Remove the stack frame cache to avoid memory leaks

The cache adds a strong pointer from a code object to closures and thus can leak arbitrary objects. Bug: chromium:1030043 Tbr: yangguo@chromium.org Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65363}

Remove the stack frame cache to avoid memory leaks
The cache adds a strong pointer from a code object to closures and thus can leak arbitrary objects. Bug: chromium:1030043 Tbr: yangguo@chromium.org Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65363}
6816bc52 · Ulan Degenbaev · Commit Bot · 3f746ecf · 6816bc52 · 6816bc52
Commit 6816bc52 authored Dec 06, 2019 by Ulan Degenbaev Committed by Commit Bot Dec 06, 2019
15 changed files
--- a/src/api/api.cc
+++ b/src/api/api.cc
@@ -8800,15 +8800,6 @@ void Isolate::LowMemoryNotification() {
    isolate->heap()->CollectAllAvailableGarbage(
        i::GarbageCollectionReason::kLowMemoryNotification);
  }
-  {
-    i::HeapObjectIterator iterator(isolate->heap());
-    for (i::HeapObject obj = iterator.Next(); !obj.is_null();
-         obj = iterator.Next()) {
-      if (obj.IsAbstractCode()) {
-        i::AbstractCode::cast(obj).DropStackFrameCache();
-      }
-    }
-  }
 }

 int Isolate::ContextDisposedNotification(bool dependant_context) {

--- a/src/compiler/types.cc
+++ b/src/compiler/types.cc
@@ -349,7 +349,6 @@ Type::bitset BitsetType::Lub(const MapRefLike& map) {
    case TUPLE2_TYPE:
    case TUPLE3_TYPE:
    case ENUM_CACHE_TYPE:
-    case SOURCE_POSITION_TABLE_WITH_FRAME_CACHE_TYPE:
    case WASM_CAPI_FUNCTION_DATA_TYPE:
    case WASM_INDIRECT_FUNCTION_TABLE_TYPE:
    case WASM_DEBUG_INFO_TYPE:

--- a/src/diagnostics/objects-debug.cc
+++ b/src/diagnostics/objects-debug.cc
@@ -295,8 +295,7 @@ void BytecodeArray::BytecodeArrayVerify(Isolate* isolate) {
  VerifyHeapPointer(isolate, constant_pool());
  CHECK(source_position_table().IsUndefined() ||
        source_position_table().IsException() ||
-        source_position_table().IsByteArray() ||
-        source_position_table().IsSourcePositionTableWithFrameCache());
+        source_position_table().IsByteArray());
  CHECK(handler_table().IsByteArray());
 }


--- a/src/execution/isolate.cc
+++ b/src/execution/isolate.cc
@@ -529,46 +529,6 @@ StackTraceFailureMessage::StackTraceFailureMessage(Isolate* isolate, void* ptr1,
  }
 }

-namespace {
-
-class StackFrameCacheHelper : public AllStatic {
- public:
-  static MaybeHandle<StackTraceFrame> LookupCachedFrame(
-      Isolate* isolate, Handle<AbstractCode> code, int code_offset) {
-    if (FLAG_optimize_for_size) return MaybeHandle<StackTraceFrame>();
-
-    const auto maybe_cache = handle(code->stack_frame_cache(), isolate);
-    if (!maybe_cache->IsSimpleNumberDictionary())
-      return MaybeHandle<StackTraceFrame>();
-
-    const auto cache = Handle<SimpleNumberDictionary>::cast(maybe_cache);
-    const InternalIndex entry = cache->FindEntry(isolate, code_offset);
-    if (entry.is_found()) {
-      return handle(StackTraceFrame::cast(cache->ValueAt(entry)), isolate);
-    }
-    return MaybeHandle<StackTraceFrame>();
-  }
-
-  static void CacheFrameAndUpdateCache(Isolate* isolate,
-                                       Handle<AbstractCode> code,
-                                       int code_offset,
-                                       Handle<StackTraceFrame> frame) {
-    if (FLAG_optimize_for_size) return;
-
-    const auto maybe_cache = handle(code->stack_frame_cache(), isolate);
-    const auto cache = maybe_cache->IsSimpleNumberDictionary()
-                           ? Handle<SimpleNumberDictionary>::cast(maybe_cache)
-                           : SimpleNumberDictionary::New(isolate, 1);
-    Handle<SimpleNumberDictionary> new_cache =
-        SimpleNumberDictionary::Set(isolate, cache, code_offset, frame);
-    if (*new_cache != *cache || !maybe_cache->IsSimpleNumberDictionary()) {
-      AbstractCode::SetStackFrameCache(code, new_cache);
-    }
-  }
-};
-
-}  // anonymous namespace
-
 class FrameArrayBuilder {
 public:
  enum FrameFilterMode { ALL, CURRENT_SECURITY_CONTEXT };
@@ -739,40 +699,16 @@ class FrameArrayBuilder {
  }

  // Creates a StackTraceFrame object for each frame in the FrameArray.
-  Handle<FixedArray> GetElementsAsStackTraceFrameArray(
-      bool enable_frame_caching) {
+  Handle<FixedArray> GetElementsAsStackTraceFrameArray() {
    elements_->ShrinkToFit(isolate_);
    const int frame_count = elements_->FrameCount();
    Handle<FixedArray> stack_trace =
        isolate_->factory()->NewFixedArray(frame_count);

    for (int i = 0; i < frame_count; ++i) {
-      // Caching stack frames only happens for user JS frames.
-      const bool cache_frame =
-          enable_frame_caching && !isolate_->serializer_enabled() &&
-          !elements_->IsAnyWasmFrame(i) &&
-          elements_->Function(i).shared().IsUserJavaScript();
-      if (cache_frame) {
-        MaybeHandle<StackTraceFrame> maybe_frame =
-            StackFrameCacheHelper::LookupCachedFrame(
-                isolate_, handle(elements_->Code(i), isolate_),
-                Smi::ToInt(elements_->Offset(i)));
-        if (!maybe_frame.is_null()) {
-          Handle<StackTraceFrame> frame = maybe_frame.ToHandleChecked();
-          stack_trace->set(i, *frame);
-          continue;
-        }
-      }
-
      Handle<StackTraceFrame> frame =
          isolate_->factory()->NewStackTraceFrame(elements_, i);
      stack_trace->set(i, *frame);
-
-      if (cache_frame) {
-        StackFrameCacheHelper::CacheFrameAndUpdateCache(
-            isolate_, handle(elements_->Code(i), isolate_),
-            Smi::ToInt(elements_->Offset(i)), frame);
-      }
    }
    return stack_trace;
  }
@@ -989,7 +925,6 @@ struct CaptureStackTraceOptions {
  bool capture_builtin_exit_frames;
  bool capture_only_frames_subject_to_debugging;
  bool async_stack_trace;
-  bool enable_frame_caching;
 };

 Handle<Object> CaptureStackTrace(Isolate* isolate, Handle<Object> caller,
@@ -1121,8 +1056,7 @@ Handle<Object> CaptureStackTrace(Isolate* isolate, Handle<Object> caller,
  }

  // TODO(yangguo): Queue this structured stack trace for preprocessing on GC.
-  return builder.GetElementsAsStackTraceFrameArray(
-      options.enable_frame_caching);
+  return builder.GetElementsAsStackTraceFrameArray();
 }

 }  // namespace
@@ -1140,7 +1074,6 @@ Handle<Object> Isolate::CaptureSimpleStackTrace(Handle<JSReceiver> error_object,
  options.async_stack_trace = FLAG_async_stack_traces;
  options.filter_mode = FrameArrayBuilder::CURRENT_SECURITY_CONTEXT;
  options.capture_only_frames_subject_to_debugging = false;
-  options.enable_frame_caching = false;

  return CaptureStackTrace(this, caller, options);
 }
@@ -1236,7 +1169,6 @@ Handle<FixedArray> Isolate::CaptureCurrentStackTrace(
          ? FrameArrayBuilder::ALL
          : FrameArrayBuilder::CURRENT_SECURITY_CONTEXT;
  options.capture_only_frames_subject_to_debugging = true;
-  options.enable_frame_caching = true;

  return Handle<FixedArray>::cast(
      CaptureStackTrace(this, factory()->undefined_value(), options));
@@ -2046,7 +1978,6 @@ void Isolate::PrintCurrentStackTrace(FILE* out) {
  options.async_stack_trace = FLAG_async_stack_traces;
  options.filter_mode = FrameArrayBuilder::CURRENT_SECURITY_CONTEXT;
  options.capture_only_frames_subject_to_debugging = false;
-  options.enable_frame_caching = false;

  Handle<FixedArray> frames = Handle<FixedArray>::cast(
      CaptureStackTrace(this, this->factory()->undefined_value(), options));

--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -3798,22 +3798,6 @@ Handle<StackFrameInfo> Factory::NewStackFrameInfo(
  return info;
 }

-Handle<SourcePositionTableWithFrameCache>
-Factory::NewSourcePositionTableWithFrameCache(
-    Handle<ByteArray> source_position_table,
-    Handle<SimpleNumberDictionary> stack_frame_cache) {
-  Handle<SourcePositionTableWithFrameCache>
-      source_position_table_with_frame_cache =
-          Handle<SourcePositionTableWithFrameCache>::cast(
-              NewStruct(SOURCE_POSITION_TABLE_WITH_FRAME_CACHE_TYPE,
-                        AllocationType::kOld));
-  source_position_table_with_frame_cache->set_source_position_table(
-      *source_position_table);
-  source_position_table_with_frame_cache->set_stack_frame_cache(
-      *stack_frame_cache);
-  return source_position_table_with_frame_cache;
-}
-
 Handle<JSObject> Factory::NewArgumentsObject(Handle<JSFunction> callee,
                                             int length) {
  bool strict_mode_callee = is_strict(callee->shared().language_mode()) ||

--- a/src/heap/factory.h
+++ b/src/heap/factory.h
@@ -444,10 +444,6 @@ class V8_EXPORT_PRIVATE Factory {
                                             int index);
  Handle<StackFrameInfo> NewStackFrameInfo(Handle<FrameArray> frame_array,
                                           int index);
-  Handle<SourcePositionTableWithFrameCache>
-  NewSourcePositionTableWithFrameCache(
-      Handle<ByteArray> source_position_table,
-      Handle<SimpleNumberDictionary> stack_frame_cache);

  // Allocate various microtasks.
  Handle<CallableTask> NewCallableTask(Handle<JSReceiver> callable,

--- a/src/heap/object-stats.cc
+++ b/src/heap/object-stats.cc
@@ -1047,13 +1047,7 @@ void ObjectStatsCollectorImpl::RecordVirtualCodeDetails(Code code) {
  RecordSimpleVirtualObjectStats(code, code.relocation_info(),
                                 ObjectStats::RELOC_INFO_TYPE);
  Object source_position_table = code.source_position_table();
-  if (source_position_table.IsSourcePositionTableWithFrameCache()) {
-    RecordSimpleVirtualObjectStats(
-        code,
-        SourcePositionTableWithFrameCache::cast(source_position_table)
-            .source_position_table(),
-        ObjectStats::SOURCE_POSITION_TABLE_TYPE);
-  } else if (source_position_table.IsHeapObject()) {
+  if (source_position_table.IsHeapObject()) {
    RecordSimpleVirtualObjectStats(code,
                                   HeapObject::cast(source_position_table),
                                   ObjectStats::SOURCE_POSITION_TABLE_TYPE);

--- a/src/objects/code-inl.h
+++ b/src/objects/code-inl.h
@@ -29,7 +29,6 @@ OBJECT_CONSTRUCTORS_IMPL(BytecodeArray, FixedArrayBase)
 OBJECT_CONSTRUCTORS_IMPL(AbstractCode, HeapObject)
 OBJECT_CONSTRUCTORS_IMPL(DependentCode, WeakFixedArray)
 OBJECT_CONSTRUCTORS_IMPL(CodeDataContainer, HeapObject)
-TQ_OBJECT_CONSTRUCTORS_IMPL(SourcePositionTableWithFrameCache)

 NEVER_READ_ONLY_SPACE_IMPL(AbstractCode)

@@ -64,20 +63,6 @@ ByteArray AbstractCode::source_position_table() {
  }
 }

-Object AbstractCode::stack_frame_cache() {
-  Object maybe_table;
-  if (IsCode()) {
-    maybe_table = GetCode().source_position_table();
-  } else {
-    maybe_table = GetBytecodeArray().source_position_table();
-  }
-  if (maybe_table.IsSourcePositionTableWithFrameCache()) {
-    return SourcePositionTableWithFrameCache::cast(maybe_table)
-        .stack_frame_cache();
-  }
-  return Smi::zero();
-}
-
 int AbstractCode::SizeIncludingMetadata() {
  if (IsCode()) {
    return GetCode().SizeIncludingMetadata();
@@ -238,10 +223,8 @@ ByteArray Code::SourcePositionTableIfCollected() const {
 ByteArray Code::SourcePositionTable() const {
  Object maybe_table = source_position_table();
  DCHECK(!maybe_table.IsUndefined() && !maybe_table.IsException());
-  if (maybe_table.IsByteArray()) return ByteArray::cast(maybe_table);
-  DCHECK(maybe_table.IsSourcePositionTableWithFrameCache());
-  return SourcePositionTableWithFrameCache::cast(maybe_table)
-      .source_position_table();
+  DCHECK(maybe_table.IsByteArray());
+  return ByteArray::cast(maybe_table);
 }

 Object Code::next_code_link() const {
@@ -720,12 +703,8 @@ ByteArray BytecodeArray::SourcePositionTable() const {
  Object maybe_table = source_position_table();
  if (maybe_table.IsByteArray()) return ByteArray::cast(maybe_table);
  ReadOnlyRoots roots = GetReadOnlyRoots();
-  if (maybe_table.IsException(roots)) return roots.empty_byte_array();
-
-  DCHECK(!maybe_table.IsUndefined(roots));
-  DCHECK(maybe_table.IsSourcePositionTableWithFrameCache());
-  return SourcePositionTableWithFrameCache::cast(maybe_table)
-      .source_position_table();
+  DCHECK(maybe_table.IsException(roots));
+  return roots.empty_byte_array();
 }

 ByteArray BytecodeArray::SourcePositionTableIfCollected() const {
@@ -734,16 +713,6 @@ ByteArray BytecodeArray::SourcePositionTableIfCollected() const {
  return SourcePositionTable();
 }

-void BytecodeArray::ClearFrameCacheFromSourcePositionTable() {
-  Object maybe_table = source_position_table();
-  if (maybe_table.IsUndefined() || maybe_table.IsByteArray() ||
-      maybe_table.IsException())
-    return;
-  DCHECK(maybe_table.IsSourcePositionTableWithFrameCache());
-  set_source_position_table(SourcePositionTableWithFrameCache::cast(maybe_table)
-                                .source_position_table());
-}
-
 int BytecodeArray::BytecodeArraySize() { return SizeFor(this->length()); }

 int BytecodeArray::SizeIncludingMetadata() {

--- a/src/objects/code.cc
+++ b/src/objects/code.cc
@@ -154,63 +154,6 @@ Address Code::OffHeapInstructionEnd() const {
         d.InstructionSizeOfBuiltin(builtin_index());
 }

-namespace {
-template <typename Code>
-void SetStackFrameCacheCommon(Isolate* isolate, Handle<Code> code,
-                              Handle<SimpleNumberDictionary> cache) {
-  Handle<Object> maybe_table(code->source_position_table(), isolate);
-  if (maybe_table->IsException(isolate) || maybe_table->IsUndefined()) return;
-  if (maybe_table->IsSourcePositionTableWithFrameCache()) {
-    Handle<SourcePositionTableWithFrameCache>::cast(maybe_table)
-        ->set_stack_frame_cache(*cache);
-    return;
-  }
-  DCHECK(maybe_table->IsByteArray());
-  Handle<ByteArray> table(Handle<ByteArray>::cast(maybe_table));
-  Handle<SourcePositionTableWithFrameCache> table_with_cache =
-      isolate->factory()->NewSourcePositionTableWithFrameCache(table, cache);
-  code->set_source_position_table(*table_with_cache);
-}
-}  // namespace
-
-// static
-void AbstractCode::SetStackFrameCache(Handle<AbstractCode> abstract_code,
-                                      Handle<SimpleNumberDictionary> cache) {
-  if (abstract_code->IsCode()) {
-    SetStackFrameCacheCommon(
-        abstract_code->GetIsolate(),
-        handle(abstract_code->GetCode(), abstract_code->GetIsolate()), cache);
-  } else {
-    SetStackFrameCacheCommon(
-        abstract_code->GetIsolate(),
-        handle(abstract_code->GetBytecodeArray(), abstract_code->GetIsolate()),
-        cache);
-  }
-}
-
-namespace {
-template <typename Code>
-void DropStackFrameCacheCommon(Code code) {
-  i::Object maybe_table = code.source_position_table();
-  if (maybe_table.IsUndefined() || maybe_table.IsByteArray() ||
-      maybe_table.IsException()) {
-    return;
-  }
-  DCHECK(maybe_table.IsSourcePositionTableWithFrameCache());
-  code.set_source_position_table(
-      i::SourcePositionTableWithFrameCache::cast(maybe_table)
-          .source_position_table());
-}
-}  // namespace
-
-void AbstractCode::DropStackFrameCache() {
-  if (IsCode()) {
-    DropStackFrameCacheCommon(GetCode());
-  } else {
-    DropStackFrameCacheCommon(GetBytecodeArray());
-  }
-}
-
 int AbstractCode::SourcePosition(int offset) {
  Object maybe_table = source_position_table();
  if (maybe_table.IsException()) return kNoSourcePosition;

--- a/src/objects/code.h
+++ b/src/objects/code.h
@@ -88,8 +88,7 @@ class Code : public HeapObject {
  // [deoptimization_data]: Array containing data for deopt.
  DECL_ACCESSORS(deoptimization_data, FixedArray)

-  // [source_position_table]: ByteArray for the source positions table or
-  // SourcePositionTableWithFrameCache.
+  // [source_position_table]: ByteArray for the source positions table.
  DECL_ACCESSORS(source_position_table, Object)
  inline ByteArray SourcePositionTable() const;
  inline ByteArray SourcePositionTableIfCollected() const;
@@ -579,9 +578,6 @@ class AbstractCode : public HeapObject {
  // Return the source position table.
  inline ByteArray source_position_table();

-  inline Object stack_frame_cache();
-  static void SetStackFrameCache(Handle<AbstractCode> abstract_code,
-                                 Handle<SimpleNumberDictionary> cache);
  void DropStackFrameCache();

  // Returns the size of instructions and the metadata.
@@ -785,7 +781,6 @@ class BytecodeArray : public FixedArrayBase {
  // * empty_byte_array (for bytecode generated for functions that will never
  // have source positions, e.g. native functions).
  // * ByteArray (when source positions have been collected for the bytecode)
-  // * SourcePositionTableWithFrameCache (as above but with a frame cache)
  // * exception (when an error occurred while explicitly collecting source
  // positions for pre-existing bytecode).
  DECL_ACCESSORS(source_position_table, Object)
@@ -799,7 +794,6 @@ class BytecodeArray : public FixedArrayBase {
  inline ByteArray SourcePositionTableIfCollected() const;
  inline bool HasSourcePositionTable() const;
  inline bool DidSourcePositionGenerationFail() const;
-  inline void ClearFrameCacheFromSourcePositionTable();

  // Indicates that an attempt was made to collect source positions, but that it
  // failed most likely due to stack exhaustion. When in this state
@@ -941,13 +935,6 @@ class DeoptimizationData : public FixedArray {
  OBJECT_CONSTRUCTORS(DeoptimizationData, FixedArray);
 };

-class SourcePositionTableWithFrameCache
-    : public TorqueGeneratedSourcePositionTableWithFrameCache<
-          SourcePositionTableWithFrameCache, Struct> {
- public:
-  TQ_OBJECT_CONSTRUCTORS(SourcePositionTableWithFrameCache)
-};
-
 }  // namespace internal
 }  // namespace v8


--- a/src/objects/code.tq
+++ b/src/objects/code.tq
@@ -2,20 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-@generatePrint
-@generateCppClass
-extern class SourcePositionTableWithFrameCache extends Struct {
-  source_position_table: ByteArray;
-  stack_frame_cache: Object;
-}
-
 type DependentCode extends WeakFixedArray;

 extern class BytecodeArray extends FixedArrayBase {
  // TODO(v8:8983): bytecode array object sizes vary based on their contents.
  constant_pool: FixedArray;
  handler_table: ByteArray;
-  source_position_table: Undefined|ByteArray|SourcePositionTableWithFrameCache;
+  source_position_table: Undefined|ByteArray;
  frame_size: int32;
  parameter_size: int32;
  incoming_new_target_or_generator_register: int32;

--- a/src/objects/objects-definitions.h
+++ b/src/objects/objects-definitions.h
@@ -136,8 +136,6 @@ namespace internal {
  V(_, PROMISE_REACTION_TYPE, PromiseReaction, promise_reaction)               \
  V(_, PROTOTYPE_INFO_TYPE, PrototypeInfo, prototype_info)                     \
  V(_, SCRIPT_TYPE, Script, script)                                            \
-  V(_, SOURCE_POSITION_TABLE_WITH_FRAME_CACHE_TYPE,                            \
-    SourcePositionTableWithFrameCache, source_position_table_with_frame_cache) \
  V(_, SOURCE_TEXT_MODULE_INFO_ENTRY_TYPE, SourceTextModuleInfoEntry,          \
    module_info_entry)                                                         \
  V(_, STACK_FRAME_INFO_TYPE, StackFrameInfo, stack_frame_info)                \

--- a/src/objects/objects.h
+++ b/src/objects/objects.h
@@ -165,7 +165,6 @@
 //       - BreakPointInfo
 //       - StackFrameInfo
 //       - StackTraceFrame
-//       - SourcePositionTableWithFrameCache
 //       - CodeCache
 //       - PrototypeInfo
 //       - Microtask

--- a/src/snapshot/code-serializer.cc
+++ b/src/snapshot/code-serializer.cc
@@ -197,11 +197,6 @@ void CodeSerializer::SerializeObject(HeapObject obj) {
  }
 #endif  // V8_TARGET_ARCH_ARM

-  if (obj.IsBytecodeArray()) {
-    // Clear the stack frame cache if present
-    BytecodeArray::cast(obj).ClearFrameCacheFromSourcePositionTable();
-  }
-
  // Past this point we should not see any (context-specific) maps anymore.
  CHECK(!obj.IsMap());
  // There should be no references to the global object embedded.

--- a/tools/v8heapconst.py
+++ b/tools/v8heapconst.py
@@ -66,75 +66,74 @@ INSTANCE_TYPES = {
  102: "SMI_BOX_TYPE",
  103: "SMI_PAIR_TYPE",
  104: "SORT_STATE_TYPE",
-  105: "SOURCE_POSITION_TABLE_WITH_FRAME_CACHE_TYPE",
-  106: "SOURCE_TEXT_MODULE_INFO_ENTRY_TYPE",
-  107: "STACK_FRAME_INFO_TYPE",
-  108: "STACK_TRACE_FRAME_TYPE",
-  109: "TEMPLATE_OBJECT_DESCRIPTION_TYPE",
-  110: "TUPLE2_TYPE",
-  111: "TUPLE3_TYPE",
-  112: "WASM_CAPI_FUNCTION_DATA_TYPE",
-  113: "WASM_DEBUG_INFO_TYPE",
-  114: "WASM_EXCEPTION_TAG_TYPE",
-  115: "WASM_EXPORTED_FUNCTION_DATA_TYPE",
-  116: "WASM_INDIRECT_FUNCTION_TABLE_TYPE",
-  117: "WASM_JS_FUNCTION_DATA_TYPE",
-  118: "FIXED_ARRAY_TYPE",
-  119: "HASH_TABLE_TYPE",
-  120: "EPHEMERON_HASH_TABLE_TYPE",
-  121: "GLOBAL_DICTIONARY_TYPE",
-  122: "NAME_DICTIONARY_TYPE",
-  123: "NUMBER_DICTIONARY_TYPE",
-  124: "ORDERED_HASH_MAP_TYPE",
-  125: "ORDERED_HASH_SET_TYPE",
-  126: "ORDERED_NAME_DICTIONARY_TYPE",
-  127: "SIMPLE_NUMBER_DICTIONARY_TYPE",
-  128: "STRING_TABLE_TYPE",
-  129: "CLOSURE_FEEDBACK_CELL_ARRAY_TYPE",
-  130: "OBJECT_BOILERPLATE_DESCRIPTION_TYPE",
-  131: "SCOPE_INFO_TYPE",
-  132: "SCRIPT_CONTEXT_TABLE_TYPE",
-  133: "BYTE_ARRAY_TYPE",
-  134: "BYTECODE_ARRAY_TYPE",
-  135: "FIXED_DOUBLE_ARRAY_TYPE",
-  136: "AWAIT_CONTEXT_TYPE",
-  137: "BLOCK_CONTEXT_TYPE",
-  138: "CATCH_CONTEXT_TYPE",
-  139: "DEBUG_EVALUATE_CONTEXT_TYPE",
-  140: "EVAL_CONTEXT_TYPE",
-  141: "FUNCTION_CONTEXT_TYPE",
-  142: "MODULE_CONTEXT_TYPE",
-  143: "NATIVE_CONTEXT_TYPE",
-  144: "SCRIPT_CONTEXT_TYPE",
-  145: "WITH_CONTEXT_TYPE",
-  146: "SMALL_ORDERED_HASH_MAP_TYPE",
-  147: "SMALL_ORDERED_HASH_SET_TYPE",
-  148: "SMALL_ORDERED_NAME_DICTIONARY_TYPE",
-  149: "UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE",
-  150: "UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE",
-  151: "WEAK_FIXED_ARRAY_TYPE",
-  152: "TRANSITION_ARRAY_TYPE",
-  153: "CELL_TYPE",
-  154: "CODE_TYPE",
-  155: "CODE_DATA_CONTAINER_TYPE",
-  156: "DESCRIPTOR_ARRAY_TYPE",
-  157: "EMBEDDER_DATA_ARRAY_TYPE",
-  158: "FEEDBACK_METADATA_TYPE",
-  159: "FEEDBACK_VECTOR_TYPE",
-  160: "FILLER_TYPE",
-  161: "FREE_SPACE_TYPE",
-  162: "MAP_TYPE",
-  163: "PREPARSE_DATA_TYPE",
-  164: "PROPERTY_ARRAY_TYPE",
-  165: "PROPERTY_CELL_TYPE",
-  166: "SHARED_FUNCTION_INFO_TYPE",
-  167: "WEAK_ARRAY_LIST_TYPE",
-  168: "WEAK_CELL_TYPE",
-  169: "JS_PROXY_TYPE",
+  105: "SOURCE_TEXT_MODULE_INFO_ENTRY_TYPE",
+  106: "STACK_FRAME_INFO_TYPE",
+  107: "STACK_TRACE_FRAME_TYPE",
+  108: "TEMPLATE_OBJECT_DESCRIPTION_TYPE",
+  109: "TUPLE2_TYPE",
+  110: "TUPLE3_TYPE",
+  111: "WASM_CAPI_FUNCTION_DATA_TYPE",
+  112: "WASM_DEBUG_INFO_TYPE",
+  113: "WASM_EXCEPTION_TAG_TYPE",
+  114: "WASM_EXPORTED_FUNCTION_DATA_TYPE",
+  115: "WASM_INDIRECT_FUNCTION_TABLE_TYPE",
+  116: "WASM_JS_FUNCTION_DATA_TYPE",
+  117: "FIXED_ARRAY_TYPE",
+  118: "HASH_TABLE_TYPE",
+  119: "EPHEMERON_HASH_TABLE_TYPE",
+  120: "GLOBAL_DICTIONARY_TYPE",
+  121: "NAME_DICTIONARY_TYPE",
+  122: "NUMBER_DICTIONARY_TYPE",
+  123: "ORDERED_HASH_MAP_TYPE",
+  124: "ORDERED_HASH_SET_TYPE",
+  125: "ORDERED_NAME_DICTIONARY_TYPE",
+  126: "SIMPLE_NUMBER_DICTIONARY_TYPE",
+  127: "STRING_TABLE_TYPE",
+  128: "CLOSURE_FEEDBACK_CELL_ARRAY_TYPE",
+  129: "OBJECT_BOILERPLATE_DESCRIPTION_TYPE",
+  130: "SCOPE_INFO_TYPE",
+  131: "SCRIPT_CONTEXT_TABLE_TYPE",
+  132: "BYTE_ARRAY_TYPE",
+  133: "BYTECODE_ARRAY_TYPE",
+  134: "FIXED_DOUBLE_ARRAY_TYPE",
+  135: "AWAIT_CONTEXT_TYPE",
+  136: "BLOCK_CONTEXT_TYPE",
+  137: "CATCH_CONTEXT_TYPE",
+  138: "DEBUG_EVALUATE_CONTEXT_TYPE",
+  139: "EVAL_CONTEXT_TYPE",
+  140: "FUNCTION_CONTEXT_TYPE",
+  141: "MODULE_CONTEXT_TYPE",
+  142: "NATIVE_CONTEXT_TYPE",
+  143: "SCRIPT_CONTEXT_TYPE",
+  144: "WITH_CONTEXT_TYPE",
+  145: "SMALL_ORDERED_HASH_MAP_TYPE",
+  146: "SMALL_ORDERED_HASH_SET_TYPE",
+  147: "SMALL_ORDERED_NAME_DICTIONARY_TYPE",
+  148: "UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE",
+  149: "UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE",
+  150: "WEAK_FIXED_ARRAY_TYPE",
+  151: "TRANSITION_ARRAY_TYPE",
+  152: "CELL_TYPE",
+  153: "CODE_TYPE",
+  154: "CODE_DATA_CONTAINER_TYPE",
+  155: "DESCRIPTOR_ARRAY_TYPE",
+  156: "EMBEDDER_DATA_ARRAY_TYPE",
+  157: "FEEDBACK_METADATA_TYPE",
+  158: "FEEDBACK_VECTOR_TYPE",
+  159: "FILLER_TYPE",
+  160: "FREE_SPACE_TYPE",
+  161: "MAP_TYPE",
+  162: "PREPARSE_DATA_TYPE",
+  163: "PROPERTY_ARRAY_TYPE",
+  164: "PROPERTY_CELL_TYPE",
+  165: "SHARED_FUNCTION_INFO_TYPE",
+  166: "WEAK_ARRAY_LIST_TYPE",
+  167: "WEAK_CELL_TYPE",
+  168: "JS_PROXY_TYPE",
  1057: "JS_OBJECT_TYPE",
-  170: "JS_GLOBAL_OBJECT_TYPE",
-  171: "JS_GLOBAL_PROXY_TYPE",
-  172: "JS_MODULE_NAMESPACE_TYPE",
+  169: "JS_GLOBAL_OBJECT_TYPE",
+  170: "JS_GLOBAL_PROXY_TYPE",
+  171: "JS_MODULE_NAMESPACE_TYPE",
  1040: "JS_SPECIAL_API_OBJECT_TYPE",
  1041: "JS_PRIMITIVE_WRAPPER_TYPE",
  1042: "JS_MAP_KEY_ITERATOR_TYPE",
@@ -191,77 +190,77 @@ INSTANCE_TYPES = {

 # List of known V8 maps.
 KNOWN_MAPS = {
-  ("read_only_space", 0x00119): (161, "FreeSpaceMap"),
-  ("read_only_space", 0x00141): (162, "MetaMap"),
+  ("read_only_space", 0x00119): (160, "FreeSpaceMap"),
+  ("read_only_space", 0x00141): (161, "MetaMap"),
  ("read_only_space", 0x00185): (67, "NullMap"),
-  ("read_only_space", 0x001bd): (156, "DescriptorArrayMap"),
-  ("read_only_space", 0x001ed): (151, "WeakFixedArrayMap"),
-  ("read_only_space", 0x00215): (160, "OnePointerFillerMap"),
-  ("read_only_space", 0x0023d): (160, "TwoPointerFillerMap"),
+  ("read_only_space", 0x001bd): (155, "DescriptorArrayMap"),
+  ("read_only_space", 0x001ed): (150, "WeakFixedArrayMap"),
+  ("read_only_space", 0x00215): (159, "OnePointerFillerMap"),
+  ("read_only_space", 0x0023d): (159, "TwoPointerFillerMap"),
  ("read_only_space", 0x00281): (67, "UninitializedMap"),
  ("read_only_space", 0x002c5): (8, "OneByteInternalizedStringMap"),
  ("read_only_space", 0x00321): (67, "UndefinedMap"),
  ("read_only_space", 0x00355): (66, "HeapNumberMap"),
  ("read_only_space", 0x00399): (67, "TheHoleMap"),
  ("read_only_space", 0x003f9): (67, "BooleanMap"),
-  ("read_only_space", 0x00481): (133, "ByteArrayMap"),
-  ("read_only_space", 0x004a9): (118, "FixedArrayMap"),
-  ("read_only_space", 0x004d1): (118, "FixedCOWArrayMap"),
-  ("read_only_space", 0x004f9): (119, "HashTableMap"),
+  ("read_only_space", 0x00481): (132, "ByteArrayMap"),
+  ("read_only_space", 0x004a9): (117, "FixedArrayMap"),
+  ("read_only_space", 0x004d1): (117, "FixedCOWArrayMap"),
+  ("read_only_space", 0x004f9): (118, "HashTableMap"),
  ("read_only_space", 0x00521): (64, "SymbolMap"),
  ("read_only_space", 0x00549): (40, "OneByteStringMap"),
-  ("read_only_space", 0x00571): (131, "ScopeInfoMap"),
-  ("read_only_space", 0x00599): (166, "SharedFunctionInfoMap"),
-  ("read_only_space", 0x005c1): (154, "CodeMap"),
-  ("read_only_space", 0x005e9): (153, "CellMap"),
-  ("read_only_space", 0x00611): (165, "GlobalPropertyCellMap"),
+  ("read_only_space", 0x00571): (130, "ScopeInfoMap"),
+  ("read_only_space", 0x00599): (165, "SharedFunctionInfoMap"),
+  ("read_only_space", 0x005c1): (153, "CodeMap"),
+  ("read_only_space", 0x005e9): (152, "CellMap"),
+  ("read_only_space", 0x00611): (164, "GlobalPropertyCellMap"),
  ("read_only_space", 0x00639): (70, "ForeignMap"),
-  ("read_only_space", 0x00661): (152, "TransitionArrayMap"),
+  ("read_only_space", 0x00661): (151, "TransitionArrayMap"),
  ("read_only_space", 0x00689): (45, "ThinOneByteStringMap"),
-  ("read_only_space", 0x006b1): (159, "FeedbackVectorMap"),
+  ("read_only_space", 0x006b1): (158, "FeedbackVectorMap"),
  ("read_only_space", 0x00705): (67, "ArgumentsMarkerMap"),
  ("read_only_space", 0x00765): (67, "ExceptionMap"),
  ("read_only_space", 0x007c1): (67, "TerminationExceptionMap"),
  ("read_only_space", 0x00829): (67, "OptimizedOutMap"),
  ("read_only_space", 0x00889): (67, "StaleRegisterMap"),
-  ("read_only_space", 0x008cd): (132, "ScriptContextTableMap"),
-  ("read_only_space", 0x008f5): (129, "ClosureFeedbackCellArrayMap"),
-  ("read_only_space", 0x0091d): (158, "FeedbackMetadataArrayMap"),
-  ("read_only_space", 0x00945): (118, "ArrayListMap"),
+  ("read_only_space", 0x008cd): (131, "ScriptContextTableMap"),
+  ("read_only_space", 0x008f5): (128, "ClosureFeedbackCellArrayMap"),
+  ("read_only_space", 0x0091d): (157, "FeedbackMetadataArrayMap"),
+  ("read_only_space", 0x00945): (117, "ArrayListMap"),
  ("read_only_space", 0x0096d): (65, "BigIntMap"),
-  ("read_only_space", 0x00995): (130, "ObjectBoilerplateDescriptionMap"),
-  ("read_only_space", 0x009bd): (134, "BytecodeArrayMap"),
-  ("read_only_space", 0x009e5): (155, "CodeDataContainerMap"),
-  ("read_only_space", 0x00a0d): (135, "FixedDoubleArrayMap"),
-  ("read_only_space", 0x00a35): (121, "GlobalDictionaryMap"),
+  ("read_only_space", 0x00995): (129, "ObjectBoilerplateDescriptionMap"),
+  ("read_only_space", 0x009bd): (133, "BytecodeArrayMap"),
+  ("read_only_space", 0x009e5): (154, "CodeDataContainerMap"),
+  ("read_only_space", 0x00a0d): (134, "FixedDoubleArrayMap"),
+  ("read_only_space", 0x00a35): (120, "GlobalDictionaryMap"),
  ("read_only_space", 0x00a5d): (93, "ManyClosuresCellMap"),
-  ("read_only_space", 0x00a85): (118, "ModuleInfoMap"),
-  ("read_only_space", 0x00aad): (122, "NameDictionaryMap"),
+  ("read_only_space", 0x00a85): (117, "ModuleInfoMap"),
+  ("read_only_space", 0x00aad): (121, "NameDictionaryMap"),
  ("read_only_space", 0x00ad5): (93, "NoClosuresCellMap"),
-  ("read_only_space", 0x00afd): (123, "NumberDictionaryMap"),
+  ("read_only_space", 0x00afd): (122, "NumberDictionaryMap"),
  ("read_only_space", 0x00b25): (93, "OneClosureCellMap"),
-  ("read_only_space", 0x00b4d): (124, "OrderedHashMapMap"),
-  ("read_only_space", 0x00b75): (125, "OrderedHashSetMap"),
-  ("read_only_space", 0x00b9d): (126, "OrderedNameDictionaryMap"),
-  ("read_only_space", 0x00bc5): (163, "PreparseDataMap"),
-  ("read_only_space", 0x00bed): (164, "PropertyArrayMap"),
+  ("read_only_space", 0x00b4d): (123, "OrderedHashMapMap"),
+  ("read_only_space", 0x00b75): (124, "OrderedHashSetMap"),
+  ("read_only_space", 0x00b9d): (125, "OrderedNameDictionaryMap"),
+  ("read_only_space", 0x00bc5): (162, "PreparseDataMap"),
+  ("read_only_space", 0x00bed): (163, "PropertyArrayMap"),
  ("read_only_space", 0x00c15): (89, "SideEffectCallHandlerInfoMap"),
  ("read_only_space", 0x00c3d): (89, "SideEffectFreeCallHandlerInfoMap"),
  ("read_only_space", 0x00c65): (89, "NextCallSideEffectFreeCallHandlerInfoMap"),
-  ("read_only_space", 0x00c8d): (127, "SimpleNumberDictionaryMap"),
-  ("read_only_space", 0x00cb5): (118, "SloppyArgumentsElementsMap"),
-  ("read_only_space", 0x00cdd): (146, "SmallOrderedHashMapMap"),
-  ("read_only_space", 0x00d05): (147, "SmallOrderedHashSetMap"),
-  ("read_only_space", 0x00d2d): (148, "SmallOrderedNameDictionaryMap"),
+  ("read_only_space", 0x00c8d): (126, "SimpleNumberDictionaryMap"),
+  ("read_only_space", 0x00cb5): (117, "SloppyArgumentsElementsMap"),
+  ("read_only_space", 0x00cdd): (145, "SmallOrderedHashMapMap"),
+  ("read_only_space", 0x00d05): (146, "SmallOrderedHashSetMap"),
+  ("read_only_space", 0x00d2d): (147, "SmallOrderedNameDictionaryMap"),
  ("read_only_space", 0x00d55): (68, "SourceTextModuleMap"),
-  ("read_only_space", 0x00d7d): (128, "StringTableMap"),
+  ("read_only_space", 0x00d7d): (127, "StringTableMap"),
  ("read_only_space", 0x00da5): (69, "SyntheticModuleMap"),
-  ("read_only_space", 0x00dcd): (150, "UncompiledDataWithoutPreparseDataMap"),
-  ("read_only_space", 0x00df5): (149, "UncompiledDataWithPreparseDataMap"),
-  ("read_only_space", 0x00e1d): (167, "WeakArrayListMap"),
-  ("read_only_space", 0x00e45): (120, "EphemeronHashTableMap"),
-  ("read_only_space", 0x00e6d): (157, "EmbedderDataArrayMap"),
-  ("read_only_space", 0x00e95): (168, "WeakCellMap"),
+  ("read_only_space", 0x00dcd): (149, "UncompiledDataWithoutPreparseDataMap"),
+  ("read_only_space", 0x00df5): (148, "UncompiledDataWithPreparseDataMap"),
+  ("read_only_space", 0x00e1d): (166, "WeakArrayListMap"),
+  ("read_only_space", 0x00e45): (119, "EphemeronHashTableMap"),
+  ("read_only_space", 0x00e6d): (156, "EmbedderDataArrayMap"),
+  ("read_only_space", 0x00e95): (167, "WeakCellMap"),
  ("read_only_space", 0x00ebd): (32, "StringMap"),
  ("read_only_space", 0x00ee5): (41, "ConsOneByteStringMap"),
  ("read_only_space", 0x00f0d): (33, "ConsStringMap"),
@@ -303,32 +302,31 @@ KNOWN_MAPS = {
  ("read_only_space", 0x035a5): (99, "PromiseReactionMap"),
  ("read_only_space", 0x035cd): (100, "PrototypeInfoMap"),
  ("read_only_space", 0x035f5): (101, "ScriptMap"),
-  ("read_only_space", 0x0361d): (105, "SourcePositionTableWithFrameCacheMap"),
-  ("read_only_space", 0x03645): (106, "SourceTextModuleInfoEntryMap"),
-  ("read_only_space", 0x0366d): (107, "StackFrameInfoMap"),
-  ("read_only_space", 0x03695): (108, "StackTraceFrameMap"),
-  ("read_only_space", 0x036bd): (109, "TemplateObjectDescriptionMap"),
-  ("read_only_space", 0x036e5): (110, "Tuple2Map"),
-  ("read_only_space", 0x0370d): (111, "Tuple3Map"),
-  ("read_only_space", 0x03735): (112, "WasmCapiFunctionDataMap"),
-  ("read_only_space", 0x0375d): (113, "WasmDebugInfoMap"),
-  ("read_only_space", 0x03785): (114, "WasmExceptionTagMap"),
-  ("read_only_space", 0x037ad): (115, "WasmExportedFunctionDataMap"),
-  ("read_only_space", 0x037d5): (116, "WasmIndirectFunctionTableMap"),
-  ("read_only_space", 0x037fd): (117, "WasmJSFunctionDataMap"),
-  ("read_only_space", 0x03825): (96, "InternalClassMap"),
-  ("read_only_space", 0x0384d): (103, "SmiPairMap"),
-  ("read_only_space", 0x03875): (102, "SmiBoxMap"),
-  ("read_only_space", 0x0389d): (104, "SortStateMap"),
-  ("read_only_space", 0x038c5): (85, "AllocationSiteWithWeakNextMap"),
-  ("read_only_space", 0x038ed): (85, "AllocationSiteWithoutWeakNextMap"),
-  ("read_only_space", 0x03915): (76, "LoadHandler1Map"),
-  ("read_only_space", 0x0393d): (76, "LoadHandler2Map"),
-  ("read_only_space", 0x03965): (76, "LoadHandler3Map"),
-  ("read_only_space", 0x0398d): (77, "StoreHandler0Map"),
-  ("read_only_space", 0x039b5): (77, "StoreHandler1Map"),
-  ("read_only_space", 0x039dd): (77, "StoreHandler2Map"),
-  ("read_only_space", 0x03a05): (77, "StoreHandler3Map"),
+  ("read_only_space", 0x0361d): (105, "SourceTextModuleInfoEntryMap"),
+  ("read_only_space", 0x03645): (106, "StackFrameInfoMap"),
+  ("read_only_space", 0x0366d): (107, "StackTraceFrameMap"),
+  ("read_only_space", 0x03695): (108, "TemplateObjectDescriptionMap"),
+  ("read_only_space", 0x036bd): (109, "Tuple2Map"),
+  ("read_only_space", 0x036e5): (110, "Tuple3Map"),
+  ("read_only_space", 0x0370d): (111, "WasmCapiFunctionDataMap"),
+  ("read_only_space", 0x03735): (112, "WasmDebugInfoMap"),
+  ("read_only_space", 0x0375d): (113, "WasmExceptionTagMap"),
+  ("read_only_space", 0x03785): (114, "WasmExportedFunctionDataMap"),
+  ("read_only_space", 0x037ad): (115, "WasmIndirectFunctionTableMap"),
+  ("read_only_space", 0x037d5): (116, "WasmJSFunctionDataMap"),
+  ("read_only_space", 0x037fd): (96, "InternalClassMap"),
+  ("read_only_space", 0x03825): (103, "SmiPairMap"),
+  ("read_only_space", 0x0384d): (102, "SmiBoxMap"),
+  ("read_only_space", 0x03875): (104, "SortStateMap"),
+  ("read_only_space", 0x0389d): (85, "AllocationSiteWithWeakNextMap"),
+  ("read_only_space", 0x038c5): (85, "AllocationSiteWithoutWeakNextMap"),
+  ("read_only_space", 0x038ed): (76, "LoadHandler1Map"),
+  ("read_only_space", 0x03915): (76, "LoadHandler2Map"),
+  ("read_only_space", 0x0393d): (76, "LoadHandler3Map"),
+  ("read_only_space", 0x03965): (77, "StoreHandler0Map"),
+  ("read_only_space", 0x0398d): (77, "StoreHandler1Map"),
+  ("read_only_space", 0x039b5): (77, "StoreHandler2Map"),
+  ("read_only_space", 0x039dd): (77, "StoreHandler3Map"),
  ("map_space", 0x00119): (1057, "ExternalMap"),
  ("map_space", 0x00141): (1073, "JSMessageObjectMap"),
 }