Reland "[sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX"

This is a reland of commit 49c59678

The non-deterministic snapshot issue has been fixed by using the correct
field size for CodeDataContainers in serializer.cc.

Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}

Bug: v8:10391
Change-Id: I29870404406902d99ba6016c570cc0c4d05c6c85
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887899Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83130}

BUILD.gn

@@ -307,10 +307,6 @@ declare_args() {
   # Sets -DV8_ENABLE_SANDBOX.
   v8_enable_sandbox = ""
 
-  # Enable sandboxing for all external pointers. Requires v8_enable_sandbox.
-  # Sets -DV8_SANDBOXED_EXTERNAL_POINTERS.
-  v8_enable_sandboxed_external_pointers = false
-
   # Enable all available sandbox features. Implies v8_enable_sandbox.
   v8_enable_sandbox_future = false
 
@@ -534,7 +530,6 @@ if (v8_enable_sandbox == "") {
 
 # Enable all available sandbox features if sandbox future is enabled.
 if (v8_enable_sandbox_future) {
-  v8_enable_sandboxed_external_pointers = true
   v8_enable_sandbox = true
 }
 
@@ -569,9 +564,6 @@ assert(!v8_enable_sandbox || v8_enable_pointer_compression_shared_cage,
 assert(!v8_enable_sandbox || v8_enable_external_code_space,
        "The sandbox requires the external code space")
 
-assert(!v8_enable_sandboxed_external_pointers || v8_enable_sandbox,
-       "Sandboxed external pointers require the sandbox")
-
 assert(!v8_expose_memory_corruption_api || v8_enable_sandbox,
        "The Memory Corruption API requires the sandbox")
 
@@ -749,7 +741,6 @@ external_v8_defines = [
   "V8_31BIT_SMIS_ON_64BIT_ARCH",
   "V8_COMPRESS_ZONES",
   "V8_ENABLE_SANDBOX",
-  "V8_SANDBOXED_EXTERNAL_POINTERS",
   "V8_DEPRECATION_WARNINGS",
   "V8_IMMINENT_DEPRECATION_WARNINGS",
   "V8_NO_ARGUMENTS_ADAPTOR",
@@ -780,9 +771,6 @@ if (v8_enable_zone_compression) {
 if (v8_enable_sandbox) {
   enabled_external_v8_defines += [ "V8_ENABLE_SANDBOX" ]
 }
-if (v8_enable_sandboxed_external_pointers) {
-  enabled_external_v8_defines += [ "V8_SANDBOXED_EXTERNAL_POINTERS" ]
-}
 if (v8_deprecation_warnings) {
   enabled_external_v8_defines += [ "V8_DEPRECATION_WARNINGS" ]
 }

include/v8-initialization.h

@@ -100,9 +100,6 @@ class V8_EXPORT V8 {
     const int kBuildConfiguration =
         (internal::PointerCompressionIsEnabled() ? kPointerCompression : 0) |
         (internal::SmiValuesAre31Bits() ? k31BitSmis : 0) |
-        (internal::SandboxedExternalPointersAreEnabled()
-             ? kSandboxedExternalPointers
-             : 0) |
         (internal::SandboxIsEnabled() ? kSandbox : 0);
     return Initialize(kBuildConfiguration);
   }
@@ -273,8 +270,7 @@ class V8_EXPORT V8 {
   enum BuildConfigurationFeatures {
     kPointerCompression = 1 << 0,
     k31BitSmis = 1 << 1,
-    kSandboxedExternalPointers = 1 << 2,
-    kSandbox = 1 << 3,
+    kSandbox = 1 << 2,
   };
 
   /**

include/v8-internal.h

@@ -166,14 +166,6 @@ constexpr bool SandboxIsEnabled() {
 #endif
 }
 
-constexpr bool SandboxedExternalPointersAreEnabled() {
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
-  return true;
-#else
-  return false;
-#endif
-}
-
 // SandboxedPointers are guaranteed to point into the sandbox. This is achieved
 // for example by storing them as offset rather than as raw pointers.
 using SandboxedPointer_t = Address;
@@ -272,7 +264,7 @@ using ExternalPointerHandle = uint32_t;
 // ExternalPointers point to objects located outside the sandbox. When
 // sandboxed external pointers are enabled, these are stored on heap as
 // ExternalPointerHandles, otherwise they are simply raw pointers.
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
 using ExternalPointer_t = ExternalPointerHandle;
 #else
 using ExternalPointer_t = Address;
@@ -399,9 +391,8 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
 
 // When the sandbox is enabled, external pointers marked as "sandboxed" above
 // use the external pointer table (i.e. are sandboxed). This allows a gradual
-// rollout of external pointer sandboxing. If V8_SANDBOXED_EXTERNAL_POINTERS is
-// defined, all external pointers are sandboxed. If the sandbox is off, no
-// external pointers are sandboxed.
+// rollout of external pointer sandboxing. If the sandbox is off, no external
+// pointers are sandboxed.
 //
 // Sandboxed external pointer tags are available when compressing pointers even
 // when the sandbox is off. Some tags (e.g. kWaiterQueueNodeTag) are used
@@ -409,9 +400,7 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
 // alignment requirements.
 #define sandboxed(X) (X << kExternalPointerTagShift) | kExternalPointerMarkBit
 #define unsandboxed(X) kUnsandboxedExternalPointerTag
-#if defined(V8_SANDBOXED_EXTERNAL_POINTERS)
-#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = sandboxed(Bits),
-#elif defined(V8_COMPRESS_POINTERS)
+#if defined(V8_COMPRESS_POINTERS)
 #define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = State(Bits),
 #else
 #define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = unsandboxed(Bits),

src/api/api.cc

@@ -6162,17 +6162,6 @@ bool v8::V8::Initialize(const int build_config) {
         kEmbedderSmiValueSize, internal::kSmiValueSize);
   }
 
-  const bool kEmbedderSandboxedExternalPointers =
-      (build_config & kSandboxedExternalPointers) != 0;
-  if (kEmbedderSandboxedExternalPointers !=
-      V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
-    FATAL(
-        "Embedder-vs-V8 build configuration mismatch. On embedder side "
-        "sandboxed external pointers is %s while on V8 side it's %s.",
-        kEmbedderSandboxedExternalPointers ? "ENABLED" : "DISABLED",
-        V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ? "ENABLED" : "DISABLED");
-  }
-
   const bool kEmbedderSandbox = (build_config & kSandbox) != 0;
   if (kEmbedderSandbox != V8_ENABLE_SANDBOX_BOOL) {
     FATAL(

src/codegen/tnode.h

@@ -88,7 +88,7 @@ struct ExternalPointerHandleT : Uint32T {
   static constexpr MachineType kMachineType = MachineType::Uint32();
 };
 
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
 struct ExternalPointerT : Uint32T {
   static constexpr MachineType kMachineType = MachineType::Uint32();
 };

src/common/globals.h

@@ -124,12 +124,6 @@ namespace internal {
 #define V8_CAN_CREATE_SHARED_HEAP_BOOL false
 #endif
 
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
-#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL true
-#else
-#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL false
-#endif
-
 #ifdef V8_ENABLE_SANDBOX
 #define V8_ENABLE_SANDBOX_BOOL true
 #else
@@ -511,7 +505,7 @@ static_assert(kPointerSize == (1 << kPointerSizeLog2));
 // This type defines raw storage type for external (or off-V8 heap) pointers
 // stored on V8 heap.
 constexpr int kExternalPointerSlotSize = sizeof(ExternalPointer_t);
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
 static_assert(kExternalPointerSlotSize == kTaggedSize);
 #else
 static_assert(kExternalPointerSlotSize == kSystemPointerSize);

src/objects/slots-inl.h

@@ -221,7 +221,7 @@ void ExternalPointerSlot::store(Isolate* isolate, Address value,
 ExternalPointerSlot::RawContent
 ExternalPointerSlot::GetAndClearContentForSerialization(
     const DisallowGarbageCollection& no_gc) {
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
   ExternalPointerHandle content = Relaxed_LoadHandle();
   Relaxed_StoreHandle(kNullExternalPointerHandle);
 #else
@@ -234,7 +234,7 @@ ExternalPointerSlot::GetAndClearContentForSerialization(
 void ExternalPointerSlot::RestoreContentAfterSerialization(
     ExternalPointerSlot::RawContent content,
     const DisallowGarbageCollection& no_gc) {
-#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
+#ifdef V8_ENABLE_SANDBOX
   return Relaxed_StoreHandle(content);
 #else
   return WriteMaybeUnalignedValue<Address>(address(), content);

src/snapshot/serializer.cc

@@ -1238,7 +1238,7 @@ void Serializer::ObjectSerializer::OutputRawData(Address up_to) {
       // snapshot deterministic.
       CHECK_EQ(CodeDataContainer::kCodeCageBaseUpper32BitsOffset + kTaggedSize,
                CodeDataContainer::kCodeEntryPointOffset);
-      static byte field_value[kTaggedSize + kExternalPointerSlotSize] = {0};
+      static byte field_value[kTaggedSize + kSystemPointerSize] = {0};
       OutputRawWithCustomField(
           sink_, object_start, base, bytes_to_output,
           CodeDataContainer::kCodeCageBaseUpper32BitsOffset,

src/torque/torque-parser.cc

@@ -68,8 +68,6 @@ class BuildFlags : public ContextualClass<BuildFlags> {
     build_flags_["V8_ENABLE_WEBASSEMBLY"] = false;
 #endif
     build_flags_["V8_ENABLE_SANDBOX"] = V8_ENABLE_SANDBOX_BOOL;
-    build_flags_["V8_SANDBOXED_EXTERNAL_POINTERS"] =
-        V8_SANDBOXED_EXTERNAL_POINTERS_BOOL;
     build_flags_["DEBUG"] = DEBUG_BOOL;
   }
   static bool GetFlag(const std::string& name, const char* production) {

src/wasm/wasm-objects.tq

@@ -14,9 +14,9 @@ extern class WasmInstanceObject extends JSObject;
 // Represents the context of a function that is defined through the JS or C
 // APIs. Corresponds to the WasmInstanceObject passed to a Wasm function
 // reference.
-// TODO(manoskouk): If V8_SANDBOXED_EXTERNAL_POINTERS, we cannot encode the
-// isolate_root as a sandboxed pointer, because that would require having access
-// to the isolate root in the first place.
+// TODO(manoskouk): If V8_ENABLE_SANDBOX, we cannot encode the isolate_root as
+// a sandboxed pointer, because that would require having access to the isolate
+// root in the first place.
 extern class WasmApiFunctionRef extends HeapObject {
   isolate_root: RawPtr;
   native_context: NativeContext;

test/cctest/test-api.cc

@@ -687,9 +687,8 @@ TEST(MakingExternalStringConditions) {
   CHECK(local_string->CanMakeExternal());
 
   // Tiny strings are not in-place externalizable when pointer compression is
-  // enabled, but they are if sandboxed external pointers are enabled.
-  CHECK_EQ(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ||
-               i::kTaggedSize == i::kSystemPointerSize,
+  // enabled, but they are if the sandbox is enabled.
+  CHECK_EQ(V8_ENABLE_SANDBOX_BOOL || i::kTaggedSize == i::kSystemPointerSize,
            tiny_local_string->CanMakeExternal());
 }
 

test/cctest/test-strings.cc

@@ -2066,11 +2066,11 @@ TEST(CheckCachedDataInternalExternalUncachedString) {
   // that we indeed cached it.
   Handle<ExternalOneByteString> external_string =
       Handle<ExternalOneByteString>::cast(string);
-  // If sandboxed external pointers are enabled, string objects will always be
-  // cacheable because they are smaller.
-  CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
+  // If the sandbox is enabled, string objects will always be cacheable because
+  // they are smaller.
+  CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
   CHECK(external_string->resource()->IsCacheable());
-  if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
+  if (!V8_ENABLE_SANDBOX_BOOL) {
     CHECK_NOT_NULL(external_string->resource()->cached_data());
     CHECK_EQ(external_string->resource()->cached_data(),
              external_string->resource()->data());
@@ -2109,11 +2109,11 @@ TEST(CheckCachedDataInternalExternalUncachedStringTwoByte) {
   // that we indeed cached it.
   Handle<ExternalTwoByteString> external_string =
       Handle<ExternalTwoByteString>::cast(string);
-  // If sandboxed external pointers are enabled, string objects will always be
-  // cacheable because they are smaller.
-  CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
+  // If the sandbox is enabled, string objects will always be cacheable because
+  // they are smaller.
+  CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
   CHECK(external_string->resource()->IsCacheable());
-  if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
+  if (!V8_ENABLE_SANDBOX_BOOL) {
     CHECK_NOT_NULL(external_string->resource()->cached_data());
     CHECK_EQ(external_string->resource()->cached_data(),
              external_string->resource()->data());

tools/v8heapconst.py

@@ -515,67 +515,67 @@ KNOWN_OBJECTS = {
   ("read_only_space", 0x04b49): "NativeScopeInfo",
   ("read_only_space", 0x04b61): "HashSeed",
   ("old_space", 0x04235): "ArgumentsIteratorAccessor",
-  ("old_space", 0x04255): "ArrayLengthAccessor",
-  ("old_space", 0x04275): "BoundFunctionLengthAccessor",
-  ("old_space", 0x04295): "BoundFunctionNameAccessor",
-  ("old_space", 0x042b5): "ErrorStackAccessor",
-  ("old_space", 0x042d5): "FunctionArgumentsAccessor",
-  ("old_space", 0x042f5): "FunctionCallerAccessor",
-  ("old_space", 0x04315): "FunctionNameAccessor",
-  ("old_space", 0x04335): "FunctionLengthAccessor",
-  ("old_space", 0x04355): "FunctionPrototypeAccessor",
-  ("old_space", 0x04375): "SharedArrayLengthAccessor",
-  ("old_space", 0x04395): "StringLengthAccessor",
-  ("old_space", 0x043b5): "ValueUnavailableAccessor",
-  ("old_space", 0x043d5): "WrappedFunctionLengthAccessor",
-  ("old_space", 0x043f5): "WrappedFunctionNameAccessor",
-  ("old_space", 0x04415): "InvalidPrototypeValidityCell",
-  ("old_space", 0x0441d): "EmptyScript",
-  ("old_space", 0x04461): "ManyClosuresCell",
-  ("old_space", 0x0446d): "ArrayConstructorProtector",
-  ("old_space", 0x04481): "NoElementsProtector",
-  ("old_space", 0x04495): "MegaDOMProtector",
-  ("old_space", 0x044a9): "IsConcatSpreadableProtector",
-  ("old_space", 0x044bd): "ArraySpeciesProtector",
-  ("old_space", 0x044d1): "TypedArraySpeciesProtector",
-  ("old_space", 0x044e5): "PromiseSpeciesProtector",
-  ("old_space", 0x044f9): "RegExpSpeciesProtector",
-  ("old_space", 0x0450d): "StringLengthProtector",
-  ("old_space", 0x04521): "ArrayIteratorProtector",
-  ("old_space", 0x04535): "ArrayBufferDetachingProtector",
-  ("old_space", 0x04549): "PromiseHookProtector",
-  ("old_space", 0x0455d): "PromiseResolveProtector",
-  ("old_space", 0x04571): "MapIteratorProtector",
-  ("old_space", 0x04585): "PromiseThenProtector",
-  ("old_space", 0x04599): "SetIteratorProtector",
-  ("old_space", 0x045ad): "StringIteratorProtector",
-  ("old_space", 0x045c1): "StringSplitCache",
-  ("old_space", 0x049c9): "RegExpMultipleCache",
-  ("old_space", 0x04dd1): "BuiltinsConstantsTable",
-  ("old_space", 0x05225): "AsyncFunctionAwaitRejectSharedFun",
-  ("old_space", 0x05249): "AsyncFunctionAwaitResolveSharedFun",
-  ("old_space", 0x0526d): "AsyncGeneratorAwaitRejectSharedFun",
-  ("old_space", 0x05291): "AsyncGeneratorAwaitResolveSharedFun",
-  ("old_space", 0x052b5): "AsyncGeneratorYieldResolveSharedFun",
-  ("old_space", 0x052d9): "AsyncGeneratorReturnResolveSharedFun",
-  ("old_space", 0x052fd): "AsyncGeneratorReturnClosedRejectSharedFun",
-  ("old_space", 0x05321): "AsyncGeneratorReturnClosedResolveSharedFun",
-  ("old_space", 0x05345): "AsyncIteratorValueUnwrapSharedFun",
-  ("old_space", 0x05369): "PromiseAllResolveElementSharedFun",
-  ("old_space", 0x0538d): "PromiseAllSettledResolveElementSharedFun",
-  ("old_space", 0x053b1): "PromiseAllSettledRejectElementSharedFun",
-  ("old_space", 0x053d5): "PromiseAnyRejectElementSharedFun",
-  ("old_space", 0x053f9): "PromiseCapabilityDefaultRejectSharedFun",
-  ("old_space", 0x0541d): "PromiseCapabilityDefaultResolveSharedFun",
-  ("old_space", 0x05441): "PromiseCatchFinallySharedFun",
-  ("old_space", 0x05465): "PromiseGetCapabilitiesExecutorSharedFun",
-  ("old_space", 0x05489): "PromiseThenFinallySharedFun",
-  ("old_space", 0x054ad): "PromiseThrowerFinallySharedFun",
-  ("old_space", 0x054d1): "PromiseValueThunkFinallySharedFun",
-  ("old_space", 0x054f5): "ProxyRevokeSharedFun",
-  ("old_space", 0x05519): "ShadowRealmImportValueFulfilledSFI",
-  ("old_space", 0x0553d): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
-  ("old_space", 0x05561): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
+  ("old_space", 0x0424d): "ArrayLengthAccessor",
+  ("old_space", 0x04265): "BoundFunctionLengthAccessor",
+  ("old_space", 0x0427d): "BoundFunctionNameAccessor",
+  ("old_space", 0x04295): "ErrorStackAccessor",
+  ("old_space", 0x042ad): "FunctionArgumentsAccessor",
+  ("old_space", 0x042c5): "FunctionCallerAccessor",
+  ("old_space", 0x042dd): "FunctionNameAccessor",
+  ("old_space", 0x042f5): "FunctionLengthAccessor",
+  ("old_space", 0x0430d): "FunctionPrototypeAccessor",
+  ("old_space", 0x04325): "SharedArrayLengthAccessor",
+  ("old_space", 0x0433d): "StringLengthAccessor",
+  ("old_space", 0x04355): "ValueUnavailableAccessor",
+  ("old_space", 0x0436d): "WrappedFunctionLengthAccessor",
+  ("old_space", 0x04385): "WrappedFunctionNameAccessor",
+  ("old_space", 0x0439d): "InvalidPrototypeValidityCell",
+  ("old_space", 0x043a5): "EmptyScript",
+  ("old_space", 0x043e9): "ManyClosuresCell",
+  ("old_space", 0x043f5): "ArrayConstructorProtector",
+  ("old_space", 0x04409): "NoElementsProtector",
+  ("old_space", 0x0441d): "MegaDOMProtector",
+  ("old_space", 0x04431): "IsConcatSpreadableProtector",
+  ("old_space", 0x04445): "ArraySpeciesProtector",
+  ("old_space", 0x04459): "TypedArraySpeciesProtector",
+  ("old_space", 0x0446d): "PromiseSpeciesProtector",
+  ("old_space", 0x04481): "RegExpSpeciesProtector",
+  ("old_space", 0x04495): "StringLengthProtector",
+  ("old_space", 0x044a9): "ArrayIteratorProtector",
+  ("old_space", 0x044bd): "ArrayBufferDetachingProtector",
+  ("old_space", 0x044d1): "PromiseHookProtector",
+  ("old_space", 0x044e5): "PromiseResolveProtector",
+  ("old_space", 0x044f9): "MapIteratorProtector",
+  ("old_space", 0x0450d): "PromiseThenProtector",
+  ("old_space", 0x04521): "SetIteratorProtector",
+  ("old_space", 0x04535): "StringIteratorProtector",
+  ("old_space", 0x04549): "StringSplitCache",
+  ("old_space", 0x04951): "RegExpMultipleCache",
+  ("old_space", 0x04d59): "BuiltinsConstantsTable",
+  ("old_space", 0x051ad): "AsyncFunctionAwaitRejectSharedFun",
+  ("old_space", 0x051d1): "AsyncFunctionAwaitResolveSharedFun",
+  ("old_space", 0x051f5): "AsyncGeneratorAwaitRejectSharedFun",
+  ("old_space", 0x05219): "AsyncGeneratorAwaitResolveSharedFun",
+  ("old_space", 0x0523d): "AsyncGeneratorYieldResolveSharedFun",
+  ("old_space", 0x05261): "AsyncGeneratorReturnResolveSharedFun",
+  ("old_space", 0x05285): "AsyncGeneratorReturnClosedRejectSharedFun",
+  ("old_space", 0x052a9): "AsyncGeneratorReturnClosedResolveSharedFun",
+  ("old_space", 0x052cd): "AsyncIteratorValueUnwrapSharedFun",
+  ("old_space", 0x052f1): "PromiseAllResolveElementSharedFun",
+  ("old_space", 0x05315): "PromiseAllSettledResolveElementSharedFun",
+  ("old_space", 0x05339): "PromiseAllSettledRejectElementSharedFun",
+  ("old_space", 0x0535d): "PromiseAnyRejectElementSharedFun",
+  ("old_space", 0x05381): "PromiseCapabilityDefaultRejectSharedFun",
+  ("old_space", 0x053a5): "PromiseCapabilityDefaultResolveSharedFun",
+  ("old_space", 0x053c9): "PromiseCatchFinallySharedFun",
+  ("old_space", 0x053ed): "PromiseGetCapabilitiesExecutorSharedFun",
+  ("old_space", 0x05411): "PromiseThenFinallySharedFun",
+  ("old_space", 0x05435): "PromiseThrowerFinallySharedFun",
+  ("old_space", 0x05459): "PromiseValueThunkFinallySharedFun",
+  ("old_space", 0x0547d): "ProxyRevokeSharedFun",
+  ("old_space", 0x054a1): "ShadowRealmImportValueFulfilledSFI",
+  ("old_space", 0x054c5): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
+  ("old_space", 0x054e9): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
 }
 
 # Lower 32 bits of first page addresses for various heap spaces.