRESS_ROOT
+#undef EXPORTED_STATIC_ROOTS_PTR_LIST
       default:
         break;
     }
-#undef EXPORTED_STATIC_ROOTS_PTR_LIST
 #endif  // V8_STATIC_ROOTS_BOOL
     return *GetRootSlot(isolate, index);
   }
@@ -770,7 +966,7 @@ class Internals {
   V8_INLINE static Address* GetExternalPointerTableBase(v8::Isolate* isolate) {
     Address addr = reinterpret_cast<Address>(isolate) +
                    kIsolateExternalPointerTableOffset +
-                   kExternalPointerTableBufferOffset;
+                   kExternalPointerTableBasePointerOffset;
     return *reinterpret_cast<Address**>(addr);
   }
 
@@ -779,7 +975,7 @@ class Internals {
     Address addr = reinterpret_cast<Address>(isolate) +
                    kIsolateSharedExternalPointerTableAddressOffset;
     addr = *reinterpret_cast<Address*>(addr);
-    addr += kExternalPointerTableBufferOffset;
+    addr += kExternalPointerTableBasePointerOffset;
     return *reinterpret_cast<Address**>(addr);
   }
 #endif
@@ -860,6 +1056,10 @@ class Internals {
     return addr & -static_cast<intptr_t>(kPtrComprCageBaseAlignment);
   }
 
+  V8_INLINE static uint32_t CompressTagged(Address value) {
+    return static_cast<uint32_t>(value);
+  }
+
   V8_INLINE static Address DecompressTaggedField(Address heap_object_ptr,
                                                  uint32_t value) {
     Address base = GetPtrComprCageBaseFromOnHeapAddress(heap_object_ptr);
@@ -901,57 +1101,296 @@ class BackingStoreBase {};
 // This is needed for histograms sampling garbage collection reasons.
 constexpr int kGarbageCollectionReasonMaxValue = 27;
 
+// Base class for the address block allocator compatible with standard
+// containers, which registers its allocated range as strong roots.
+class V8_EXPORT StrongRootAllocatorBase {
+ public:
+  Heap* heap() const { return heap_; }
+
+  bool operator==(const StrongRootAllocatorBase& other) const {
+    return heap_ == other.heap_;
+  }
+  bool operator!=(const StrongRootAllocatorBase& other) const {
+    return heap_ != other.heap_;
+  }
+
+ protected:
+  explicit StrongRootAllocatorBase(Heap* heap) : heap_(heap) {}
+  explicit StrongRootAllocatorBase(v8::Isolate* isolate);
+
+  // Allocate/deallocate a range of n elements of type internal::Address.
+  Address* allocate_impl(size_t n);
+  void deallocate_impl(Address* p, size_t n) noexcept;
+
+ private:
+  Heap* heap_;
+};
+
+// The general version of this template behaves just as std::allocator, with
+// the exception that the constructor takes the isolate as parameter. Only
+// specialized versions, e.g., internal::StrongRootAllocator<internal::Address>
+// and internal::StrongRootAllocator<v8::Local<T>> register the allocated range
+// as strong roots.
+template <typename T>
+class StrongRootAllocator : public StrongRootAllocatorBase,
+                            private std::allocator<T> {
+ public:
+  using value_type = T;
+
+  explicit StrongRootAllocator(Heap* heap) : StrongRootAllocatorBase(heap) {}
+  explicit StrongRootAllocator(v8::Isolate* isolate)
+      : StrongRootAllocatorBase(isolate) {}
+  template <typename U>
+  StrongRootAllocator(const StrongRootAllocator<U>& other) noexcept
+      : StrongRootAllocatorBase(other) {}
+
+  using std::allocator<T>::allocate;
+  using std::allocator<T>::deallocate;
+};
+
+// A class of iterators that wrap some different iterator type.
+// If specified, ElementType is the type of element accessed by the wrapper
+// iterator; in this case, the actual reference and pointer types of Iterator
+// must be convertible to ElementType& and ElementType*, respectively.
+template <typename Iterator, typename ElementType = void>
+class WrappedIterator {
+ public:
+  static_assert(
+      !std::is_void_v<ElementType> ||
+      (std::is_convertible_v<typename std::iterator_traits<Iterator>::pointer,
+                             ElementType*> &&
+       std::is_convertible_v<typename std::iterator_traits<Iterator>::reference,
+                             ElementType&>));
+
+  using iterator_category =
+      typename std::iterator_traits<Iterator>::iterator_category;
+  using difference_type =
+      typename std::iterator_traits<Iterator>::difference_type;
+  using value_type =
+      std::conditional_t<std::is_void_v<ElementType>,
+                         typename std::iterator_traits<Iterator>::value_type,
+                         ElementType>;
+  using pointer =
+      std::conditional_t<std::is_void_v<ElementType>,
+                         typename std::iterator_traits<Iterator>::pointer,
+                         ElementType*>;
+  using reference =
+      std::conditional_t<std::is_void_v<ElementType>,
+                         typename std::iterator_traits<Iterator>::reference,
+                         ElementType&>;
+
+  constexpr WrappedIterator() noexcept : it_() {}
+  constexpr explicit WrappedIterator(Iterator it) noexcept : it_(it) {}
+
+  template <typename OtherIterator, typename OtherElementType,
+            std::enable_if_t<std::is_convertible_v<OtherIterator, Iterator>,
+                             bool> = true>
+  constexpr WrappedIterator(
+      const WrappedIterator<OtherIterator, OtherElementType>& it) noexcept
+      : it_(it.base()) {}
+
+  constexpr reference operator*() const noexcept { return *it_; }
+  constexpr pointer operator->() const noexcept { return it_.operator->(); }
+
+  constexpr WrappedIterator& operator++() noexcept {
+    ++it_;
+    return *this;
+  }
+  constexpr WrappedIterator operator++(int) noexcept {
+    WrappedIterator result(*this);
+    ++(*this);
+    return result;
+  }
+
+  constexpr WrappedIterator& operator--() noexcept {
+    --it_;
+    return *this;
+  }
+  constexpr WrappedIterator operator--(int) noexcept {
+    WrappedIterator result(*this);
+    --(*this);
+    return result;
+  }
+  constexpr WrappedIterator operator+(difference_type n) const noexcept {
+    WrappedIterator result(*this);
+    result += n;
+    return result;
+  }
+  constexpr WrappedIterator& operator+=(difference_type n) noexcept {
+    it_ += n;
+    return *this;
+  }
+  constexpr WrappedIterator operator-(difference_type n) const noexcept {
+    return *this + (-n);
+  }
+  constexpr WrappedIterator& operator-=(difference_type n) noexcept {
+    *this += -n;
+    return *this;
+  }
+  constexpr reference operator[](difference_type n) const noexcept {
+    return it_[n];
+  }
+
+  constexpr Iterator base() const noexcept { return it_; }
+
+ private:
+  template <typename OtherIterator, typename OtherElementType>
+  friend class WrappedIterator;
+
+ private:
+  Iterator it_;
+};
+
+template <typename Iterator, typename ElementType, typename OtherIterator,
+          typename OtherElementType>
+constexpr bool operator==(
+    const WrappedIterator<Iterator, ElementType>& x,
+    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
+  return x.base() == y.base();
+}
+
+template <typename Iterator, typename ElementType, typename OtherIterator,
+          typename OtherElementType>
+constexpr bool operator<(
+    const WrappedIterator<Iterator, ElementType>& x,
+    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
+  return x.base() < y.base();
+}
+
+template <typename Iterator, typename ElementType, typename OtherIterator,
+          typename OtherElementType>
+constexpr bool operator!=(
+    const WrappedIterator<Iterator, ElementType>& x,
+    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
+  return !(x == y);
+}
+
+template <typename Iterator, typename ElementType, typename OtherIterator,
+          typename OtherElementType>
+constexpr bool operator>(
+    const WrappedIterator<Iterator, ElementType>& x,
+    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
+  return y < x;
+}
+
+template <typename Iterator, typename ElementType, typename OtherIterator,
+          typename OtherElementType>
+constexpr bool operator>=(
+    const WrappedIterator<Iterator, ElementType>& x,
+    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
+  return !(x < y);
+}
+
+template <typename Iterator, typename ElementType, typename OtherIterator,
+          typename OtherElementType>
+constexpr bool operator<=(
+    const WrappedIterator<Iterator, ElementType>& x,
+    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
+  return !(y < x);
+}
+
+template <typename Iterator, typename ElementType, typename OtherIterator,
+          typename OtherElementType>
+constexpr auto operator-(
+    const WrappedIterator<Iterator, ElementType>& x,
+    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept
+    -> decltype(x.base() - y.base()) {
+  return x.base() - y.base();
+}
+
+template <typename Iterator, typename ElementType>
+constexpr WrappedIterator<Iterator> operator+(
+    typename WrappedIterator<Iterator, ElementType>::difference_type n,
+    const WrappedIterator<Iterator, ElementType>& x) noexcept {
+  x += n;
+  return x;
+}
+
 // Helper functions about values contained in handles.
+// A value is either an indirect pointer or a direct pointer, depending on
+// whether direct local support is enabled.
 class ValueHelper final {
  public:
-#ifdef V8_ENABLE_CONSERVATIVE_STACK_SCANNING
-  static constexpr Address kLocalTaggedNullAddress = 1;
+#ifdef V8_ENABLE_DIRECT_LOCAL
+  static constexpr Address kTaggedNullAddress = 1;
+  static constexpr Address kEmpty = kTaggedNullAddress;
+#else
+  static constexpr Address kEmpty = kNullAddress;
+#endif  // V8_ENABLE_DIRECT_LOCAL
 
   template <typename T>
-  static constexpr T* EmptyValue() {
-    return reinterpret_cast<T*>(kLocalTaggedNullAddress);
+  V8_INLINE static bool IsEmpty(T* value) {
+    return reinterpret_cast<Address>(value) == kEmpty;
+  }
+
+  // Returns a handle's "value" for all kinds of abstract handles. For Local,
+  // it is equivalent to `*handle`. The variadic parameters support handle
+  // types with extra type parameters, like `Persistent<T, M>`.
+  template <template <typename T, typename... Ms> typename H, typename T,
+            typename... Ms>
+  V8_INLINE static T* HandleAsValue(const H<T, Ms...>& handle) {
+    return handle.template value<T>();
   }
 
+#ifdef V8_ENABLE_DIRECT_LOCAL
+
   template <typename T>
   V8_INLINE static Address ValueAsAddress(const T* value) {
     return reinterpret_cast<Address>(value);
   }
 
-  template <typename T, typename S>
+  template <typename T, bool check_null = true, typename S>
   V8_INLINE static T* SlotAsValue(S* slot) {
+    if (check_null && slot == nullptr) {
+      return reinterpret_cast<T*>(kTaggedNullAddress);
+    }
     return *reinterpret_cast<T**>(slot);
   }
 
-  template <typename T>
-  V8_INLINE static T* ValueAsSlot(T* const& value) {
-    return reinterpret_cast<T*>(const_cast<T**>(&value));
-  }
-
-#else  // !V8_ENABLE_CONSERVATIVE_STACK_SCANNING
-
-  template <typename T>
-  static constexpr T* EmptyValue() {
-    return nullptr;
-  }
+#else  // !V8_ENABLE_DIRECT_LOCAL
 
   template <typename T>
   V8_INLINE static Address ValueAsAddress(const T* value) {
     return *reinterpret_cast<const Address*>(value);
   }
 
-  template <typename T, typename S>
+  template <typename T, bool check_null = true, typename S>
   V8_INLINE static T* SlotAsValue(S* slot) {
     return reinterpret_cast<T*>(slot);
   }
 
-  template <typename T>
-  V8_INLINE static T* ValueAsSlot(T* const& value) {
-    return value;
+#endif  // V8_ENABLE_DIRECT_LOCAL
+};
+
+/**
+ * Helper functions about handles.
+ */
+class HandleHelper final {
+ public:
+  /**
+   * Checks whether two handles are equal.
+   * They are equal iff they are both empty or they are both non-empty and the
+   * objects to which they refer are physically equal.
+   *
+   * If both handles refer to JS objects, this is the same as strict equality.
+   * For primitives, such as numbers or strings, a `false` return value does not
+   * indicate that the values aren't equal in the JavaScript sense.
+   * Use `Value::StrictEquals()` to check primitives for equality.
+   */
+  template <typename T1, typename T2>
+  V8_INLINE static bool EqualHandles(const T1& lhs, const T2& rhs) {
+    if (lhs.IsEmpty()) return rhs.IsEmpty();
+    if (rhs.IsEmpty()) return false;
+    return lhs.ptr() == rhs.ptr();
   }
 
-#endif  // V8_ENABLE_CONSERVATIVE_STACK_SCANNING
+  static V8_EXPORT bool IsOnStack(const void* ptr);
+  static V8_EXPORT void VerifyOnStack(const void* ptr);
+  static V8_EXPORT void VerifyOnMainThread();
 };
 
+V8_EXPORT void VerifyHandleIsNonEmpty(bool is_empty);
+
 }  // namespace internal
 }  // namespace v8