libv8-node 22.7.0.4-arm64-darwin → 24.1.0.0-arm64-darwin

data/vendor/v8/include/v8-internal.h

@@ -11,11 +11,29 @@
 
 #include <atomic>
 #include <iterator>
+#include <limits>
 #include <memory>
+#include <optional>
 #include <type_traits>
 
 #include "v8config.h"  // NOLINT(build/include_directory)
 
+// TODO(pkasting): Use <compare>/spaceship unconditionally after dropping
+// support for old libstdc++ versions.
+#if __has_include(<version>)
+#include <version>
+#endif
+#if defined(__cpp_lib_three_way_comparison) &&   \
+    __cpp_lib_three_way_comparison >= 201711L && \
+    defined(__cpp_lib_concepts) && __cpp_lib_concepts >= 202002L
+#include <compare>
+#include <concepts>
+
+#define V8_HAVE_SPACESHIP_OPERATOR 1
+#else
+#define V8_HAVE_SPACESHIP_OPERATOR 0
+#endif
+
 namespace v8 {
 
 class Array;
@@ -26,7 +44,10 @@ class Isolate;
 namespace internal {
 
 class Heap;
+class LocalHeap;
 class Isolate;
+class IsolateGroup;
+class LocalIsolate;
 
 typedef uintptr_t Address;
 static constexpr Address kNullAddress = 0;
@@ -87,7 +108,10 @@ struct SmiTagging<4> {
     // Truncate and shift down (requires >> to be sign extending).
     return static_cast<int32_t>(static_cast<uint32_t>(value)) >> shift_bits;
   }
-  V8_INLINE static constexpr bool IsValidSmi(intptr_t value) {
+
+  template <class T, typename std::enable_if_t<std::is_integral_v<T> &&
+                                               std::is_signed_v<T>>* = nullptr>
+  V8_INLINE static constexpr bool IsValidSmi(T value) {
     // Is value in range [kSmiMinValue, kSmiMaxValue].
     // Use unsigned operations in order to avoid undefined behaviour in case of
     // signed integer overflow.
@@ -96,6 +120,28 @@ struct SmiTagging<4> {
            (static_cast<uintptr_t>(kSmiMaxValue) -
             static_cast<uintptr_t>(kSmiMinValue));
   }
+
+  template <class T,
+            typename std::enable_if_t<std::is_integral_v<T> &&
+                                      std::is_unsigned_v<T>>* = nullptr>
+  V8_INLINE static constexpr bool IsValidSmi(T value) {
+    static_assert(kSmiMaxValue <= std::numeric_limits<uintptr_t>::max());
+    return value <= static_cast<uintptr_t>(kSmiMaxValue);
+  }
+
+  // Same as the `intptr_t` version but works with int64_t on 32-bit builds
+  // without slowing down anything else.
+  V8_INLINE static constexpr bool IsValidSmi(int64_t value) {
+    return (static_cast<uint64_t>(value) -
+            static_cast<uint64_t>(kSmiMinValue)) <=
+           (static_cast<uint64_t>(kSmiMaxValue) -
+            static_cast<uint64_t>(kSmiMinValue));
+  }
+
+  V8_INLINE static constexpr bool IsValidSmi(uint64_t value) {
+    static_assert(kSmiMaxValue <= std::numeric_limits<uint64_t>::max());
+    return value <= static_cast<uint64_t>(kSmiMaxValue);
+  }
 };
 
 // Smi constants for systems where tagged pointer is a 64-bit value.
@@ -112,9 +158,20 @@ struct SmiTagging<8> {
     // Shift down and throw away top 32 bits.
     return static_cast<int>(static_cast<intptr_t>(value) >> shift_bits);
   }
-  V8_INLINE static constexpr bool IsValidSmi(intptr_t value) {
+
+  template <class T, typename std::enable_if_t<std::is_integral_v<T> &&
+                                               std::is_signed_v<T>>* = nullptr>
+  V8_INLINE static constexpr bool IsValidSmi(T value) {
     // To be representable as a long smi, the value must be a 32-bit integer.
-    return (value == static_cast<int32_t>(value));
+    return std::numeric_limits<int32_t>::min() <= value &&
+           value <= std::numeric_limits<int32_t>::max();
+  }
+
+  template <class T,
+            typename std::enable_if_t<std::is_integral_v<T> &&
+                                      std::is_unsigned_v<T>>* = nullptr>
+  V8_INLINE static constexpr bool IsValidSmi(T value) {
+    return value <= std::numeric_limits<int32_t>::max();
   }
 };
 
@@ -180,10 +237,6 @@ using SandboxedPointer_t = Address;
 // virtual address space for userspace. As such, limit the sandbox to 128GB (a
 // quarter of the total available address space).
 constexpr size_t kSandboxSizeLog2 = 37;  // 128 GB
-#elif defined(V8_TARGET_ARCH_LOONG64)
-// Some Linux distros on LoongArch64 configured with only 40 bits of virtual
-// address space for userspace. Limit the sandbox to 256GB here.
-constexpr size_t kSandboxSizeLog2 = 38;  // 256 GB
 #else
 // Everywhere else use a 1TB sandbox.
 constexpr size_t kSandboxSizeLog2 = 40;  // 1 TB
@@ -204,9 +257,12 @@ constexpr size_t kSandboxAlignment = kPtrComprCageBaseAlignment;
 constexpr uint64_t kSandboxedPointerShift = 64 - kSandboxSizeLog2;
 
 // Size of the guard regions surrounding the sandbox. This assumes a worst-case
-// scenario of a 32-bit unsigned index used to access an array of 64-bit
-// values.
-constexpr size_t kSandboxGuardRegionSize = 32ULL * GB;
+// scenario of a 32-bit unsigned index used to access an array of 64-bit values
+// with an additional 4GB (compressed pointer) offset. In particular, accesses
+// to TypedArrays are effectively computed as
+// `entry_pointer = array->base + array->offset + index * array->element_size`.
+// See also https://crbug.com/40070746 for more details.
+constexpr size_t kSandboxGuardRegionSize = 32ULL * GB + 4ULL * GB;
 
 static_assert((kSandboxGuardRegionSize % kSandboxAlignment) == 0,
               "The size of the guard regions around the sandbox must be a "
@@ -253,15 +309,16 @@ static_assert(1ULL << (64 - kBoundedSizeShift) ==
 // size allows omitting bounds checks on table accesses if the indices are
 // guaranteed (e.g. through shifting) to be below the maximum index. This
 // value must be a power of two.
-constexpr size_t kExternalPointerTableReservationSize = 512 * MB;
+constexpr size_t kExternalPointerTableReservationSize = 256 * MB;
 
 // The external pointer table indices stored in HeapObjects as external
 // pointers are shifted to the left by this amount to guarantee that they are
-// smaller than the maximum table size.
-constexpr uint32_t kExternalPointerIndexShift = 6;
+// smaller than the maximum table size even after the C++ compiler multiplies
+// them by 8 to be used as indexes into a table of 64 bit pointers.
+constexpr uint32_t kExternalPointerIndexShift = 7;
 #else
-constexpr size_t kExternalPointerTableReservationSize = 1024 * MB;
-constexpr uint32_t kExternalPointerIndexShift = 5;
+constexpr size_t kExternalPointerTableReservationSize = 512 * MB;
+constexpr uint32_t kExternalPointerIndexShift = 6;
 #endif  // V8_TARGET_OS_ANDROID
 
 // The maximum number of entries in an external pointer table.
@@ -280,6 +337,16 @@ constexpr size_t kMaxExternalPointers = 0;
 
 #endif  // V8_COMPRESS_POINTERS
 
+constexpr uint64_t kExternalPointerMarkBit = 1ULL << 48;
+constexpr uint64_t kExternalPointerTagShift = 49;
+constexpr uint64_t kExternalPointerTagMask = 0x00fe000000000000ULL;
+constexpr uint64_t kExternalPointerShiftedTagMask =
+    kExternalPointerTagMask >> kExternalPointerTagShift;
+static_assert(kExternalPointerShiftedTagMask << kExternalPointerTagShift ==
+              kExternalPointerTagMask);
+constexpr uint64_t kExternalPointerTagAndMarkbitMask = 0x00ff000000000000ULL;
+constexpr uint64_t kExternalPointerPayloadMask = 0xff00ffffffffffffULL;
+
 // A ExternalPointerHandle represents a (opaque) reference to an external
 // pointer that can be stored inside the sandbox. A ExternalPointerHandle has
 // meaning only in combination with an (active) Isolate as it references an
@@ -301,6 +368,124 @@ using ExternalPointer_t = Address;
 constexpr ExternalPointer_t kNullExternalPointer = 0;
 constexpr ExternalPointerHandle kNullExternalPointerHandle = 0;
 
+// See `ExternalPointerHandle` for the main documentation. The difference to
+// `ExternalPointerHandle` is that the handle does not represent an arbitrary
+// external pointer but always refers to an object managed by `CppHeap`. The
+// handles are using in combination with a dedicated table for `CppHeap`
+// references.
+using CppHeapPointerHandle = uint32_t;
+
+// The actual pointer to objects located on the `CppHeap`. When pointer
+// compression is enabled these pointers are stored as `CppHeapPointerHandle`.
+// In non-compressed configurations the pointers are simply stored as raw
+// pointers.
+#ifdef V8_COMPRESS_POINTERS
+using CppHeapPointer_t = CppHeapPointerHandle;
+#else
+using CppHeapPointer_t = Address;
+#endif
+
+constexpr CppHeapPointer_t kNullCppHeapPointer = 0;
+constexpr CppHeapPointerHandle kNullCppHeapPointerHandle = 0;
+
+constexpr uint64_t kCppHeapPointerMarkBit = 1ULL;
+constexpr uint64_t kCppHeapPointerTagShift = 1;
+constexpr uint64_t kCppHeapPointerPayloadShift = 16;
+
+#ifdef V8_COMPRESS_POINTERS
+// CppHeapPointers use a dedicated pointer table. These constants control the
+// size and layout of the table. See the corresponding constants for the
+// external pointer table for further details.
+constexpr size_t kCppHeapPointerTableReservationSize =
+    kExternalPointerTableReservationSize;
+constexpr uint32_t kCppHeapPointerIndexShift = kExternalPointerIndexShift;
+
+constexpr int kCppHeapPointerTableEntrySize = 8;
+constexpr int kCppHeapPointerTableEntrySizeLog2 = 3;
+constexpr size_t kMaxCppHeapPointers =
+    kCppHeapPointerTableReservationSize / kCppHeapPointerTableEntrySize;
+static_assert((1 << (32 - kCppHeapPointerIndexShift)) == kMaxCppHeapPointers,
+              "kCppHeapPointerTableReservationSize and "
+              "kCppHeapPointerIndexShift don't match");
+
+#else  // !V8_COMPRESS_POINTERS
+
+// Needed for the V8.SandboxedCppHeapPointersCount histogram.
+constexpr size_t kMaxCppHeapPointers = 0;
+
+#endif  // V8_COMPRESS_POINTERS
+
+// Generic tag range struct to represent ranges of type tags.
+//
+// When referencing external objects via pointer tables, type tags are
+// frequently necessary to guarantee type safety for the external objects. When
+// support for subtyping is necessary, range-based type checks are used in
+// which all subtypes of a given supertype use contiguous tags. This struct can
+// then be used to represent such a type range.
+//
+// In addition, there is an option for performance tweaks: if the size of the
+// type range corresponding to a supertype is a power of two and starts at a
+// power of two (e.g. [0x100, 0x13f]), then the compiler can often optimize
+// the type check to use even fewer instructions (essentially replace a AND +
+// SUB with a single AND).
+//
+template <typename Tag>
+struct TagRange {
+  static_assert(std::is_enum_v<Tag> &&
+                    std::is_same_v<std::underlying_type_t<Tag>, uint16_t>,
+                "Tag parameter must be an enum with base type uint16_t");
+
+  // Construct the inclusive tag range [first, last].
+  constexpr TagRange(Tag first, Tag last) : first(first), last(last) {}
+
+  // Construct a tag range consisting of a single tag.
+  //
+  // A single tag is always implicitly convertible to a tag range. This greatly
+  // increases readability as most of the time, the exact tag of a field is
+  // known and so no tag range needs to explicitly be created for it.
+  constexpr TagRange(Tag tag)  // NOLINT(runtime/explicit)
+      : first(tag), last(tag) {}
+
+  // Construct an empty tag range.
+  constexpr TagRange() : TagRange(static_cast<Tag>(0)) {}
+
+  // A tag range is considered empty if it only contains the null tag.
+  constexpr bool IsEmpty() const { return first == 0 && last == 0; }
+
+  constexpr size_t Size() const {
+    if (IsEmpty()) {
+      return 0;
+    } else {
+      return last - first + 1;
+    }
+  }
+
+  constexpr bool Contains(Tag tag) const {
+    // Need to perform the math with uint32_t. Otherwise, the uint16_ts would
+    // be promoted to (signed) int, allowing the compiler to (wrongly) assume
+    // that an underflow cannot happen as that would be undefined behavior.
+    return static_cast<uint32_t>(tag) - first <=
+           static_cast<uint32_t>(last) - first;
+  }
+
+  constexpr bool Contains(TagRange tag_range) const {
+    return tag_range.first >= first && tag_range.last <= last;
+  }
+
+  constexpr bool operator==(const TagRange other) const {
+    return first == other.first && last == other.last;
+  }
+
+  constexpr size_t hash_value() const {
+    static_assert(std::is_same_v<std::underlying_type_t<Tag>, uint16_t>);
+    return (static_cast<size_t>(first) << 16) | last;
+  }
+
+  // Internally we represent tag ranges as half-open ranges [first, last).
+  const Tag first;
+  const Tag last;
+};
+
 //
 // External Pointers.
 //
@@ -308,41 +493,12 @@ constexpr ExternalPointerHandle kNullExternalPointerHandle = 0;
 // pointer table and are referenced from HeapObjects through an index (a
 // "handle"). When stored in the table, the pointers are tagged with per-type
 // tags to prevent type confusion attacks between different external objects.
-// Besides type information bits, these tags also contain the GC marking bit
-// which indicates whether the pointer table entry is currently alive. When a
-// pointer is written into the table, the tag is ORed into the top bits. When
-// that pointer is later loaded from the table, it is ANDed with the inverse of
-// the expected tag. If the expected and actual type differ, this will leave
-// some of the top bits of the pointer set, rendering the pointer inaccessible.
-// The AND operation also removes the GC marking bit from the pointer.
 //
-// The tags are constructed such that UNTAG(TAG(0, T1), T2) != 0 for any two
-// (distinct) tags T1 and T2. In practice, this is achieved by generating tags
-// that all have the same number of zeroes and ones but different bit patterns.
-// With N type tag bits, this allows for (N choose N/2) possible type tags.
-// Besides the type tag bits, the tags also have the GC marking bit set so that
-// the marking bit is automatically set when a pointer is written into the
-// external pointer table (in which case it is clearly alive) and is cleared
-// when the pointer is loaded. The exception to this is the free entry tag,
-// which doesn't have the mark bit set, as the entry is not alive. This
-// construction allows performing the type check and removing GC marking bits
-// from the pointer in one efficient operation (bitwise AND). The number of
-// available bits is limited in the following way: on x64, bits [47, 64) are
-// generally available for tagging (userspace has 47 address bits available).
-// On Arm64, userspace typically has a 40 or 48 bit address space. However, due
-// to top-byte ignore (TBI) and memory tagging (MTE), the top byte is unusable
-// for type checks as type-check failures would go unnoticed or collide with
-// MTE bits. Some bits of the top byte can, however, still be used for the GC
-// marking bit. The bits available for the type tags are therefore limited to
-// [48, 56), i.e. (8 choose 4) = 70 different types.
-// The following options exist to increase the number of possible types:
-// - Using multiple ExternalPointerTables since tags can safely be reused
-//   across different tables
-// - Using "extended" type checks, where additional type information is stored
-//   either in an adjacent pointer table entry or at the pointed-to location
-// - Using a different tagging scheme, for example based on XOR which would
-//   allow for 2**8 different tags but require a separate operation to remove
-//   the marking bit
+// When loading an external pointer, a range of allowed tags can be specified.
+// This way, type hierarchies can be supported. The main requirement for that
+// is that all (transitive) child classes of a given parent class have type ids
+// in the same range, and that there are no unrelated types in that range. For
+// more details about how to assign type tags to types, see the TagRange class.
 //
 // The external pointer sandboxing mechanism ensures that every access to an
 // external pointer field will result in a valid pointer of the expected type
@@ -365,138 +521,166 @@ constexpr ExternalPointerHandle kNullExternalPointerHandle = 0;
 // extension (MTE) which would use bits [56, 60).
 //
 // External pointer tables are also available even when the sandbox is off but
-// pointer compression is on. In that case, the mechanism can be used to easy
+// pointer compression is on. In that case, the mechanism can be used to ease
 // alignment requirements as it turns unaligned 64-bit raw pointers into
 // aligned 32-bit indices. To "opt-in" to the external pointer table mechanism
 // for this purpose, instead of using the ExternalPointer accessors one needs to
 // use ExternalPointerHandles directly and use them to access the pointers in an
 // ExternalPointerTable.
-constexpr uint64_t kExternalPointerMarkBit = 1ULL << 62;
-constexpr uint64_t kExternalPointerTagMask = 0x40ff000000000000;
-constexpr uint64_t kExternalPointerTagMaskWithoutMarkBit = 0xff000000000000;
-constexpr uint64_t kExternalPointerTagShift = 48;
-
-// All possible 8-bit type tags.
-// These are sorted so that tags can be grouped together and it can efficiently
-// be checked if a tag belongs to a given group. See for example the
-// IsSharedExternalPointerType routine.
-constexpr uint64_t kAllExternalPointerTypeTags[] = {
-    0b00001111, 0b00010111, 0b00011011, 0b00011101, 0b00011110, 0b00100111,
-    0b00101011, 0b00101101, 0b00101110, 0b00110011, 0b00110101, 0b00110110,
-    0b00111001, 0b00111010, 0b00111100, 0b01000111, 0b01001011, 0b01001101,
-    0b01001110, 0b01010011, 0b01010101, 0b01010110, 0b01011001, 0b01011010,
-    0b01011100, 0b01100011, 0b01100101, 0b01100110, 0b01101001, 0b01101010,
-    0b01101100, 0b01110001, 0b01110010, 0b01110100, 0b01111000, 0b10000111,
-    0b10001011, 0b10001101, 0b10001110, 0b10010011, 0b10010101, 0b10010110,
-    0b10011001, 0b10011010, 0b10011100, 0b10100011, 0b10100101, 0b10100110,
-    0b10101001, 0b10101010, 0b10101100, 0b10110001, 0b10110010, 0b10110100,
-    0b10111000, 0b11000011, 0b11000101, 0b11000110, 0b11001001, 0b11001010,
-    0b11001100, 0b11010001, 0b11010010, 0b11010100, 0b11011000, 0b11100001,
-    0b11100010, 0b11100100, 0b11101000, 0b11110000};
-
-#define TAG(i)                                                    \
-  ((kAllExternalPointerTypeTags[i] << kExternalPointerTagShift) | \
-   kExternalPointerMarkBit)
-
-// clang-format off
-
-// When adding new tags, please ensure that the code using these tags is
-// "substitution-safe", i.e. still operate safely if external pointers of the
-// same type are swapped by an attacker. See comment above for more details.
-
-// Shared external pointers are owned by the shared Isolate and stored in the
-// shared external pointer table associated with that Isolate, where they can
-// be accessed from multiple threads at the same time. The objects referenced
-// in this way must therefore always be thread-safe.
-#define SHARED_EXTERNAL_POINTER_TAGS(V)                 \
-  V(kFirstSharedTag,                            TAG(0)) \
-  V(kWaiterQueueNodeTag,                        TAG(0)) \
-  V(kExternalStringResourceTag,                 TAG(1)) \
-  V(kExternalStringResourceDataTag,             TAG(2)) \
-  V(kLastSharedTag,                             TAG(2))
-
-// External pointers using these tags are kept in a per-Isolate external
-// pointer table and can only be accessed when this Isolate is active.
-#define PER_ISOLATE_EXTERNAL_POINTER_TAGS(V)             \
-  V(kForeignForeignAddressTag,                  TAG(10)) \
-  V(kNativeContextMicrotaskQueueTag,            TAG(11)) \
-  V(kEmbedderDataSlotPayloadTag,                TAG(12)) \
-/* This tag essentially stands for a `void*` pointer in the V8 API, and */ \
-/* it is the Embedder's responsibility to ensure type safety (against */   \
-/* substitution) and lifetime validity of these objects. */                \
-  V(kExternalObjectValueTag,                    TAG(13)) \
-  V(kFunctionTemplateInfoCallbackTag,           TAG(14)) \
-  V(kAccessorInfoGetterTag,                     TAG(15)) \
-  V(kAccessorInfoSetterTag,                     TAG(16)) \
-  V(kWasmInternalFunctionCallTargetTag,         TAG(17)) \
-  V(kWasmTypeInfoNativeTypeTag,                 TAG(18)) \
-  V(kWasmExportedFunctionDataSignatureTag,      TAG(19)) \
-  V(kWasmContinuationJmpbufTag,                 TAG(20)) \
-  V(kWasmIndirectFunctionTargetTag,             TAG(21)) \
-  V(kArrayBufferExtensionTag,                   TAG(22))
-
-// All external pointer tags.
-#define ALL_EXTERNAL_POINTER_TAGS(V) \
-  SHARED_EXTERNAL_POINTER_TAGS(V)    \
-  PER_ISOLATE_EXTERNAL_POINTER_TAGS(V)
-
-#define EXTERNAL_POINTER_TAG_ENUM(Name, Tag) Name = Tag,
-#define MAKE_TAG(HasMarkBit, TypeTag)                             \
-  ((static_cast<uint64_t>(TypeTag) << kExternalPointerTagShift) | \
-  (HasMarkBit ? kExternalPointerMarkBit : 0))
-enum ExternalPointerTag : uint64_t {
-  // Empty tag value. Mostly used as placeholder.
-  kExternalPointerNullTag =            MAKE_TAG(1, 0b00000000),
-  // External pointer tag that will match any external pointer. Use with care!
-  kAnyExternalPointerTag =             MAKE_TAG(1, 0b11111111),
-  // The free entry tag has all type bits set so every type check with a
-  // different type fails. It also doesn't have the mark bit set as free
-  // entries are (by definition) not alive.
-  kExternalPointerFreeEntryTag =       MAKE_TAG(0, 0b11111111),
-  // Evacuation entries are used during external pointer table compaction.
-  kExternalPointerEvacuationEntryTag = MAKE_TAG(1, 0b11100111),
-
-  ALL_EXTERNAL_POINTER_TAGS(EXTERNAL_POINTER_TAG_ENUM)
+//
+// The tag is currently in practice limited to 15 bits since it needs to fit
+// together with a marking bit into the unused parts of a pointer.
+enum ExternalPointerTag : uint16_t {
+  kFirstExternalPointerTag = 0,
+  kExternalPointerNullTag = 0,
+
+  // When adding new tags, please ensure that the code using these tags is
+  // "substitution-safe", i.e. still operate safely if external pointers of the
+  // same type are swapped by an attacker. See comment above for more details.
+
+  // Shared external pointers are owned by the shared Isolate and stored in the
+  // shared external pointer table associated with that Isolate, where they can
+  // be accessed from multiple threads at the same time. The objects referenced
+  // in this way must therefore always be thread-safe.
+  kFirstSharedExternalPointerTag,
+  kWaiterQueueNodeTag = kFirstSharedExternalPointerTag,
+  kExternalStringResourceTag,
+  kExternalStringResourceDataTag,
+  kLastSharedExternalPointerTag = kExternalStringResourceDataTag,
+
+  // External pointers using these tags are kept in a per-Isolate external
+  // pointer table and can only be accessed when this Isolate is active.
+  kNativeContextMicrotaskQueueTag,
+  kEmbedderDataSlotPayloadTag,
+  // This tag essentially stands for a `void*` pointer in the V8 API, and it is
+  // the Embedder's responsibility to ensure type safety (against substitution)
+  // and lifetime validity of these objects.
+  kExternalObjectValueTag,
+  kFirstMaybeReadOnlyExternalPointerTag,
+  kFunctionTemplateInfoCallbackTag = kFirstMaybeReadOnlyExternalPointerTag,
+  kAccessorInfoGetterTag,
+  kAccessorInfoSetterTag,
+  kLastMaybeReadOnlyExternalPointerTag = kAccessorInfoSetterTag,
+  kWasmInternalFunctionCallTargetTag,
+  kWasmTypeInfoNativeTypeTag,
+  kWasmExportedFunctionDataSignatureTag,
+  kWasmStackMemoryTag,
+  kWasmIndirectFunctionTargetTag,
+
+  // Foreigns
+  kFirstForeignExternalPointerTag,
+  kGenericForeignTag = kFirstForeignExternalPointerTag,
+  kApiNamedPropertyQueryCallbackTag,
+  kApiNamedPropertyGetterCallbackTag,
+  kApiNamedPropertySetterCallbackTag,
+  kApiNamedPropertyDescriptorCallbackTag,
+  kApiNamedPropertyDefinerCallbackTag,
+  kApiNamedPropertyDeleterCallbackTag,
+  kApiIndexedPropertyQueryCallbackTag,
+  kApiIndexedPropertyGetterCallbackTag,
+  kApiIndexedPropertySetterCallbackTag,
+  kApiIndexedPropertyDescriptorCallbackTag,
+  kApiIndexedPropertyDefinerCallbackTag,
+  kApiIndexedPropertyDeleterCallbackTag,
+  kApiIndexedPropertyEnumeratorCallbackTag,
+  kApiAccessCheckCallbackTag,
+  kApiAbortScriptExecutionCallbackTag,
+  kSyntheticModuleTag,
+  kMicrotaskCallbackTag,
+  kMicrotaskCallbackDataTag,
+  kCFunctionTag,
+  kCFunctionInfoTag,
+  kMessageListenerTag,
+  kWaiterQueueForeignTag,
+
+  // Managed
+  kFirstManagedResourceTag,
+  kFirstManagedExternalPointerTag = kFirstManagedResourceTag,
+  kGenericManagedTag = kFirstManagedExternalPointerTag,
+  kWasmWasmStreamingTag,
+  kWasmFuncDataTag,
+  kWasmManagedDataTag,
+  kWasmNativeModuleTag,
+  kIcuBreakIteratorTag,
+  kIcuUnicodeStringTag,
+  kIcuListFormatterTag,
+  kIcuLocaleTag,
+  kIcuSimpleDateFormatTag,
+  kIcuDateIntervalFormatTag,
+  kIcuRelativeDateTimeFormatterTag,
+  kIcuLocalizedNumberFormatterTag,
+  kIcuPluralRulesTag,
+  kIcuCollatorTag,
+  kDisplayNamesInternalTag,
+  kD8WorkerTag,
+  kD8ModuleEmbedderDataTag,
+  kLastForeignExternalPointerTag = kD8ModuleEmbedderDataTag,
+  kLastManagedExternalPointerTag = kLastForeignExternalPointerTag,
+  // External resources whose lifetime is tied to their entry in the external
+  // pointer table but which are not referenced via a Managed
+  kArrayBufferExtensionTag,
+  kLastManagedResourceTag = kArrayBufferExtensionTag,
+
+  kExternalPointerZappedEntryTag = 0x7d,
+  kExternalPointerEvacuationEntryTag = 0x7e,
+  kExternalPointerFreeEntryTag = 0x7f,
+  // The tags are limited to 7 bits, so the last tag is 0x7f.
+  kLastExternalPointerTag = 0x7f,
 };
 
-#undef MAKE_TAG
-#undef TAG
-#undef EXTERNAL_POINTER_TAG_ENUM
-
-// clang-format on
+using ExternalPointerTagRange = TagRange<ExternalPointerTag>;
+
+constexpr ExternalPointerTagRange kAnyExternalPointerTagRange(
+    kFirstExternalPointerTag, kLastExternalPointerTag);
+constexpr ExternalPointerTagRange kAnySharedExternalPointerTagRange(
+    kFirstSharedExternalPointerTag, kLastSharedExternalPointerTag);
+constexpr ExternalPointerTagRange kAnyForeignExternalPointerTagRange(
+    kFirstForeignExternalPointerTag, kLastForeignExternalPointerTag);
+constexpr ExternalPointerTagRange kAnyManagedExternalPointerTagRange(
+    kFirstManagedExternalPointerTag, kLastManagedExternalPointerTag);
+constexpr ExternalPointerTagRange kAnyMaybeReadOnlyExternalPointerTagRange(
+    kFirstMaybeReadOnlyExternalPointerTag,
+    kLastMaybeReadOnlyExternalPointerTag);
+constexpr ExternalPointerTagRange kAnyManagedResourceExternalPointerTag(
+    kFirstManagedResourceTag, kLastManagedResourceTag);
 
 // True if the external pointer must be accessed from the shared isolate's
 // external pointer table.
 V8_INLINE static constexpr bool IsSharedExternalPointerType(
-    ExternalPointerTag tag) {
-  return tag >= kFirstSharedTag && tag <= kLastSharedTag;
+    ExternalPointerTagRange tag_range) {
+  return kAnySharedExternalPointerTagRange.Contains(tag_range);
 }
 
 // True if the external pointer may live in a read-only object, in which case
 // the table entry will be in the shared read-only segment of the external
 // pointer table.
 V8_INLINE static constexpr bool IsMaybeReadOnlyExternalPointerType(
-    ExternalPointerTag tag) {
-  return tag == kAccessorInfoGetterTag || tag == kAccessorInfoSetterTag ||
-         tag == kFunctionTemplateInfoCallbackTag;
+    ExternalPointerTagRange tag_range) {
+  return kAnyMaybeReadOnlyExternalPointerTagRange.Contains(tag_range);
 }
 
-// Sanity checks.
-#define CHECK_SHARED_EXTERNAL_POINTER_TAGS(Tag, ...) \
-  static_assert(IsSharedExternalPointerType(Tag));
-#define CHECK_NON_SHARED_EXTERNAL_POINTER_TAGS(Tag, ...) \
-  static_assert(!IsSharedExternalPointerType(Tag));
-
-SHARED_EXTERNAL_POINTER_TAGS(CHECK_SHARED_EXTERNAL_POINTER_TAGS)
-PER_ISOLATE_EXTERNAL_POINTER_TAGS(CHECK_NON_SHARED_EXTERNAL_POINTER_TAGS)
-
-#undef CHECK_NON_SHARED_EXTERNAL_POINTER_TAGS
-#undef CHECK_SHARED_EXTERNAL_POINTER_TAGS
+// True if the external pointer references an external object whose lifetime is
+// tied to the entry in the external pointer table.
+// In this case, the entry in the ExternalPointerTable always points to an
+// object derived from ExternalPointerTable::ManagedResource.
+V8_INLINE static constexpr bool IsManagedExternalPointerType(
+    ExternalPointerTagRange tag_range) {
+  return kAnyManagedResourceExternalPointerTag.Contains(tag_range);
+}
 
-#undef SHARED_EXTERNAL_POINTER_TAGS
-#undef EXTERNAL_POINTER_TAGS
+// When an external poiner field can contain the null external pointer handle,
+// the type checking mechanism needs to also check for null.
+// TODO(saelo): this is mostly a temporary workaround to introduce range-based
+// type checks. In the future, we should either (a) change the type tagging
+// scheme so that null always passes or (b) (more likely) introduce dedicated
+// null entries for those tags that need them (similar to other well-known
+// empty value constants such as the empty fixed array).
+V8_INLINE static constexpr bool ExternalPointerCanBeEmpty(
+    ExternalPointerTagRange tag_range) {
+  return tag_range.Contains(kArrayBufferExtensionTag) ||
+         tag_range.Contains(kEmbedderDataSlotPayloadTag);
+}
 
-//
 // Indirect Pointers.
 //
 // When the sandbox is enabled, indirect pointers are used to reference
@@ -540,7 +724,7 @@ using TrustedPointerHandle = IndirectPointerHandle;
 // shifted indices allows omitting bounds checks.
 constexpr size_t kTrustedPointerTableReservationSize = 64 * MB;
 
-// The trusted pointer handles are stores shifted to the left by this amount
+// The trusted pointer handles are stored shifted to the left by this amount
 // to guarantee that they are smaller than the maximum table size.
 constexpr uint32_t kTrustedPointerHandleShift = 9;
 
@@ -576,11 +760,11 @@ using CodePointerHandle = IndirectPointerHandle;
 // The size of the virtual memory reservation for the code pointer table.
 // As with the other tables, a maximum table size in combination with shifted
 // indices allows omitting bounds checks.
-constexpr size_t kCodePointerTableReservationSize = 16 * MB;
+constexpr size_t kCodePointerTableReservationSize = 128 * MB;
 
 // Code pointer handles are shifted by a different amount than indirect pointer
 // handles as the tables have a different maximum size.
-constexpr uint32_t kCodePointerHandleShift = 12;
+constexpr uint32_t kCodePointerHandleShift = 9;
 
 // A null handle always references an entry that contains nullptr.
 constexpr CodePointerHandle kNullCodePointerHandle = kNullIndirectPointerHandle;
@@ -647,6 +831,13 @@ class Internals {
 
   static const int kOddballKindOffset = 4 * kApiTaggedSize + kApiDoubleSize;
   static const int kJSObjectHeaderSize = 3 * kApiTaggedSize;
+#ifdef V8_COMPRESS_POINTERS
+  static const int kJSAPIObjectWithEmbedderSlotsHeaderSize =
+      kJSObjectHeaderSize + kApiInt32Size;
+#else   // !V8_COMPRESS_POINTERS
+  static const int kJSAPIObjectWithEmbedderSlotsHeaderSize =
+      kJSObjectHeaderSize + kApiTaggedSize;
+#endif  // !V8_COMPRESS_POINTERS
   static const int kFixedArrayHeaderSize = 2 * kApiTaggedSize;
   static const int kEmbedderDataArrayHeaderSize = 2 * kApiTaggedSize;
   static const int kEmbedderDataSlotSize = kApiSystemPointerSize;
@@ -666,6 +857,7 @@ class Internals {
   static const int kNumberOfBooleanFlags = 6;
   static const int kErrorMessageParamSize = 1;
   static const int kTablesAlignmentPaddingSize = 1;
+  static const int kRegExpStaticResultOffsetsVectorSize = kApiSystemPointerSize;
   static const int kBuiltinTier0EntryTableSize = 7 * kApiSystemPointerSize;
   static const int kBuiltinTier0TableSize = 7 * kApiSystemPointerSize;
   static const int kLinearAllocationAreaSize = 3 * kApiSystemPointerSize;
@@ -687,9 +879,9 @@ class Internals {
       kIsolateStackGuardOffset + kStackGuardSize;
   static const int kErrorMessageParamOffset =
       kVariousBooleanFlagsOffset + kNumberOfBooleanFlags;
-  static const int kBuiltinTier0EntryTableOffset = kErrorMessageParamOffset +
-                                                   kErrorMessageParamSize +
-                                                   kTablesAlignmentPaddingSize;
+  static const int kBuiltinTier0EntryTableOffset =
+      kErrorMessageParamOffset + kErrorMessageParamSize +
+      kTablesAlignmentPaddingSize + kRegExpStaticResultOffsetsVectorSize;
   static const int kBuiltinTier0TableOffset =
       kBuiltinTier0EntryTableOffset + kBuiltinTier0EntryTableSize;
   static const int kNewAllocationInfoOffset =
@@ -698,14 +890,15 @@ class Internals {
       kNewAllocationInfoOffset + kLinearAllocationAreaSize;
 
   static const int kFastCCallAlignmentPaddingSize =
-      kApiSystemPointerSize == 8 ? 0 : kApiSystemPointerSize;
-  static const int kIsolateFastCCallCallerFpOffset =
+      kApiSystemPointerSize == 8 ? 5 * kApiSystemPointerSize
+                                 : 1 * kApiSystemPointerSize;
+  static const int kIsolateFastCCallCallerPcOffset =
       kOldAllocationInfoOffset + kLinearAllocationAreaSize +
       kFastCCallAlignmentPaddingSize;
-  static const int kIsolateFastCCallCallerPcOffset =
-      kIsolateFastCCallCallerFpOffset + kApiSystemPointerSize;
-  static const int kIsolateFastApiCallTargetOffset =
+  static const int kIsolateFastCCallCallerFpOffset =
       kIsolateFastCCallCallerPcOffset + kApiSystemPointerSize;
+  static const int kIsolateFastApiCallTargetOffset =
+      kIsolateFastCCallCallerFpOffset + kApiSystemPointerSize;
   static const int kIsolateLongTaskStatsCounterOffset =
       kIsolateFastApiCallTargetOffset + kApiSystemPointerSize;
   static const int kIsolateThreadLocalTopOffset =
@@ -719,41 +912,50 @@ class Internals {
       kIsolateEmbedderDataOffset + kNumIsolateDataSlots * kApiSystemPointerSize;
   static const int kIsolateSharedExternalPointerTableAddressOffset =
       kIsolateExternalPointerTableOffset + kExternalPointerTableSize;
+  static const int kIsolateCppHeapPointerTableOffset =
+      kIsolateSharedExternalPointerTableAddressOffset + kApiSystemPointerSize;
 #ifdef V8_ENABLE_SANDBOX
   static const int kIsolateTrustedCageBaseOffset =
-      kIsolateSharedExternalPointerTableAddressOffset + kApiSystemPointerSize;
+      kIsolateCppHeapPointerTableOffset + kExternalPointerTableSize;
   static const int kIsolateTrustedPointerTableOffset =
       kIsolateTrustedCageBaseOffset + kApiSystemPointerSize;
-  static const int kIsolateApiCallbackThunkArgumentOffset =
+  static const int kIsolateSharedTrustedPointerTableAddressOffset =
       kIsolateTrustedPointerTableOffset + kTrustedPointerTableSize;
+  static const int kIsolateTrustedPointerPublishingScopeOffset =
+      kIsolateSharedTrustedPointerTableAddressOffset + kApiSystemPointerSize;
+  static const int kIsolateCodePointerTableBaseAddressOffset =
+      kIsolateTrustedPointerPublishingScopeOffset + kApiSystemPointerSize;
+  static const int kIsolateApiCallbackThunkArgumentOffset =
+      kIsolateCodePointerTableBaseAddressOffset + kApiSystemPointerSize;
 #else
   static const int kIsolateApiCallbackThunkArgumentOffset =
-      kIsolateSharedExternalPointerTableAddressOffset + kApiSystemPointerSize;
+      kIsolateCppHeapPointerTableOffset + kExternalPointerTableSize;
 #endif  // V8_ENABLE_SANDBOX
 #else
   static const int kIsolateApiCallbackThunkArgumentOffset =
       kIsolateEmbedderDataOffset + kNumIsolateDataSlots * kApiSystemPointerSize;
 #endif  // V8_COMPRESS_POINTERS
-  static const int kContinuationPreservedEmbedderDataOffset =
+  static const int kIsolateRegexpExecVectorArgumentOffset =
       kIsolateApiCallbackThunkArgumentOffset + kApiSystemPointerSize;
-
-  static const int kWasm64OOBOffsetAlignmentPaddingSize = 0;
-  static const int kWasm64OOBOffsetOffset =
-      kContinuationPreservedEmbedderDataOffset + kApiSystemPointerSize +
-      kWasm64OOBOffsetAlignmentPaddingSize;
+  static const int kContinuationPreservedEmbedderDataOffset =
+      kIsolateRegexpExecVectorArgumentOffset + kApiSystemPointerSize;
   static const int kIsolateRootsOffset =
-      kWasm64OOBOffsetOffset + sizeof(int64_t);
+      kContinuationPreservedEmbedderDataOffset + kApiSystemPointerSize;
+
+  // Assert scopes
+  static const int kDisallowGarbageCollectionAlign = alignof(uint32_t);
+  static const int kDisallowGarbageCollectionSize = sizeof(uint32_t);
 
 #if V8_STATIC_ROOTS_BOOL
 
 // These constants are copied from static-roots.h and guarded by static asserts.
 #define EXPORTED_STATIC_ROOTS_PTR_LIST(V) \
-  V(UndefinedValue, 0x69)                 \
-  V(NullValue, 0x85)                      \
-  V(TrueValue, 0xc9)                      \
-  V(FalseValue, 0xad)                     \
-  V(EmptyString, 0xa1)                    \
-  V(TheHoleValue, 0x719)
+  V(UndefinedValue, 0x11)                 \
+  V(NullValue, 0x2d)                      \
+  V(TrueValue, 0x71)                      \
+  V(FalseValue, 0x55)                     \
+  V(EmptyString, 0x49)                    \
+  V(TheHoleValue, 0x761)
 
   using Tagged_t = uint32_t;
   struct StaticReadOnlyRoot {
@@ -761,8 +963,9 @@ class Internals {
     EXPORTED_STATIC_ROOTS_PTR_LIST(DEF_ROOT)
 #undef DEF_ROOT
 
-    static constexpr Tagged_t kFirstStringMap = 0xe5;
-    static constexpr Tagged_t kLastStringMap = 0x47d;
+    // Use 0 for kStringMapLowerBound since string maps are the first maps.
+    static constexpr Tagged_t kStringMapLowerBound = 0;
+    static constexpr Tagged_t kStringMapUpperBound = 0x425;
 
 #define PLUSONE(...) +1
     static constexpr size_t kNumberOfExportedStaticRoots =
@@ -802,13 +1005,13 @@ class Internals {
 
   // Constants used by PropertyCallbackInfo to check if we should throw when an
   // error occurs.
-  static const int kThrowOnError = 0;
-  static const int kDontThrow = 1;
+  static const int kDontThrow = 0;
+  static const int kThrowOnError = 1;
   static const int kInferShouldThrowMode = 2;
 
   // Soft limit for AdjustAmountofExternalAllocatedMemory. Trigger an
   // incremental GC once the external memory reaches this limit.
-  static constexpr int kExternalAllocationSoftLimit = 64 * 1024 * 1024;
+  static constexpr size_t kExternalAllocationSoftLimit = 64 * 1024 * 1024;
 
 #ifdef V8_MAP_PACKING
   static const uintptr_t kMapWordMetadataMask = 0xffffULL << 48;
@@ -836,14 +1039,36 @@ class Internals {
     return PlatformSmiTagging::SmiToInt(value);
   }
 
+  V8_INLINE static constexpr Address AddressToSmi(Address value) {
+    return (value << (kSmiTagSize + PlatformSmiTagging::kSmiShiftSize)) |
+           kSmiTag;
+  }
+
   V8_INLINE static constexpr Address IntToSmi(int value) {
-    return internal::IntToSmi(value);
+    return AddressToSmi(static_cast<Address>(value));
+  }
+
+  template <typename T,
+            typename std::enable_if_t<std::is_integral_v<T>>* = nullptr>
+  V8_INLINE static constexpr Address IntegralToSmi(T value) {
+    return AddressToSmi(static_cast<Address>(value));
   }
 
-  V8_INLINE static constexpr bool IsValidSmi(intptr_t value) {
+  template <typename T,
+            typename std::enable_if_t<std::is_integral_v<T>>* = nullptr>
+  V8_INLINE static constexpr bool IsValidSmi(T value) {
     return PlatformSmiTagging::IsValidSmi(value);
   }
 
+  template <typename T,
+            typename std::enable_if_t<std::is_integral_v<T>>* = nullptr>
+  static constexpr std::optional<Address> TryIntegralToSmi(T value) {
+    if (V8_LIKELY(PlatformSmiTagging::IsValidSmi(value))) {
+      return {AddressToSmi(static_cast<Address>(value))};
+    }
+    return {};
+  }
+
 #if V8_STATIC_ROOTS_BOOL
   V8_INLINE static bool is_identical(Address obj, Tagged_t constant) {
     return static_cast<Tagged_t>(obj) == constant;
@@ -1028,15 +1253,15 @@ class Internals {
 #endif
   }
 
-  template <ExternalPointerTag tag>
+  template <ExternalPointerTagRange tag_range>
   V8_INLINE static Address ReadExternalPointerField(v8::Isolate* isolate,
                                                     Address heap_object_ptr,
                                                     int offset) {
 #ifdef V8_ENABLE_SANDBOX
-    static_assert(tag != kExternalPointerNullTag);
-    // See src/sandbox/external-pointer-table-inl.h. Logic duplicated here so
+    static_assert(!tag_range.IsEmpty());
+    // See src/sandbox/external-pointer-table.h. Logic duplicated here so
     // it can be inlined and doesn't require an additional call.
-    Address* table = IsSharedExternalPointerType(tag)
+    Address* table = IsSharedExternalPointerType(tag_range)
                          ? GetSharedExternalPointerTableBase(isolate)
                          : GetExternalPointerTableBase(isolate);
     internal::ExternalPointerHandle handle =
@@ -1045,7 +1270,14 @@ class Internals {
     std::atomic<Address>* ptr =
         reinterpret_cast<std::atomic<Address>*>(&table[index]);
     Address entry = std::atomic_load_explicit(ptr, std::memory_order_relaxed);
-    return entry & ~tag;
+    ExternalPointerTag actual_tag = static_cast<ExternalPointerTag>(
+        (entry & kExternalPointerTagMask) >> kExternalPointerTagShift);
+    if (V8_LIKELY(tag_range.Contains(actual_tag))) {
+      return entry & kExternalPointerPayloadMask;
+    } else {
+      return 0;
+    }
+    return entry;
 #else
     return ReadRawField<Address>(heap_object_ptr, offset);
 #endif  // V8_ENABLE_SANDBOX
@@ -1099,7 +1331,7 @@ class BackingStoreBase {};
 
 // The maximum value in enum GarbageCollectionReason, defined in heap.h.
 // This is needed for histograms sampling garbage collection reasons.
-constexpr int kGarbageCollectionReasonMaxValue = 27;
+constexpr int kGarbageCollectionReasonMaxValue = 29;
 
 // Base class for the address block allocator compatible with standard
 // containers, which registers its allocated range as strong roots.
@@ -1107,16 +1339,19 @@ class V8_EXPORT StrongRootAllocatorBase {
  public:
   Heap* heap() const { return heap_; }
 
-  bool operator==(const StrongRootAllocatorBase& other) const {
-    return heap_ == other.heap_;
-  }
-  bool operator!=(const StrongRootAllocatorBase& other) const {
-    return heap_ != other.heap_;
+  friend bool operator==(const StrongRootAllocatorBase& a,
+                         const StrongRootAllocatorBase& b) {
+    // TODO(pkasting): Replace this body with `= default` after dropping support
+    // for old gcc versions.
+    return a.heap_ == b.heap_;
   }
 
  protected:
   explicit StrongRootAllocatorBase(Heap* heap) : heap_(heap) {}
+  explicit StrongRootAllocatorBase(LocalHeap* heap);
+  explicit StrongRootAllocatorBase(Isolate* isolate);
   explicit StrongRootAllocatorBase(v8::Isolate* isolate);
+  explicit StrongRootAllocatorBase(LocalIsolate* isolate);
 
   // Allocate/deallocate a range of n elements of type internal::Address.
   Address* allocate_impl(size_t n);
@@ -1132,38 +1367,74 @@ class V8_EXPORT StrongRootAllocatorBase {
 // and internal::StrongRootAllocator<v8::Local<T>> register the allocated range
 // as strong roots.
 template <typename T>
-class StrongRootAllocator : public StrongRootAllocatorBase,
-                            private std::allocator<T> {
+class StrongRootAllocator : private std::allocator<T> {
  public:
   using value_type = T;
 
-  explicit StrongRootAllocator(Heap* heap) : StrongRootAllocatorBase(heap) {}
-  explicit StrongRootAllocator(v8::Isolate* isolate)
-      : StrongRootAllocatorBase(isolate) {}
+  template <typename HeapOrIsolateT>
+  explicit StrongRootAllocator(HeapOrIsolateT*) {}
   template <typename U>
-  StrongRootAllocator(const StrongRootAllocator<U>& other) noexcept
-      : StrongRootAllocatorBase(other) {}
+  StrongRootAllocator(const StrongRootAllocator<U>& other) noexcept {}
 
   using std::allocator<T>::allocate;
   using std::allocator<T>::deallocate;
 };
 
+// TODO(pkasting): Replace with `requires` clauses after dropping support for
+// old gcc versions.
+template <typename Iterator, typename = void>
+inline constexpr bool kHaveIteratorConcept = false;
+template <typename Iterator>
+inline constexpr bool kHaveIteratorConcept<
+    Iterator, std::void_t<typename Iterator::iterator_concept>> = true;
+
+template <typename Iterator, typename = void>
+inline constexpr bool kHaveIteratorCategory = false;
+template <typename Iterator>
+inline constexpr bool kHaveIteratorCategory<
+    Iterator, std::void_t<typename Iterator::iterator_category>> = true;
+
+// Helper struct that contains an `iterator_concept` type alias only when either
+// `Iterator` or `std::iterator_traits<Iterator>` do.
+// Default: no alias.
+template <typename Iterator, typename = void>
+struct MaybeDefineIteratorConcept {};
+// Use `Iterator::iterator_concept` if available.
+template <typename Iterator>
+struct MaybeDefineIteratorConcept<
+    Iterator, std::enable_if_t<kHaveIteratorConcept<Iterator>>> {
+  using iterator_concept = typename Iterator::iterator_concept;
+};
+// Otherwise fall back to `std::iterator_traits<Iterator>` if possible.
+template <typename Iterator>
+struct MaybeDefineIteratorConcept<
+    Iterator, std::enable_if_t<kHaveIteratorCategory<Iterator> &&
+                               !kHaveIteratorConcept<Iterator>>> {
+  // There seems to be no feature-test macro covering this, so use the
+  // presence of `<ranges>` as a crude proxy, since it was added to the
+  // standard as part of the Ranges papers.
+  // TODO(pkasting): Add this unconditionally after dropping support for old
+  // libstdc++ versions.
+#if __has_include(<ranges>)
+  using iterator_concept =
+      typename std::iterator_traits<Iterator>::iterator_concept;
+#endif
+};
+
 // A class of iterators that wrap some different iterator type.
 // If specified, ElementType is the type of element accessed by the wrapper
 // iterator; in this case, the actual reference and pointer types of Iterator
 // must be convertible to ElementType& and ElementType*, respectively.
 template <typename Iterator, typename ElementType = void>
-class WrappedIterator {
+class WrappedIterator : public MaybeDefineIteratorConcept<Iterator> {
  public:
   static_assert(
-      !std::is_void_v<ElementType> ||
+      std::is_void_v<ElementType> ||
       (std::is_convertible_v<typename std::iterator_traits<Iterator>::pointer,
-                             ElementType*> &&
+                             std::add_pointer_t<ElementType>> &&
        std::is_convertible_v<typename std::iterator_traits<Iterator>::reference,
-                             ElementType&>));
+                             std::add_lvalue_reference_t<ElementType>>));
 
-  using iterator_category =
-      typename std::iterator_traits<Iterator>::iterator_category;
   using difference_type =
       typename std::iterator_traits<Iterator>::difference_type;
   using value_type =
@@ -1173,24 +1444,100 @@ class WrappedIterator {
   using pointer =
       std::conditional_t<std::is_void_v<ElementType>,
                          typename std::iterator_traits<Iterator>::pointer,
-                         ElementType*>;
+                         std::add_pointer_t<ElementType>>;
   using reference =
       std::conditional_t<std::is_void_v<ElementType>,
                          typename std::iterator_traits<Iterator>::reference,
-                         ElementType&>;
+                         std::add_lvalue_reference_t<ElementType>>;
+  using iterator_category =
+      typename std::iterator_traits<Iterator>::iterator_category;
 
-  constexpr WrappedIterator() noexcept : it_() {}
+  constexpr WrappedIterator() noexcept = default;
   constexpr explicit WrappedIterator(Iterator it) noexcept : it_(it) {}
 
+  // TODO(pkasting): Switch to `requires` and concepts after dropping support
+  // for old gcc and libstdc++ versions.
   template <typename OtherIterator, typename OtherElementType,
-            std::enable_if_t<std::is_convertible_v<OtherIterator, Iterator>,
-                             bool> = true>
+            typename = std::enable_if_t<
+                std::is_convertible_v<OtherIterator, Iterator>>>
   constexpr WrappedIterator(
-      const WrappedIterator<OtherIterator, OtherElementType>& it) noexcept
-      : it_(it.base()) {}
+      const WrappedIterator<OtherIterator, OtherElementType>& other) noexcept
+      : it_(other.base()) {}
+
+  [[nodiscard]] constexpr reference operator*() const noexcept { return *it_; }
+  [[nodiscard]] constexpr pointer operator->() const noexcept {
+    if constexpr (std::is_pointer_v<Iterator>) {
+      return it_;
+    } else {
+      return it_.operator->();
+    }
+  }
 
-  constexpr reference operator*() const noexcept { return *it_; }
-  constexpr pointer operator->() const noexcept { return it_.operator->(); }
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr bool operator==(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    return it_ == other.base();
+  }
+#if V8_HAVE_SPACESHIP_OPERATOR
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr auto operator<=>(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    if constexpr (std::three_way_comparable_with<Iterator, OtherIterator>) {
+      return it_ <=> other.base();
+    } else if constexpr (std::totally_ordered_with<Iterator, OtherIterator>) {
+      if (it_ < other.base()) {
+        return std::strong_ordering::less;
+      }
+      return (it_ > other.base()) ? std::strong_ordering::greater
+                                  : std::strong_ordering::equal;
+    } else {
+      if (it_ < other.base()) {
+        return std::partial_ordering::less;
+      }
+      if (other.base() < it_) {
+        return std::partial_ordering::greater;
+      }
+      return (it_ == other.base()) ? std::partial_ordering::equivalent
+                                   : std::partial_ordering::unordered;
+    }
+  }
+#else
+  // Assume that if spaceship isn't present, operator rewriting might not be
+  // either.
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr bool operator!=(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    return it_ != other.base();
+  }
+
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr bool operator<(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    return it_ < other.base();
+  }
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr bool operator<=(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    return it_ <= other.base();
+  }
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr bool operator>(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    return it_ > other.base();
+  }
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr bool operator>=(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    return it_ >= other.base();
+  }
+#endif
 
   constexpr WrappedIterator& operator++() noexcept {
     ++it_;
@@ -1211,116 +1558,68 @@ class WrappedIterator {
     --(*this);
     return result;
   }
-  constexpr WrappedIterator operator+(difference_type n) const noexcept {
+  [[nodiscard]] constexpr WrappedIterator operator+(
+      difference_type n) const noexcept {
     WrappedIterator result(*this);
     result += n;
     return result;
   }
+  [[nodiscard]] friend constexpr WrappedIterator operator+(
+      difference_type n, const WrappedIterator& x) noexcept {
+    return x + n;
+  }
   constexpr WrappedIterator& operator+=(difference_type n) noexcept {
     it_ += n;
     return *this;
   }
-  constexpr WrappedIterator operator-(difference_type n) const noexcept {
-    return *this + (-n);
+  [[nodiscard]] constexpr WrappedIterator operator-(
+      difference_type n) const noexcept {
+    return *this + -n;
   }
   constexpr WrappedIterator& operator-=(difference_type n) noexcept {
-    *this += -n;
-    return *this;
+    return *this += -n;
+  }
+  template <typename OtherIterator, typename OtherElementType>
+  [[nodiscard]] constexpr auto operator-(
+      const WrappedIterator<OtherIterator, OtherElementType>& other)
+      const noexcept {
+    return it_ - other.base();
   }
-  constexpr reference operator[](difference_type n) const noexcept {
+  [[nodiscard]] constexpr reference operator[](
+      difference_type n) const noexcept {
     return it_[n];
   }
 
-  constexpr Iterator base() const noexcept { return it_; }
-
- private:
-  template <typename OtherIterator, typename OtherElementType>
-  friend class WrappedIterator;
+  [[nodiscard]] constexpr const Iterator& base() const noexcept { return it_; }
 
  private:
   Iterator it_;
 };
 
-template <typename Iterator, typename ElementType, typename OtherIterator,
-          typename OtherElementType>
-constexpr bool operator==(
-    const WrappedIterator<Iterator, ElementType>& x,
-    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
-  return x.base() == y.base();
-}
-
-template <typename Iterator, typename ElementType, typename OtherIterator,
-          typename OtherElementType>
-constexpr bool operator<(
-    const WrappedIterator<Iterator, ElementType>& x,
-    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
-  return x.base() < y.base();
-}
-
-template <typename Iterator, typename ElementType, typename OtherIterator,
-          typename OtherElementType>
-constexpr bool operator!=(
-    const WrappedIterator<Iterator, ElementType>& x,
-    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
-  return !(x == y);
-}
-
-template <typename Iterator, typename ElementType, typename OtherIterator,
-          typename OtherElementType>
-constexpr bool operator>(
-    const WrappedIterator<Iterator, ElementType>& x,
-    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
-  return y < x;
-}
-
-template <typename Iterator, typename ElementType, typename OtherIterator,
-          typename OtherElementType>
-constexpr bool operator>=(
-    const WrappedIterator<Iterator, ElementType>& x,
-    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
-  return !(x < y);
-}
-
-template <typename Iterator, typename ElementType, typename OtherIterator,
-          typename OtherElementType>
-constexpr bool operator<=(
-    const WrappedIterator<Iterator, ElementType>& x,
-    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept {
-  return !(y < x);
-}
-
-template <typename Iterator, typename ElementType, typename OtherIterator,
-          typename OtherElementType>
-constexpr auto operator-(
-    const WrappedIterator<Iterator, ElementType>& x,
-    const WrappedIterator<OtherIterator, OtherElementType>& y) noexcept
-    -> decltype(x.base() - y.base()) {
-  return x.base() - y.base();
-}
-
-template <typename Iterator, typename ElementType>
-constexpr WrappedIterator<Iterator> operator+(
-    typename WrappedIterator<Iterator, ElementType>::difference_type n,
-    const WrappedIterator<Iterator, ElementType>& x) noexcept {
-  x += n;
-  return x;
-}
-
 // Helper functions about values contained in handles.
 // A value is either an indirect pointer or a direct pointer, depending on
 // whether direct local support is enabled.
 class ValueHelper final {
  public:
-#ifdef V8_ENABLE_DIRECT_LOCAL
+  // ValueHelper::InternalRepresentationType is an abstract type that
+  // corresponds to the internal representation of v8::Local and essentially
+  // to what T* really is (these two are always in sync). This type is used in
+  // methods like GetDataFromSnapshotOnce that need access to a handle's
+  // internal representation. In particular, if `x` is a `v8::Local<T>`, then
+  // `v8::Local<T>::FromRepr(x.repr())` gives exactly the same handle as `x`.
+#ifdef V8_ENABLE_DIRECT_HANDLE
   static constexpr Address kTaggedNullAddress = 1;
-  static constexpr Address kEmpty = kTaggedNullAddress;
+
+  using InternalRepresentationType = internal::Address;
+  static constexpr InternalRepresentationType kEmpty = kTaggedNullAddress;
 #else
-  static constexpr Address kEmpty = kNullAddress;
-#endif  // V8_ENABLE_DIRECT_LOCAL
+  using InternalRepresentationType = internal::Address*;
+  static constexpr InternalRepresentationType kEmpty = nullptr;
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
   template <typename T>
   V8_INLINE static bool IsEmpty(T* value) {
-    return reinterpret_cast<Address>(value) == kEmpty;
+    return ValueAsRepr(value) == kEmpty;
   }
 
   // Returns a handle's "value" for all kinds of abstract handles. For Local,
@@ -1332,7 +1631,7 @@ class ValueHelper final {
     return handle.template value<T>();
   }
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 
   template <typename T>
   V8_INLINE static Address ValueAsAddress(const T* value) {
@@ -1347,7 +1646,17 @@ class ValueHelper final {
     return *reinterpret_cast<T**>(slot);
   }
 
-#else  // !V8_ENABLE_DIRECT_LOCAL
+  template <typename T>
+  V8_INLINE static InternalRepresentationType ValueAsRepr(const T* value) {
+    return reinterpret_cast<InternalRepresentationType>(value);
+  }
+
+  template <typename T>
+  V8_INLINE static T* ReprAsValue(InternalRepresentationType repr) {
+    return reinterpret_cast<T*>(repr);
+  }
+
+#else  // !V8_ENABLE_DIRECT_HANDLE
 
   template <typename T>
   V8_INLINE static Address ValueAsAddress(const T* value) {
@@ -1359,7 +1668,18 @@ class ValueHelper final {
     return reinterpret_cast<T*>(slot);
   }
 
-#endif  // V8_ENABLE_DIRECT_LOCAL
+  template <typename T>
+  V8_INLINE static InternalRepresentationType ValueAsRepr(const T* value) {
+    return const_cast<InternalRepresentationType>(
+        reinterpret_cast<const Address*>(value));
+  }
+
+  template <typename T>
+  V8_INLINE static T* ReprAsValue(InternalRepresentationType repr) {
+    return reinterpret_cast<T*>(repr);
+  }
+
+#endif  // V8_ENABLE_DIRECT_HANDLE
 };
 
 /**
@@ -1383,14 +1703,17 @@ class HandleHelper final {
     if (rhs.IsEmpty()) return false;
     return lhs.ptr() == rhs.ptr();
   }
-
-  static V8_EXPORT bool IsOnStack(const void* ptr);
-  static V8_EXPORT void VerifyOnStack(const void* ptr);
-  static V8_EXPORT void VerifyOnMainThread();
 };
 
 V8_EXPORT void VerifyHandleIsNonEmpty(bool is_empty);
 
+// These functions are here just to match friend declarations in
+// XxxCallbackInfo classes allowing these functions to access the internals
+// of the info objects. These functions are supposed to be called by debugger
+// macros.
+void PrintFunctionCallbackInfo(void* function_callback_info);
+void PrintPropertyCallbackInfo(void* property_callback_info);
+
 }  // namespace internal
 }  // namespace v8