V8/V8Patch.txt

diff --git a/BUILD.gn b/BUILD.gn
index a28da024c76..83c1b5d21ad 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -8,7 +8,6 @@ import("//build/config/coverage/coverage.gni")
 import("//build/config/dcheck_always_on.gni")
 import("//build/config/host_byteorder.gni")
 import("//build/config/mips.gni")
-import("//build/config/riscv.gni")
 import("//build/config/sanitizers/sanitizers.gni")
 import("//build_overrides/build.gni")
 
@@ -1255,7 +1254,7 @@ config("toolchain") {
   visibility = [ "./*" ]
 
   defines = []
-  cflags = []
+  cflags = [ "-D_SILENCE_CXX20_OLD_SHARED_PTR_ATOMIC_SUPPORT_DEPRECATION_WARNING" ]
   ldflags = []
 
   if (v8_current_cpu == "arm") {
diff --git a/gni/v8.gni b/gni/v8.gni
index 185de67a522..c2335989396 100644
--- a/gni/v8.gni
+++ b/gni/v8.gni
@@ -119,7 +119,7 @@ declare_args() {
   cppgc_is_standalone = false
 
   # Enable object names in cppgc for profiling purposes.
-  cppgc_enable_object_names = is_chrome_for_testing
+  cppgc_enable_object_names = false
 
   # Enable young generation in cppgc.
   cppgc_enable_young_generation = false
diff --git a/include/libplatform/libplatform.h b/include/libplatform/libplatform.h
index 6a34f432410..88a81ab4c40 100644
--- a/include/libplatform/libplatform.h
+++ b/include/libplatform/libplatform.h
@@ -49,6 +49,8 @@ V8_PLATFORM_EXPORT std::unique_ptr<v8::Platform> NewDefaultPlatform(
     std::unique_ptr<v8::TracingController> tracing_controller = {},
     PriorityMode priority_mode = PriorityMode::kDontApply);
 
+V8_PLATFORM_EXPORT std::unique_ptr<v8::PageAllocator> NewDefaultPageAllocator();
+
 /**
  * The same as NewDefaultPlatform but disables the worker thread pool.
  * It must be used with the --single-threaded V8 flag.
diff --git a/include/v8-initialization.h b/include/v8-initialization.h
index d3e35d6ec5f..56b3faaa791 100644
--- a/include/v8-initialization.h
+++ b/include/v8-initialization.h
@@ -136,6 +136,7 @@ class V8_EXPORT V8 {
    * of the data file has to be provided.
    */
   static bool InitializeICU(const char* icu_data_file = nullptr);
+  static bool InitializeICU(const char* icu_data_ptr, size_t size);
 
   /**
    * Initialize the ICU library bundled with V8. The embedder should only
@@ -264,6 +265,9 @@ class V8_EXPORT V8 {
    */
   static void GetSharedMemoryStatistics(SharedMemoryStatistics* statistics);
 
+  static int EnterRwxHostScope();
+  static void ExitRwxHostScope(int code_space_write_nesting_level);
+
  private:
   V8();
 
diff --git a/include/v8-template.h b/include/v8-template.h
index 674d4201d5d..a4538592531 100644
--- a/include/v8-template.h
+++ b/include/v8-template.h
@@ -935,6 +935,9 @@ class V8_EXPORT ObjectTemplate : public Template {
    */
   void SetImmutableProto();
 
+  bool IsHostDelegate() const;
+  void SetHostDelegate();
+
   /**
    * Support for TC39 "dynamic code brand checks" proposal.
    *
diff --git a/include/v8config.h b/include/v8config.h
index e649d8cce7d..3ca8f9fb448 100644
--- a/include/v8config.h
+++ b/include/v8config.h
@@ -550,7 +550,7 @@ path. Add it with -I<path> to the command line
 // Use like:
 //   V8_NOINLINE V8_PRESERVE_MOST void UnlikelyMethod();
 #if V8_HAS_ATTRIBUTE_PRESERVE_MOST
-# define V8_PRESERVE_MOST __attribute__((preserve_most))
+# define V8_PRESERVE_MOST /* DISABLED */
 #else
 # define V8_PRESERVE_MOST /* NOT SUPPORTED */
 #endif
diff --git a/src/api/api-natives.cc b/src/api/api-natives.cc
index 0f1747a2a91..0e3e6d6343c 100644
--- a/src/api/api-natives.cc
+++ b/src/api/api-natives.cc
@@ -451,6 +451,9 @@ MaybeHandle<JSObject> InstantiateObject(Isolate* isolate,
   if (info->immutable_proto()) {
     JSObject::SetImmutableProto(object);
   }
+  else if (info->host_delegate()) {
+    JSObject::SetHostDelegate(object);
+  }
   if (!is_prototype) {
     // Keep prototypes in slow-mode. Let them be lazily turned fast later on.
     // TODO(dcarney): is this necessary?
diff --git a/src/api/api.cc b/src/api/api.cc
index 9ca94b045c2..4bce5309eb7 100644
--- a/src/api/api.cc
+++ b/src/api/api.cc
@@ -1934,6 +1934,17 @@ void ObjectTemplate::SetImmutableProto() {
   self->set_immutable_proto(true);
 }
 
+bool ObjectTemplate::IsHostDelegate() const {
+  return Utils::OpenDirectHandle(this)->host_delegate();
+}
+
+void ObjectTemplate::SetHostDelegate() {
+  auto self = Utils::OpenDirectHandle(this);
+  i::Isolate* isolate = self->GetIsolate();
+  ENTER_V8_NO_SCRIPT_NO_EXCEPTION(isolate);
+  self->set_host_delegate(true);
+}
+
 bool ObjectTemplate::IsCodeLike() const {
   return Utils::OpenDirectHandle(this)->code_like();
 }
@@ -6530,6 +6541,10 @@ bool v8::V8::InitializeICU(const char* icu_data_file) {
   return i::InitializeICU(icu_data_file);
 }
 
+bool v8::V8::InitializeICU(const char* icu_data_ptr, size_t size) {
+  return i::InitializeICU(icu_data_ptr, size);
+}
+
 bool v8::V8::InitializeICUDefaultLocation(const char* exec_path,
                                           const char* icu_data_file) {
   return i::InitializeICUDefaultLocation(exec_path, icu_data_file);
diff --git a/src/base/build_config.h b/src/base/build_config.h
index f25bd3f9b57..98b040ac0f0 100644
--- a/src/base/build_config.h
+++ b/src/base/build_config.h
@@ -36,7 +36,7 @@
 #endif
 
 #if defined(V8_OS_LINUX) && defined(V8_HOST_ARCH_X64)
-#define V8_HAS_PKU_JIT_WRITE_PROTECT 1
+#define V8_HAS_PKU_JIT_WRITE_PROTECT 0
 #else
 #define V8_HAS_PKU_JIT_WRITE_PROTECT 0
 #endif
diff --git a/src/base/platform/platform.h b/src/base/platform/platform.h
index 99be31da701..f38dfbd6997 100644
--- a/src/base/platform/platform.h
+++ b/src/base/platform/platform.h
@@ -53,6 +53,8 @@
 #include <sanitizer/asan_interface.h>
 #endif  // V8_USE_ADDRESS_SANITIZER
 
+#define V8_NO_FAST_TLS
+
 #ifndef V8_NO_FAST_TLS
 #if V8_CC_MSVC && V8_HOST_ARCH_IA32
 // __readfsdword is supposed to be declared in intrin.h but it is missing from
diff --git a/src/builtins/builtins-async-module.cc b/src/builtins/builtins-async-module.cc
index 72ad214dcfa..d0a81059cb5 100644
--- a/src/builtins/builtins-async-module.cc
+++ b/src/builtins/builtins-async-module.cc
@@ -15,7 +15,8 @@ BUILTIN(CallAsyncModuleFulfilled) {
       SourceTextModule::cast(isolate->context()->get(
           SourceTextModule::ExecuteAsyncModuleContextSlots::kModule)),
       isolate);
-  if (SourceTextModule::AsyncModuleExecutionFulfilled(isolate, module)
+  Handle<Object> result(args.at(1));
+  if (SourceTextModule::AsyncModuleExecutionFulfilled(isolate, module, result)
           .IsNothing()) {
     // The evaluation of async module can not throwing a JavaScript observable
     // exception.
diff --git a/src/codegen/code-stub-assembler.cc b/src/codegen/code-stub-assembler.cc
index cc80f7aacca..faefc8d367f 100644
--- a/src/codegen/code-stub-assembler.cc
+++ b/src/codegen/code-stub-assembler.cc
@@ -2227,6 +2227,10 @@ TNode<Uint32T> CodeStubAssembler::LoadMapBitField3(TNode<Map> map) {
   return LoadObjectField<Uint32T>(map, Map::kBitField3Offset);
 }
 
+TNode<Uint32T> CodeStubAssembler::LoadMapHostBitField(TNode<Map> map) {
+  return LoadObjectField<Uint32T>(map, Map::kHostBitFieldOffset);
+}
+
 TNode<Uint16T> CodeStubAssembler::LoadMapInstanceType(TNode<Map> map) {
   return LoadObjectField<Uint16T>(map, Map::kInstanceTypeOffset);
 }
@@ -15093,6 +15097,11 @@ TNode<String> CodeStubAssembler::Typeof(TNode<Object> value) {
 
   GotoIf(InstanceTypeEqual(instance_type, ODDBALL_TYPE), &if_oddball);
 
+  Label resume_default(this);
+  GotoIfNot(Word32And(LoadMapBitField(map), Int32Constant(Map::Bits1::HasNamedInterceptorBit::kMask)), &resume_default);
+  Branch(Word32And(LoadMapHostBitField(map), Int32Constant(Map::HostBits::IsHostDelegateBit::kMask)), &return_function, &return_object);
+  BIND(&resume_default);
+
   TNode<Int32T> callable_or_undetectable_mask =
       Word32And(LoadMapBitField(map),
                 Int32Constant(Map::Bits1::IsCallableBit::kMask |
diff --git a/src/codegen/code-stub-assembler.h b/src/codegen/code-stub-assembler.h
index 7d687744c10..dd15ab9cc6a 100644
--- a/src/codegen/code-stub-assembler.h
+++ b/src/codegen/code-stub-assembler.h
@@ -1570,6 +1570,8 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   TNode<Int32T> LoadMapBitField2(TNode<Map> map);
   // Load bit field 3 of a map.
   TNode<Uint32T> LoadMapBitField3(TNode<Map> map);
+  // Load host bit field of a map.
+  TNode<Uint32T> LoadMapHostBitField(TNode<Map> map);
   // Load the instance type of a map.
   TNode<Uint16T> LoadMapInstanceType(TNode<Map> map);
   // Load the ElementsKind of a map.
diff --git a/src/common/code-memory-access-inl.h b/src/common/code-memory-access-inl.h
index e1ec30c166f..5ceb3f452bf 100644
--- a/src/common/code-memory-access-inl.h
+++ b/src/common/code-memory-access-inl.h
@@ -212,28 +212,89 @@ void WritableFreeSpace::ClearTagged(size_t count) const {
                count);
 }
 
-#if V8_HAS_PTHREAD_JIT_WRITE_PROTECT
+#if V8_HAS_PTHREAD_JIT_WRITE_PROTECT || V8_HAS_PKU_JIT_WRITE_PROTECT
 
 // static
-bool RwxMemoryWriteScope::IsSupported() { return true; }
+int RwxMemoryWriteScope::EnterHostScope() {
+  if (v8_flags.jitless || !IsSupported()) return 0;
+  int code_space_write_nesting_level = code_space_write_nesting_level_;
+  DCHECK_GE(code_space_write_nesting_level, 0);
+  DCHECK_GE(code_space_host_nesting_level_, 0);
+  if (code_space_host_nesting_level_ == 0 && code_space_write_nesting_level > 0) {
+    code_space_write_nesting_level_ = 0;
+    SetExecutableInternal();
+  }
+  code_space_host_nesting_level_++;
+  return code_space_write_nesting_level;
+}
+
+// static
+void RwxMemoryWriteScope::ExitHostScope(int code_space_write_nesting_level) {
+  if (v8_flags.jitless || !IsSupported()) return;
+  DCHECK_GE(code_space_write_nesting_level, 0);
+  DCHECK_GT(code_space_host_nesting_level_, 0);
+  code_space_host_nesting_level_--;
+  if (code_space_host_nesting_level_ == 0 && code_space_write_nesting_level > 0) {
+    code_space_write_nesting_level_ = code_space_write_nesting_level;
+    SetWritableInternal();
+  }
+}
 
 // static
 void RwxMemoryWriteScope::SetWritable() {
+  if (!IsSupported()) return;
+  DCHECK_GE(code_space_write_nesting_level_, 0);
+  DCHECK_EQ(code_space_host_nesting_level_, 0);
   if (code_space_write_nesting_level_ == 0) {
-    base::SetJitWriteProtected(0);
+    SetWritableInternal();
   }
   code_space_write_nesting_level_++;
 }
 
 // static
 void RwxMemoryWriteScope::SetExecutable() {
+  if (!IsSupported()) return;
+  DCHECK_GT(code_space_write_nesting_level_, 0);
+  DCHECK_EQ(code_space_host_nesting_level_, 0);
   code_space_write_nesting_level_--;
   if (code_space_write_nesting_level_ == 0) {
-    base::SetJitWriteProtected(1);
+    SetExecutableInternal();
   }
 }
 
+#else  // !V8_HAS_PTHREAD_JIT_WRITE_PROTECT && !V8_HAS_PKU_JIT_WRITE_PROTECT
+
+// static
+int RwxMemoryWriteScope::EnterHostScope() { return 0; }
+
+// static
+void RwxMemoryWriteScope::ExitHostScope(int /*code_space_write_nesting_level*/) {}
+
+// static
+void RwxMemoryWriteScope::SetWritable() {}
+
+// static
+void RwxMemoryWriteScope::SetExecutable() {}
+
+#endif  // V8_HAS_PTHREAD_JIT_WRITE_PROTECT || V8_HAS_PKU_JIT_WRITE_PROTECT
+
+#if V8_HAS_PTHREAD_JIT_WRITE_PROTECT
+
+// static
+bool RwxMemoryWriteScope::IsSupported() { return true; }
+
+// static
+void RwxMemoryWriteScope::SetWritableInternal() {
+  base::SetJitWriteProtected(0);
+}
+
+// static
+void RwxMemoryWriteScope::SetExecutableInternal() {
+  base::SetJitWriteProtected(1);
+}
+
 #elif V8_HAS_PKU_JIT_WRITE_PROTECT
+
 // static
 bool RwxMemoryWriteScope::IsSupported() {
   static_assert(base::MemoryProtectionKey::kNoMemoryProtectionKey == -1);
@@ -245,31 +306,23 @@ bool RwxMemoryWriteScope::IsSupported() {
 }
 
 // static
-void RwxMemoryWriteScope::SetWritable() {
+void RwxMemoryWriteScope::SetWritableInternal() {
   DCHECK(ThreadIsolation::initialized());
-  if (!IsSupported()) return;
-  if (code_space_write_nesting_level_ == 0) {
     DCHECK_NE(
         base::MemoryProtectionKey::GetKeyPermission(ThreadIsolation::pkey()),
         base::MemoryProtectionKey::kNoRestrictions);
     base::MemoryProtectionKey::SetPermissionsForKey(
         ThreadIsolation::pkey(), base::MemoryProtectionKey::kNoRestrictions);
-  }
-  code_space_write_nesting_level_++;
 }
 
 // static
-void RwxMemoryWriteScope::SetExecutable() {
+void RwxMemoryWriteScope::SetExecutableInternal() {
   DCHECK(ThreadIsolation::initialized());
-  if (!IsSupported()) return;
-  code_space_write_nesting_level_--;
-  if (code_space_write_nesting_level_ == 0) {
     DCHECK_EQ(
         base::MemoryProtectionKey::GetKeyPermission(ThreadIsolation::pkey()),
         base::MemoryProtectionKey::kNoRestrictions);
     base::MemoryProtectionKey::SetPermissionsForKey(
         ThreadIsolation::pkey(), base::MemoryProtectionKey::kDisableWrite);
-  }
 }
 
 #else  // !V8_HAS_PTHREAD_JIT_WRITE_PROTECT && !V8_TRY_USE_PKU_JIT_WRITE_PROTECT
@@ -278,10 +331,10 @@ void RwxMemoryWriteScope::SetExecutable() {
 bool RwxMemoryWriteScope::IsSupported() { return false; }
 
 // static
-void RwxMemoryWriteScope::SetWritable() {}
+void RwxMemoryWriteScope::SetWritableInternal() {}
 
 // static
-void RwxMemoryWriteScope::SetExecutable() {}
+void RwxMemoryWriteScope::SetExecutableInternal() {}
 
 #endif  // V8_HAS_PTHREAD_JIT_WRITE_PROTECT
 
diff --git a/src/common/code-memory-access.cc b/src/common/code-memory-access.cc
index 94328a128b8..45317ac0461 100644
--- a/src/common/code-memory-access.cc
+++ b/src/common/code-memory-access.cc
@@ -2,16 +2,29 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "include/v8-initialization.h"
 #include "src/common/code-memory-access-inl.h"
 #include "src/utils/allocation.h"
 
 namespace v8 {
+
+// static
+int V8::EnterRwxHostScope() {
+  return i::RwxMemoryWriteScope::EnterHostScope();
+}
+
+// static
+void V8::ExitRwxHostScope(int code_space_write_nesting_level) {
+  i::RwxMemoryWriteScope::ExitHostScope(code_space_write_nesting_level);
+}
+
 namespace internal {
 
 ThreadIsolation::TrustedData ThreadIsolation::trusted_data_;
 
 #if V8_HAS_PTHREAD_JIT_WRITE_PROTECT || V8_HAS_PKU_JIT_WRITE_PROTECT
 thread_local int RwxMemoryWriteScope::code_space_write_nesting_level_ = 0;
+thread_local int RwxMemoryWriteScope::code_space_host_nesting_level_ = 0;
 #endif  // V8_HAS_PTHREAD_JIT_WRITE_PROTECT || V8_HAS_PKU_JIT_WRITE_PROTECT
 
 #if V8_HAS_PKU_JIT_WRITE_PROTECT
diff --git a/src/common/code-memory-access.h b/src/common/code-memory-access.h
index e0d317b07fe..c77411bcdd9 100644
--- a/src/common/code-memory-access.h
+++ b/src/common/code-memory-access.h
@@ -114,6 +114,9 @@ class V8_NODISCARD RwxMemoryWriteScope {
   static V8_EXPORT void SetDefaultPermissionsForSignalHandler();
 #endif  // V8_HAS_PKU_JIT_WRITE_PROTECT
 
+  V8_INLINE static int EnterHostScope();
+  V8_INLINE static void ExitHostScope(int code_space_write_nesting_level);
+
  private:
   friend class RwxMemoryWriteScopeForTesting;
   friend class wasm::CodeSpaceWriteScope;
@@ -124,9 +127,13 @@ class V8_NODISCARD RwxMemoryWriteScope {
   V8_INLINE static void SetWritable();
   V8_INLINE static void SetExecutable();
 
+  V8_INLINE static void SetWritableInternal();
+  V8_INLINE static void SetExecutableInternal();
+
 #if V8_HAS_PTHREAD_JIT_WRITE_PROTECT || V8_HAS_PKU_JIT_WRITE_PROTECT
   // This counter is used for supporting scope reentrance.
   V8_EXPORT_PRIVATE static thread_local int code_space_write_nesting_level_;
+  static thread_local int code_space_host_nesting_level_;
 #endif  // V8_HAS_PTHREAD_JIT_WRITE_PROTECT || V8_HAS_PKU_JIT_WRITE_PROTECT
 };
 
diff --git a/src/diagnostics/unwinding-info-win64.cc b/src/diagnostics/unwinding-info-win64.cc
index a71b866135b..4f1d26676c2 100644
--- a/src/diagnostics/unwinding-info-win64.cc
+++ b/src/diagnostics/unwinding-info-win64.cc
@@ -462,6 +462,14 @@ void InitUnwindingRecord(Record* record, size_t code_size_in_bytes) {
 namespace {
 
 V8_DECLARE_ONCE(load_ntdll_unwinding_functions_once);
+
+#if defined(V8_OS_WIN_X64)
+static decltype(
+    &::RtlAddFunctionTable) add_function_table_func = nullptr;
+static decltype(
+    &::RtlDeleteFunctionTable) delete_function_table_func = nullptr;
+#endif  // V8_OS_WIN_X64
+
 static decltype(
     &::RtlAddGrowableFunctionTable) add_growable_function_table_func = nullptr;
 static decltype(
@@ -469,6 +477,19 @@ static decltype(
     nullptr;
 
 void LoadNtdllUnwindingFunctionsOnce() {
+
+#if defined(V8_OS_WIN_X64)
+  HMODULE kernel32_module =
+	LoadLibraryEx(L"kernel32.dll", nullptr, LOAD_LIBRARY_SEARCH_SYSTEM32);
+  DCHECK_NOT_NULL(kernel32_module);
+  add_function_table_func =
+	reinterpret_cast<decltype(&::RtlAddFunctionTable)>(
+		::GetProcAddress(kernel32_module, "RtlAddFunctionTable"));
+  delete_function_table_func =
+	reinterpret_cast<decltype(&::RtlDeleteFunctionTable)>(
+		::GetProcAddress(kernel32_module, "RtlDeleteFunctionTable"));
+#endif  // V8_OS_WIN_X64
+
   // Load functions from the ntdll.dll module.
   HMODULE ntdll_module =
       LoadLibraryEx(L"ntdll.dll", nullptr, LOAD_LIBRARY_SEARCH_SYSTEM32);
@@ -491,6 +512,21 @@ void LoadNtdllUnwindingFunctions() {
                  &LoadNtdllUnwindingFunctionsOnce);
 }
 
+#if defined(V8_OS_WIN_X64)
+BOOLEAN AddFunctionTable(PRUNTIME_FUNCTION FunctionTable,
+                         DWORD EntryCount,
+                         DWORD64 BaseAddress) {
+  LoadNtdllUnwindingFunctions();
+  DCHECK_NOT_NULL(add_function_table_func);
+  return add_function_table_func(FunctionTable, EntryCount, BaseAddress);
+}
+BOOLEAN DeleteFunctionTable(PRUNTIME_FUNCTION FunctionTable) {
+  LoadNtdllUnwindingFunctions();
+  DCHECK_NOT_NULL(delete_function_table_func);
+  return delete_function_table_func(FunctionTable);
+}
+#endif  // V8_OS_WIN_X64
+
 bool AddGrowableFunctionTable(PVOID* DynamicTable,
                               PRUNTIME_FUNCTION FunctionTable, DWORD EntryCount,
                               DWORD MaximumEntryCount, ULONG_PTR RangeBase,
@@ -542,7 +578,7 @@ void RegisterNonABICompliantCodeRange(void* start, size_t size_in_bytes) {
       ExceptionHandlerRecord* record = new (start) ExceptionHandlerRecord();
       InitUnwindingRecord(record, size_in_bytes);
 
-      CHECK(::RtlAddFunctionTable(record->runtime_function,
+      CHECK(AddFunctionTable(record->runtime_function,
                                   kDefaultRuntimeFunctionCount,
                                   reinterpret_cast<DWORD64>(start)));
 
@@ -580,7 +616,7 @@ void UnregisterNonABICompliantCodeRange(void* start) {
     if (unhandled_exception_callback_g) {
       ExceptionHandlerRecord* record =
           reinterpret_cast<ExceptionHandlerRecord*>(start);
-      CHECK(::RtlDeleteFunctionTable(record->runtime_function));
+      CHECK(DeleteFunctionTable(record->runtime_function));
 
       // Unprotect reserved page.
       DWORD old_protect;
diff --git a/src/execution/isolate-inl.h b/src/execution/isolate-inl.h
index 256db29d140..3880ea12bb9 100644
--- a/src/execution/isolate-inl.h
+++ b/src/execution/isolate-inl.h
@@ -35,7 +35,6 @@ V8_INLINE Isolate* Isolate::TryGetCurrent() { return g_current_isolate_; }
 // static
 V8_INLINE Isolate* Isolate::Current() {
   Isolate* isolate = TryGetCurrent();
-  DCHECK_NOT_NULL(isolate);
   return isolate;
 }
 
diff --git a/src/execution/stack-guard.cc b/src/execution/stack-guard.cc
index efcaf8cd10b..0e7cfbb704d 100644
--- a/src/execution/stack-guard.cc
+++ b/src/execution/stack-guard.cc
@@ -235,8 +235,10 @@ void StackGuard::FreeThreadResources() {
 void StackGuard::ThreadLocal::Initialize(Isolate* isolate,
                                          const ExecutionAccess& lock) {
   const uintptr_t kLimitSize = v8_flags.stack_size * KB;
-  DCHECK_GT(GetCurrentStackPosition(), kLimitSize);
   uintptr_t limit = GetCurrentStackPosition() - kLimitSize;
+  if (GetCurrentStackPosition() < kLimitSize) {
+    limit = 0;
+  }
   real_jslimit_ = SimulatorStack::JsLimitFromCLimit(isolate, limit);
   set_jslimit(SimulatorStack::JsLimitFromCLimit(isolate, limit));
   real_climit_ = limit;
@@ -383,6 +385,8 @@ Tagged<Object> StackGuard::HandleInterrupts(InterruptLevel level) {
 
   isolate_->counters()->stack_interrupts()->Increment();
 
+  if (isolate_->has_exception()) return ReadOnlyRoots(isolate_).exception();
+
   return ReadOnlyRoots(isolate_).undefined_value();
 }
 
diff --git a/src/heap/factory.cc b/src/heap/factory.cc
index 82ee405ecb5..9a2c4f39170 100644
--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -2129,6 +2129,7 @@ Tagged<Map> Factory::InitializeMap(Tagged<Map> map, InstanceType type,
       Map::Bits3::ConstructionCounterBits::encode(Map::kNoSlackTracking) |
       Map::Bits3::IsExtensibleBit::encode(true);
   map->set_bit_field3(bit_field3);
+  map->set_host_bit_field(0);
   map->set_instance_type(type);
   map->init_prototype_and_constructor_or_back_pointer(roots);
   map->set_instance_size(instance_size);
diff --git a/src/heap/setup-heap-internal.cc b/src/heap/setup-heap-internal.cc
index 243d96b8618..7c1a72627e9 100644
--- a/src/heap/setup-heap-internal.cc
+++ b/src/heap/setup-heap-internal.cc
@@ -296,6 +296,7 @@ void InitializePartialMap(Tagged<Map> map, Tagged<Map> meta_map,
       Map::Bits3::OwnsDescriptorsBit::encode(true) |
       Map::Bits3::ConstructionCounterBits::encode(Map::kNoSlackTracking);
   map->set_bit_field3(bit_field3);
+  map->set_host_bit_field(0);
   DCHECK(!map->is_in_retained_map_list());
   map->clear_padding();
   map->set_elements_kind(TERMINAL_FAST_ELEMENTS_KIND);
diff --git a/src/init/icu_util.cc b/src/init/icu_util.cc
index 67d349557c6..cfb7fcefbaf 100644
--- a/src/init/icu_util.cc
+++ b/src/init/icu_util.cc
@@ -11,6 +11,7 @@
 #if defined(V8_INTL_SUPPORT)
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 #include "src/base/build_config.h"
 #include "src/base/file-utils.h"
@@ -98,6 +99,26 @@ bool InitializeICU(const char* icu_data_file) {
 #endif
 }
 
+bool InitializeICU(const char* icu_data_ptr, size_t size) {
+#if !defined(V8_INTL_SUPPORT)
+  return true;
+#else
+#if ICU_UTIL_DATA_IMPL == ICU_UTIL_DATA_STATIC
+  return true;
+#elif ICU_UTIL_DATA_IMPL == ICU_UTIL_DATA_FILE
+  if (!icu_data_ptr) return false;
+  if (g_icu_data_ptr) return true;
+  g_icu_data_ptr = new char[size];
+  memcpy(g_icu_data_ptr, icu_data_ptr, size);
+  atexit(free_icu_data_ptr);
+  UErrorCode err = U_ZERO_ERROR;
+  udata_setCommonData(reinterpret_cast<void*>(g_icu_data_ptr), &err);
+  udata_setFileAccess(UDATA_ONLY_PACKAGES, &err);
+  return err == U_ZERO_ERROR;
+#endif
+#endif
+}
+
 #undef ICU_UTIL_DATA_FILE
 #undef ICU_UTIL_DATA_STATIC
 
diff --git a/src/init/icu_util.h b/src/init/icu_util.h
index e127e75f10f..b0e4bd2d68e 100644
--- a/src/init/icu_util.h
+++ b/src/init/icu_util.h
@@ -5,6 +5,8 @@
 #ifndef V8_INIT_ICU_UTIL_H_
 #define V8_INIT_ICU_UTIL_H_
 
+#include <stddef.h>
+
 namespace v8 {
 
 namespace internal {
@@ -12,6 +14,7 @@ namespace internal {
 // Call this function to load ICU's data tables for the current process.  This
 // function should be called before ICU is used.
 bool InitializeICU(const char* icu_data_file);
+bool InitializeICU(const char* icu_data_ptr, size_t size);
 
 // Like above, but using the default icudt[lb].dat location if icu_data_file is
 // not specified.
diff --git a/src/init/v8.cc b/src/init/v8.cc
index 15540a75e7e..74ab11151a0 100644
--- a/src/init/v8.cc
+++ b/src/init/v8.cc
@@ -98,7 +98,6 @@ V8_DECLARE_ONCE(init_snapshot_once);
 // static
 void V8::InitializePlatform(v8::Platform* platform) {
   AdvanceStartupState(V8StartupState::kPlatformInitializing);
-  CHECK(!platform_);
   CHECK_NOT_NULL(platform);
   platform_ = platform;
   v8::base::SetPrintStackTrace(platform_->GetStackTracePrinter());
diff --git a/src/interpreter/bytecode-generator.cc b/src/interpreter/bytecode-generator.cc
index da222bb8c3c..4950acfe588 100644
--- a/src/interpreter/bytecode-generator.cc
+++ b/src/interpreter/bytecode-generator.cc
@@ -6848,10 +6848,13 @@ static bool IsCharU(const AstRawString* str) {
   return str->length() == 1 && str->FirstCharacter() == 'u';
 }
 
+static bool disable_literal_compare_typeof_detection = true;
+
 static bool IsLiteralCompareTypeof(CompareOperation* expr,
                                    Expression** sub_expr,
                                    TestTypeOfFlags::LiteralFlag* flag,
                                    const AstStringConstants* ast_constants) {
+  if (disable_literal_compare_typeof_detection) return false;
   if (IsTypeof(expr->left()) && expr->right()->IsStringLiteral()) {
     Literal* right_lit = expr->right()->AsLiteral();
 
diff --git a/src/libplatform/default-platform.cc b/src/libplatform/default-platform.cc
index 2a8f06a9c09..5476b4c9d3b 100644
--- a/src/libplatform/default-platform.cc
+++ b/src/libplatform/default-platform.cc
@@ -57,6 +57,10 @@ std::unique_ptr<v8::Platform> NewDefaultPlatform(
   return platform;
 }
 
+std::unique_ptr<v8::PageAllocator> NewDefaultPageAllocator() {
+  return std::make_unique<v8::base::PageAllocator>();
+}
+
 std::unique_ptr<v8::Platform> NewSingleThreadedDefaultPlatform(
     IdleTaskSupport idle_task_support,
     InProcessStackDumping in_process_stack_dumping,
diff --git a/src/objects/js-objects.cc b/src/objects/js-objects.cc
index af21b605e3d..62e84834304 100644
--- a/src/objects/js-objects.cc
+++ b/src/objects/js-objects.cc
@@ -5207,6 +5207,13 @@ void JSObject::SetImmutableProto(Handle<JSObject> object) {
   object->set_map(*new_map, kReleaseStore);
 }
 
+void JSObject::SetHostDelegate(Handle<JSObject> object) {
+  Handle<Map> map(object->map(), object->GetIsolate());
+  if (map->is_host_delegate()) return;
+  Handle<Map> new_map = Map::TransitionToHostDelegate(object->GetIsolate(), map);
+  object->set_map(*new_map, kReleaseStore);
+}
+
 void JSObject::EnsureCanContainElements(Handle<JSObject> object,
                                         JavaScriptArguments* args,
                                         uint32_t arg_count,
diff --git a/src/objects/js-objects.h b/src/objects/js-objects.h
index 9fb0613af3a..2340c6ab309 100644
--- a/src/objects/js-objects.h
+++ b/src/objects/js-objects.h
@@ -774,6 +774,8 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
   // Never called from JavaScript
   static void SetImmutableProto(Handle<JSObject> object);
 
+  static void SetHostDelegate(Handle<JSObject> object);
+
   // Initializes the body starting at |start_offset|. It is responsibility of
   // the caller to initialize object header. Fill the pre-allocated fields with
   // undefined_value and the rest with filler_map.
diff --git a/src/objects/map-inl.h b/src/objects/map-inl.h
index a28034912de..3bba62d3740 100644
--- a/src/objects/map-inl.h
+++ b/src/objects/map-inl.h
@@ -128,6 +128,9 @@ BIT_FIELD_ACCESSORS(Map, bit_field3, may_have_interesting_properties,
 BIT_FIELD_ACCESSORS(Map, relaxed_bit_field3, construction_counter,
                     Map::Bits3::ConstructionCounterBits)
 
+// |host_bit_field| fields.
+BIT_FIELD_ACCESSORS(Map, host_bit_field, is_host_delegate, Map::HostBits::IsHostDelegateBit)
+
 DEF_GETTER(Map, GetNamedInterceptor, Tagged<InterceptorInfo>) {
   DCHECK(has_named_interceptor());
   Tagged<FunctionTemplateInfo> info = GetFunctionTemplateInfo(cage_base);
diff --git a/src/objects/map.cc b/src/objects/map.cc
index 2c904d398b2..4fe7a01b664 100644
--- a/src/objects/map.cc
+++ b/src/objects/map.cc
@@ -1241,6 +1241,7 @@ Handle<Map> Map::RawCopy(Isolate* isolate, Handle<Map> src_handle,
     }
     // Same as bit_field comment above.
     raw->set_bit_field3(new_bit_field3);
+    raw->set_host_bit_field(src->host_bit_field());
     raw->clear_padding();
   }
   Handle<HeapObject> prototype(src_handle->prototype(), isolate);
@@ -1367,6 +1368,12 @@ Handle<Map> Map::TransitionToImmutableProto(Isolate* isolate, Handle<Map> map) {
   return new_map;
 }
 
+Handle<Map> Map::TransitionToHostDelegate(Isolate* isolate, Handle<Map> map) {
+  Handle<Map> new_map = Map::Copy(isolate, map, "HostDelegate");
+  new_map->set_is_host_delegate(true);
+  return new_map;
+}
+
 namespace {
 void EnsureInitialMap(Isolate* isolate, Handle<Map> map) {
 #ifdef DEBUG
diff --git a/src/objects/map.h b/src/objects/map.h
index 3ddb06d1f99..ebf2a4b3d2c 100644
--- a/src/objects/map.h
+++ b/src/objects/map.h
@@ -338,6 +338,11 @@ class Map : public TorqueGeneratedMap<Map, HeapObject> {
   static_assert(kSlackTrackingCounterStart <=
                 Bits3::ConstructionCounterBits::kMax);
 
+  // Bit positions for |host_bits|.
+  struct HostBits {
+    DEFINE_TORQUE_GENERATED_MAP_HOST_BIT_FIELDS()
+  };
+
   // Inobject slack tracking is the way to reclaim unused inobject space.
   //
   // The instance size is initially determined by adding some slack to
@@ -705,6 +710,8 @@ class Map : public TorqueGeneratedMap<Map, HeapObject> {
 
   DECL_BOOLEAN_ACCESSORS(is_immutable_proto)
 
+  DECL_BOOLEAN_ACCESSORS(is_host_delegate)
+
   // This counter is used for in-object slack tracking.
   // The in-object slack tracking is considered enabled when the counter is
   // non zero. The counter only has a valid count for initial maps. For
@@ -885,6 +892,8 @@ class Map : public TorqueGeneratedMap<Map, HeapObject> {
   static Handle<Map> TransitionToImmutableProto(Isolate* isolate,
                                                 Handle<Map> map);
 
+  static Handle<Map> TransitionToHostDelegate(Isolate* isolate, Handle<Map> map);
+
   static_assert(kInstanceTypeOffset == Internals::kMapInstanceTypeOffset);
 
   class BodyDescriptor;
diff --git a/src/objects/map.tq b/src/objects/map.tq
index 590fac8d969..dcadae3285c 100644
--- a/src/objects/map.tq
+++ b/src/objects/map.tq
@@ -34,6 +34,10 @@ bitfield struct MapBitFields3 extends uint32 {
   construction_counter: int32: 3 bit;
 }
 
+bitfield struct MapHostBitFields extends uint32 {
+  is_host_delegate: bool: 1 bit;
+}
+
 extern class Map extends HeapObject {
   macro PrototypeInfo(): PrototypeInfo labels HasNoPrototypeInfo {
     typeswitch (this.transitions_or_prototype_info) {
@@ -65,8 +69,8 @@ extern class Map extends HeapObject {
   bit_field2: MapBitFields2;
   bit_field3: MapBitFields3;
 
-  @if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;
-  @ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void;
+  host_bit_field: MapHostBitFields;
+  optional_padding: void;
 
   prototype: JSReceiver|Null;
   constructor_or_back_pointer_or_native_context: Object;
diff --git a/src/objects/objects.cc b/src/objects/objects.cc
index 99446acd540..81c1e64a4e4 100644
--- a/src/objects/objects.cc
+++ b/src/objects/objects.cc
@@ -910,7 +910,12 @@ Handle<String> Object::TypeOf(Isolate* isolate, Handle<Object> object) {
   if (IsString(*object)) return isolate->factory()->string_string();
   if (IsSymbol(*object)) return isolate->factory()->symbol_string();
   if (IsBigInt(*object)) return isolate->factory()->bigint_string();
-  if (IsCallable(*object)) return isolate->factory()->function_string();
+  if (IsJSObject(*object)) {
+    Handle<JSObject> obj = Handle<JSObject>::cast(object);
+    if (obj->HasNamedInterceptor()) {
+      return obj->map()->is_host_delegate() ? isolate->factory()->function_string() : isolate->factory()->object_string();
+    }
+  }  if (IsCallable(*object)) return isolate->factory()->function_string();
   return isolate->factory()->object_string();
 }
 
diff --git a/src/objects/source-text-module.cc b/src/objects/source-text-module.cc
index 13890419a01..d25c6cd86b3 100644
--- a/src/objects/source-text-module.cc
+++ b/src/objects/source-text-module.cc
@@ -731,7 +731,8 @@ MaybeHandle<Object> SourceTextModule::Evaluate(
   try_catch.SetVerbose(false);
   try_catch.SetCaptureMessage(false);
   // TODO(verwaest): Return a bool from InnerModuleEvaluation instead?
-  if (InnerModuleEvaluation(isolate, module, &stack, &dfs_index).is_null()) {
+  Handle<Object> unused_result;
+  if (!InnerModuleEvaluation(isolate, module, &stack, &dfs_index).ToHandle(&unused_result)) {
     if (!module->MaybeHandleEvaluationException(isolate, &stack)) return {};
     CHECK(try_catch.HasCaught());
     //  d. Perform ! Call(capability.[[Reject]], undefined,
@@ -746,7 +747,7 @@ MaybeHandle<Object> SourceTextModule::Evaluate(
     if (!module->IsAsyncEvaluating()) {
       //   i. Perform ! Call(capability.[[Resolve]], undefined,
       //                     «undefined»).
-      JSPromise::Resolve(capability, isolate->factory()->undefined_value())
+      JSPromise::Resolve(capability, unused_result)
           .ToHandleChecked();
     }
 
@@ -759,7 +760,7 @@ MaybeHandle<Object> SourceTextModule::Evaluate(
 }
 
 Maybe<bool> SourceTextModule::AsyncModuleExecutionFulfilled(
-    Isolate* isolate, Handle<SourceTextModule> module) {
+    Isolate* isolate, Handle<SourceTextModule> module, Handle<Object> result) {
   // 1. If module.[[Status]] is evaluated, then
   if (module->status() == kErrored) {
     // a. Assert: module.[[EvaluationError]] is not empty.
@@ -783,7 +784,7 @@ Maybe<bool> SourceTextModule::AsyncModuleExecutionFulfilled(
     //                     «undefined»).
     Handle<JSPromise> capability(
         JSPromise::cast(module->top_level_capability()), isolate);
-    JSPromise::Resolve(capability, isolate->factory()->undefined_value())
+    JSPromise::Resolve(capability, result)
         .ToHandleChecked();
   }
 
@@ -848,7 +849,7 @@ Maybe<bool> SourceTextModule::AsyncModuleExecutionFulfilled(
           //                     undefined, «undefined»).
           Handle<JSPromise> capability(
               JSPromise::cast(m->top_level_capability()), isolate);
-          JSPromise::Resolve(capability, isolate->factory()->undefined_value())
+          JSPromise::Resolve(capability, unused_result)
               .ToHandleChecked();
         }
       }
@@ -1186,7 +1187,6 @@ MaybeHandle<Object> SourceTextModule::InnerModuleEvaluation(
   } else {
     // 15. Otherwise, perform ? module.ExecuteModule().
     MaybeHandle<Object> exception;
-    Handle<Object> result;
     if (!ExecuteModule(isolate, module, &exception).ToHandle(&result)) {
       if (!isolate->is_execution_terminating()) {
         isolate->Throw(*exception.ToHandleChecked());
diff --git a/src/objects/source-text-module.h b/src/objects/source-text-module.h
index 2a3249bf1b3..0e781fbe939 100644
--- a/src/objects/source-text-module.h
+++ b/src/objects/source-text-module.h
@@ -58,7 +58,7 @@ class SourceTextModule
   // with async SourceTextModules. Return Nothing if the execution is
   // terminated.
   static Maybe<bool> AsyncModuleExecutionFulfilled(
-      Isolate* isolate, Handle<SourceTextModule> module);
+      Isolate* isolate, Handle<SourceTextModule> module, Handle<Object> result);
   static void AsyncModuleExecutionRejected(Isolate* isolate,
                                            Handle<SourceTextModule> module,
                                            Handle<Object> exception);
diff --git a/src/objects/templates-inl.h b/src/objects/templates-inl.h
index 7bf87e10b82..e6a2457218c 100644
--- a/src/objects/templates-inl.h
+++ b/src/objects/templates-inl.h
@@ -186,6 +186,14 @@ void ObjectTemplateInfo::set_code_like(bool is_code_like) {
   return set_data(IsCodeKindBit::update(data(), is_code_like));
 }
 
+bool ObjectTemplateInfo::host_delegate() const {
+  return IsHostDelegateBit::decode(data());
+}
+
+void ObjectTemplateInfo::set_host_delegate(bool value) {
+  return set_data(IsHostDelegateBit::update(data(), value));
+}
+
 bool FunctionTemplateInfo::IsTemplateFor(Tagged<JSObject> object) const {
   return IsTemplateFor(object->map());
 }
diff --git a/src/objects/templates.h b/src/objects/templates.h
index 7eb35de4caf..be9850bf36e 100644
--- a/src/objects/templates.h
+++ b/src/objects/templates.h
@@ -211,6 +211,7 @@ class ObjectTemplateInfo
   DECL_INT_ACCESSORS(embedder_field_count)
   DECL_BOOLEAN_ACCESSORS(immutable_proto)
   DECL_BOOLEAN_ACCESSORS(code_like)
+  DECL_BOOLEAN_ACCESSORS(host_delegate)
 
   // Starting from given object template's constructor walk up the inheritance
   // chain till a function template that has an instance template is found.
diff --git a/src/objects/templates.tq b/src/objects/templates.tq
index e8a6c9cf209..786e41527be 100644
--- a/src/objects/templates.tq
+++ b/src/objects/templates.tq
@@ -71,7 +71,8 @@ extern class FunctionTemplateInfo extends TemplateInfo {
 bitfield struct ObjectTemplateInfoFlags extends uint31 {
   is_immutable_prototype: bool: 1 bit;
   is_code_kind: bool: 1 bit;
-  embedder_field_count: int32: 28 bit;
+  is_host_delegate: bool: 1 bit;
+  embedder_field_count: int32: 27 bit;
 }
 
 extern class ObjectTemplateInfo extends TemplateInfo {